About You:

You’re a strategic, systems-level thinker who thrives at the intersection of technology, operations, and risk. You enjoy bringing structure to ambiguity and building programs that make organizations more resilient. You’re comfortable navigating complex technical environments, driving alignment across teams, and ensuring that when things go wrong, everyone knows what to do and how to recover. You’re excited by the challenge of turning business continuity from a compliance checkbox into a business enabler.

About Us:

The HubSpot Security team is dedicated to helping businesses grow better by safeguarding the systems and data that power our global CRM platform. With more than 125,000 customers in over 100 countries, HubSpot’s reliability and operational resilience are essential to our mission. At HubSpot, we don’t just plan for disruption — we prepare to recover better than before.

As part of the Security Program Management team, you’ll:

• Partner with leaders across Security, Infrastructure, Enterprise Risk, and Product to strengthen HubSpot’s resilience posture.
• Work cross-functionally with teams in Legal, Risk, Compliance, IT, and Engineering to define a unified BCDR strategy.
• Have the autonomy to design and execute a global Business Continuity & Disaster Recovery (BCDR) framework that grows with our business.
• Join a culture that values transparency, learning, and authenticity

Read more about our shared product principles here.

In this role you will…

• Develop and own HubSpot’s BCDR strategy and supporting documentation across both product and corporate environments.
• Conduct Business Impact Analyses (BIAs) to identify critical systems, processes, and dependencies, establishing clear recovery objectives (RTO/RPO).
• Perform a Crown Jewels assessment to identify and prioritize critical tools and systems requiring the strongest recovery controls.
• Facilitate alignment across Product, Company, and Flywheel stakeholders, ensuring all critical business operations are represented in continuity and recovery plans.
• Build and maintain BCDR playbooks that clearly define stakeholder roles, responsibilities, escalation paths, and recovery procedures.
• Lead structured, repeatable disaster recovery tests for internal systems and customer-facing products, including retrospectives and improvement plans.
• Develop and deliver BCDR training and awareness programs, ensuring employees understand their responsibilities during disruptions.
• Partner with the Incident Response team to identify resilience issues uncovered during incidents, track them to closure, and drive remediation to prevent recurrence.
• Define foundational program metrics to measure resilience readiness, stakeholder engagement, and policy compliance.
• Evolve program maturity metrics to provide insight into enterprise resilience risks and recovery capabilities.
• Integrate BCDR with Enterprise Risk Management (ERM) and Third-Party Risk programs to ensure alignment with top enterprise risks.
• Drive continuous improvement, ensuring lessons learned from incidents and exercises inform program evolution.

We are looking for people who have…

• Proven experience leading technical or operational resilience programs within a SaaS, cloud, or large distributed environment.
• Strong program and project management experience, with the ability to coordinate complex, multi-stakeholder initiatives.
• Familiarity with frameworks and standards such as ISO 27001, NIST, COBIT, or similar.
• A demonstrated ability to build programs from the ground up defining scope, milestones, and success metrics.
• Excellent communication and collaboration skills, with the ability to influence across technical and non-technical teams.
• Experience reporting to executive leadership on program progress, key risks, and readiness metrics, distilling complex topics into clear, data-driven insights.
• A track record of turning high-level risk concerns into actionable, measurable outcomes.
• Experience managing or facilitating BCDR testing, incident response coordination, or continuity planning at scale.
• Familiarity with SaaS architecture, cloud infrastructure (AWS/GCP), and operational dependencies.

Nice to have:

• Certification(s) such as CBCP, MBCI, PMP, CISM, or CISSP.
• Prior experience integrating BCDR with SOX, SOC2, or other compliance programs.
• Experience collaborating with external auditors or assessors (e.g., Deloitte, PwC).
• Hands-on experience using Asana (or similar tools like Jira or Smartsheet) to manage large-scale resilience or continuity projects

^POS-22154