Lead Compliance Analyst

HubSpot•Boston, MA

About The Position

About the Role HubSpot is seeking a Lead Compliance Analyst to play a critical role in our Product SOX Compliance program. This role focuses on ensuring new products and features are designed, launched, and operated in a SOX-compliant manner by partnering closely with Product and Engineering teams. You will be a senior individual contributor responsible for product compliance onboarding, high-risk control testing, and remediation support, helping shift SOX compliance from reactive audit response to proactive assurance. This role is ideal for a seasoned SOX or GRC professional who enjoys working deeply with technical teams, exercising strong judgment, and owning complex compliance workstreams. What You’ll Do Product SOX Compliance Onboarding & Readiness Lead compliance onboarding for new products, features, and major engineering changes. Review control design and operational readiness prior to Go-Live. Partner with Product and Engineering teams to identify SOX-relevant risks and ensure appropriate controls are in place early. Provide clear, actionable guidance to teams on control expectations and evidence requirements. High-Risk & Targeted Control Testing Execute deep-dive testing of high-risk SOX controls, including: user access and privilege management, change management, data integrity and financial reporting dependencies. Perform root-cause analysis when issues are identified. Document results clearly and defensibly for audit consumption. Remediation Partnership & Issue Management Work directly with Engineering, Product, and Finance partners to support remediation of control gaps. Validate corrective actions and ensure issues are fully resolved. Track recurring issues and surface systemic risks to leadership. Program Improvement & Scale Contribute to the evolution of product SOX onboarding frameworks, testing methodologies, and documentation standards. Identify opportunities to reduce manual effort through better design, standardization, or automation. Partner with Security Automation and Engineering teams to support programmatic compliance checks over time.

Requirements

7-12+ years of experience in SOX, IT Compliance, or Security GRC, preferably in a SaaS or technology-driven environment.
Strong hands-on experience with: SOX 404 control testing, control design and readiness assessments, issue remediation and audit support.
Experience partnering with product and engineering teams on compliance matters.
Ability to independently own complex compliance initiatives end-to-end.
Strong written and verbal communication skills.

Nice To Haves

Experience with product-centric or platform-based SOX programs.
Familiarity with SOC 1/2, ISO 27001, or NIST frameworks.
Comfort working in fast-paced, evolving technical environments.
Certifications such as CISA, CRISC, CISSP or equivalent experience.

Responsibilities

Lead compliance onboarding for new products, features, and major engineering changes.
Review control design and operational readiness prior to Go-Live.
Partner with Product and Engineering teams to identify SOX-relevant risks and ensure appropriate controls are in place early.
Provide clear, actionable guidance to teams on control expectations and evidence requirements.
Execute deep-dive testing of high-risk SOX controls, including: user access and privilege management, change management, data integrity and financial reporting dependencies.
Perform root-cause analysis when issues are identified.
Document results clearly and defensibly for audit consumption.
Work directly with Engineering, Product, and Finance partners to support remediation of control gaps.
Validate corrective actions and ensure issues are fully resolved.
Track recurring issues and surface systemic risks to leadership.
Contribute to the evolution of product SOX onboarding frameworks, testing methodologies, and documentation standards.
Identify opportunities to reduce manual effort through better design, standardization, or automation.
Partner with Security Automation and Engineering teams to support programmatic compliance checks over time.