Compliance Specialist

Summary

Join HubSpot's Compliance Assurance team as an IT audit, risk, and compliance professional. You will create and maintain IT security policies, analyze business risks, implement and monitor controls, coordinate audits, and collaborate with various stakeholders. The ideal candidate possesses a strong understanding of IT control fundamentals, relevant industry frameworks, and excellent communication skills. Experience in managing cross-functional projects and a CISA, CPA, CIA, or CISM certification are preferred. HubSpot offers a competitive salary, bonus targets, equity plan participation (for some roles), and potential overtime pay. The company values flexibility and connection, offering both remote and in-office work options.

Requirements

• Possess a working knowledge of industry-standard IT frameworks and regulations (e.g. NIST CSF, CIS, SOC 2, PCI DSS, and HIPAA, to name a few) and demonstrated ability to interpret and apply their requirements to novel system and process implementations
• Be knowledgeable about various operating systems, databases, networking technologies, service delivery implementations (including SaaS, IaaS, and PaaS), microservice and microdatabase architectures, and processes such as CI/CD, Agile, and SecDevOps
• Proficient in conducting IT risk assessments and developing mitigation strategies
• Are highly organized, have a relentless attention to detail and obsess over the quality of your work
• Are comfortable multi-tasking and performing multifaceted projects in conjunction with day-to-day operational activities
• Have excellent oral and written communication skills
• Are an extraordinary collaborator and possess the ability to form strong partnerships with key stakeholders from diverse areas of the business
• Demonstrate a continuous learning mindset and a willingness to stay current with industry best practices
• Are comfortable taking initiative and accepting responsibility for assigned tasks with minimal supervision
• Are service-oriented, yet assertive and persuasive
• Have 3-5 years of technical IT audit experience with standard internal IT controls such as access, change and operations management and ITACs
• Have hands-on experience in scoping, planning and executing audits and projects

Responsibilities

• Create and update internal policies, standards, and procedures related to IT security, data privacy and compliance frameworks (e.g. NIST CSF, CIS, SOC 2, PCI DSS, and HIPAA, to name a few)
• Proactively analyze potential risks within business processes and systems to provide stakeholders with best practice guidance and tailored control recommendations
• Oversee the implementation of controls and conduct assessments to evaluate the effectiveness of their design and operation
• Implement and manage tools and processes for the ongoing monitoring of IT controls and compliance status
• Serve as the central point of contact for audit coordination, organizing meetings and managing information flow between system/control owners and audit personnel
• Translate business and control requirements into the design of features and enhancements in our compliance tools
• Partner with project teams during system development and acquisition to provide advice on risk mitigation and control implementation
• Develop thorough documentation packages for new systems, businesses, or acquisitions, including detailed data mappings, process flow diagrams and control narratives
• Escalate issues to senior management, develop and negotiate remediation plans and track issues to resolution

Preferred Qualifications

Have a CISA, CPA, CIA, CISM or equivalent professional qualification

Benefits

• Cash compensation range: 104800-157200 USD Annually
• Base salary
• On-target commission for employees in eligible roles
• Annual bonus targets under HubSpot’s bonus plan for eligible roles
• HubSpot’s equity plan to receive restricted stock units (RSUs)
• Overtime pay
• Remote work options
• In-person onboarding and events (for some roles)