Senior Third Party Risk & Controls Specialist

Location: Remote - USA

Department: Business Technology

About the Role

At HubSpot, we empower companies to grow better by building trusted relationships with their ideal customers through inbound marketing, sales, and service software. As a Senior Third Party Risk & Controls Specialist in our Business Technology team, you'll play a pivotal role in safeguarding our CRM platform and global operations against third-party risks. In this high-impact position, you'll lead efforts to assess and mitigate risks from vendors and partners that power HubSpot's innovative growth tools, ensuring our customers' data remains secure in an always-on, inbound-driven world. You'll thrive in our HEART-based culture (Humble, Empathetic, Adaptable, Remarkable, Transparent), collaborating with cross-functional teams to support our mission of helping millions of businesses grow. Your core responsibilities will include developing and executing a comprehensive third-party risk management program tailored to HubSpot's SaaS ecosystem. This involves conducting in-depth risk assessments, designing robust controls for integrations with CRM and marketing automation tools, and monitoring vendor performance to align with our compliance standards like SOC 2 and GDPR. You'll partner closely with security, legal, product, and engineering teams to identify emerging risks in our fast-scaling environment, providing actionable insights that enable bold, data-informed decisions. We're looking for a strategic thinker with deep expertise in risk frameworks and a passion for HubSpot's growth mindset. You'll report risk metrics to leadership, drive remediation initiatives, and foster a proactive risk culture that supports our unlimited PTO, flexible work policies, and commitment to employee well-being. Join us to make a remarkable impact on how the world grows better, one secure partnership at a time.

Key Responsibilities

• Lead the identification, assessment, and monitoring of third-party risks across HubSpot's Business Technology ecosystem
• Develop and maintain a robust third-party risk management framework aligned with HubSpot's CRM and inbound marketing operations
• Conduct due diligence, risk assessments, and continuous monitoring of vendors and partners
• Collaborate with legal, security, and product teams to ensure compliance with SOC 2, GDPR, and other regulations
• Design, implement, and test controls for third-party integrations impacting customer data and growth initiatives
• Provide risk advisory support to stakeholders in HubSpot's high-growth environment
• Report on third-party risk metrics and remediation progress to senior leadership
• Drive continuous improvement in risk processes to support HubSpot's culture of innovation and scalability
• Manage incident response and remediation for third-party related risks
• Stay current on emerging risks in SaaS, CRM, and digital marketing landscapes
• Facilitate training and awareness programs on third-party risk for Business Technology teams

Required Qualifications

• Bachelor's degree in Information Technology, Risk Management, Business Administration, or a related field
• 5+ years of experience in third-party risk management, vendor risk assessment, or IT controls in a technology or SaaS environment
• Proven experience with risk frameworks such as NIST, ISO 27001, SOC 2, or GDPR compliance
• Strong understanding of CRM systems, data privacy regulations, and inbound marketing data flows
• Experience conducting third-party audits, risk assessments, and control testing
• Demonstrated ability to collaborate cross-functionally in a fast-paced, growth-oriented culture
• Professional certifications such as CISA, CRISC, CISM, or equivalent
• Excellent analytical skills with the ability to assess and mitigate enterprise risks

Preferred Qualifications

• Experience in the SaaS or CRM industry, particularly with HubSpot or similar platforms
• Knowledge of inbound marketing ecosystems and customer data platforms
• Familiarity with HubSpot's growth culture and agile methodologies
• Advanced degree (MBA or Master's in Cybersecurity/Risk Management)
• Experience with GRC tools like RSA Archer, ServiceNow, or LogicGate
• Prior work in a global, distributed team environment

Required Skills

• Third-party risk assessment and management
• IT controls design and testing
• Risk frameworks (NIST, ISO 27001, SOC 2)
• CRM systems and data privacy (GDPR, CCPA)
• Vendor due diligence and contract review
• GRC platforms (e.g., ServiceNow, Archer)
• Analytical and problem-solving abilities
• Cross-functional collaboration
• Stakeholder communication and reporting
• Agile methodologies in growth environments
• Incident response and remediation
• Regulatory compliance expertise
• Data flow mapping for inbound marketing
• Project management
• Attention to detail
• Adaptability in fast-paced settings

Benefits

• Competitive salary and equity in a high-growth public company
• Comprehensive health, dental, and vision insurance with 100% premium coverage for employees
• Unlimited PTO and flexible work-from-anywhere policy
• 401(k) matching and employee stock purchase plan
• Professional development stipend and access to HubSpot Academy
• Parental leave (16 weeks fully paid) and family planning benefits
• Wellness programs including mental health support and gym reimbursements
• Quarterly stipends for home office setup and learning
• Vibrant culture with team offsites, volunteer days, and HEART values-driven recognition

HubSpot is an equal opportunity employer.