Compliance Specialist

Summary

Join HubSpot's Compliance Assurance team as an IT audit, risk, and compliance professional. You will create and update internal policies, proactively analyze risks, oversee control implementation, and serve as the central point of contact for audit coordination. Collaborate with various stakeholders, translate business requirements into compliance tool enhancements, and develop documentation packages. The ideal candidate possesses a strong understanding of IT control fundamentals, IT frameworks and regulations, and experience in IT risk assessments. This role requires excellent communication and collaboration skills and a continuous learning mindset. HubSpot offers a competitive compensation package and benefits.

Requirements

• Possess a working knowledge of industry-standard IT frameworks and regulations (e.g. NIST CSF, CIS, SOC 2, PCI DSS, and HIPAA, to name a few) and demonstrated ability to interpret and apply their requirements to novel system and process implementations
• Be knowledgeable about various operating systems, databases, networking technologies, service delivery implementations (including SaaS, IaaS, and PaaS), microservice and microdatabase architectures, and processes such as CI/CD, Agile, and SecDevOps
• Proficient in conducting IT risk assessments and developing mitigation strategies
• Are highly organized, have a relentless attention to detail and obsess over the quality of your work
• Are comfortable multi-tasking and performing multifaceted projects in conjunction with day-to-day operational activities
• Have excellent oral and written communication skills
• Are an extraordinary collaborator and possess the ability to form strong partnerships with key stakeholders from diverse areas of the business
• Demonstrate a continuous learning mindset and a willingness to stay current with industry best practices
• Are comfortable taking initiative and accepting responsibility for assigned tasks with minimal supervision
• Are service-oriented, yet assertive and persuasive
• Have 3-5 years of technical IT audit experience with standard internal IT controls such as access, change and operations management and ITACs
• Have hands-on experience in scoping, planning and executing audits and projects

Responsibilities

• Create and update internal policies, standards, and procedures related to IT security, data privacy and compliance frameworks (e.g. NIST CSF, CIS, SOC 2, PCI DSS, and HIPAA, to name a few)
• Proactively analyze potential risks within business processes and systems to provide stakeholders with best practice guidance and tailored control recommendations
• Oversee the implementation of controls and conduct assessments to evaluate the effectiveness of their design and operation
• Implement and manage tools and processes for the ongoing monitoring of IT controls and compliance status
• Serve as the central point of contact for audit coordination, organizing meetings and managing information flow between system/control owners and audit personnel
• Translate business and control requirements into the design of features and enhancements in our compliance tools
• Partner with project teams during system development and acquisition to provide advice on risk mitigation and control implementation
• Develop thorough documentation packages for new systems, businesses, or acquisitions, including detailed data mappings, process flow diagrams and control narratives
• Escalate issues to senior management, develop and negotiate remediation plans and track issues to resolution

Preferred Qualifications

Have a CISA, CPA, CIA, CISM or equivalent professional qualification

Benefits

• Cash compensation range: 104800-157200 USD Annually
• Base salary
• On-target commission for employees in eligible roles
• Annual bonus targets under HubSpot’s bonus plan for eligible roles
• HubSpot’s equity plan to receive restricted stock units (RSUs)
• Overtime pay