Lead Product SOX Readiness
Own the SOX compliance onboarding and vetting process for new products, features, and major engineering changes.
Review and assess control design prior to Go-Live, ensuring SOX risks are identified and addressed early.
Partner closely with Product, Engineering, Finance, and Internal Audit to align on risk, controls, and launch readiness.
Manage & Develop the GRC Team
Lead and develop a team of GRC professionals focused on product compliance onboarding and control testing.
Set priorities, operating rhythms, and quality standards across the program.
Coach team members on risk-based judgment, stakeholder partnership, and execution excellence.
High-Risk & Continuous Control Testing
Oversee deep-dive testing of high-risk SOX controls, including access management, change management, and data integrity.
Ensure testing is rigorous, repeatable, and defensible to internal and external auditors.
Identify systemic control gaps and drive durable improvements.
Remediation & Audit Partnership
Partner with Product, Engineering, and Finance to drive timely remediation of control issues.
Track issues through resolution and validate corrective actions.
Serve as a key liaison for Internal and External Audit on product-related SOX matters.
Program Maturity & Scale
Define and track metrics for SOX readiness, control effectiveness, and remediation timelines.
Partner with Security Automation and Engineering teams to reduce manual testing through automation and monitoring.
Continuously evolve the program as HubSpot’s products and risk profile grow.

Requirements

10-15+ years of experience in SOX, IT Compliance, Security GRC, ideally in a public-company SaaS environment.
Deep hands-on experience with SOX 404 control design, testing, issue management, and audit readiness.
Proven experience supporting product and engineering organizations.
Demonstrated people-management experience with the ability to deliver through teams.
Strong judgment, communication, and cross-functional influence skills.
Experience with product-focused SOX or technology-heavy environments.
Familiarity with SOC 1/2, ISO 27001, ISO 42001 or NIST frameworks.
Certifications such as CISA, CRISC, CISSP, or equivalent experience.
Big 4 IT Auditing experience.

Benefits

Equity plan with restricted stock units (RSUs)
Overtime pay for eligible roles

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SOX compliancecontrol designcontrol testingissue managementaudit readinessrisk managementautomationdata integrityaccess managementchange management

Soft Skills

people managementcommunicationcross-functional influencerisk-based judgmentstakeholder partnershipexecution excellencecoachingprioritizationquality standardsoperating rhythms

Certifications

CISACRISCCISSP