Senior Analyst, Open Source Software (OSS) Compliance

Spec IT Asset Management - IT07DE
We're determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals - and to help others accomplish theirs, too. Join our team as we help shape the future.

Open-source software is a key part of The Hartford's technology stack, and managing it is critical to our SAM maturity journey. The Senior Analyst, OSS Compliance will serve as the subject matter expert for all open-source software assets, ensuring we have complete visibility into OSS usage and that we comply with all license requirements. In this role, you will build out The Hartford's OSS inventory and governance practice as part of the SAM program, integrating it with our broader asset management processes.

This is a new and highly visible role on the SAM team, ideal for a candidate with deep knowledge of open-source licensing and a passion for establishing best-in-class compliance controls. Your contributions will help The Hartford stay compliant with open source policies, ensure no open-source component is overlooked, and enable the company to safely and efficiently leverage open source in achieving its business goals.

This role will have a Hybrid work schedule, with the expectation of working in an office (Columbus, OH, Chicago, IL, Hartford, CT or Charlotte, NC) 3 days a week (Tuesday through Thursday).

Key Responsibilities:

• OSS Inventory & Tracking: Develop and maintain a comprehensive inventory of all open-source software components used across The Hartford's applications and environments. Continuously update the OSS inventory through scans, developer inputs, and integration with build pipelines.
• License Compliance Management: Monitor and enforce compliance with OSS license terms and usage policies. For each OSS component, verify that usage meets the license obligations (e.g., attribution, source code availability). Work with the Security team to proactively flag any OSS licenses that pose legal or security risks (e.g., copyleft licenses) and drive the approval or remediation process (up to and including removal or purchase of support if required). Maintain an OSS compliance dashboard to give visibility into the organization's OSS risk posture.
• Governance & Policy Enforcement: Serve as the primary owner of The Hartford's OSS usage policy and related documentation. Update and refine OSS governance documents (license compliance guidelines, approval workflows for new OSS, exception handling procedures) and ensure they are communicated and adhered to across IT. Conduct training or info-sessions for development teams on OSS compliance best practices. When needed, lead the review of new OSS requests or license exceptions through a governance board, providing recommendations based on risk and alignment with policy.
• Cross-Functional Collaboration: Act as a liaison between the SAM team and multiple stakeholders on OSS matters. Work closely with software engineering teams to guide them in selecting OSS components that meet policy; partner with Legal and Risk departments to interpret license terms and handle any external inquiries or disputes; coordinate with Procurement/ITAM if any OSS requires support contracts or if we transition from OSS to commercial alternatives. This cross-functional work ensures OSS efforts are aligned with overall IT asset management and risk management processes.
• Reporting & Continuous Improvement: Track key metrics around OSS usage and compliance. Regularly report on OSS compliance status to SAM leadership and governance bodies. Use these insights to suggest improvements to our tooling or processes - for example, enhancing our SAM Pro configuration to better accommodate OSS data, or improving automation for license obligation checks. Stay current on trends in open-source licensing and tooling (such as new regulations or community best practices) and update The Hartford's approach accordingly.

• Education & Experience: Bachelor's degree in Computer Science, Software Engineering, Information Security, or related field. 5+ years of experience in software asset management, open-source compliance, or a related field (such as DevSecOps or software license management), with a significant focus on managing open-source software.
• Open Source License Expertise: In-depth understanding of open-source licenses and their implications. Proven experience auditing or governing open-source usage in a corporate setting - you should be able to cite examples of detecting a non-compliant OSS usage and resolving it (e.g., removing a component or altering use to comply with license). Familiarity with legal considerations of open source and how to document compliance is important.
• Tools & Technical Skills: Hands-on experience with ServiceNow SAM Pro or similar asset management tools, particularly in tracking software components and licenses. Comfortable with querying data and using reporting tools (PowerBI) to analyze software inventory information. Basic understanding of development pipelines and how OSS libraries are introduced (to effectively integrate compliance checks).
• Analytical & Problem-Solving: Strong analytical skills to identify compliance issues from large datasets of components and dependencies. Attention to detail in reviewing license text and usage conditions. Ability to assess risk levels of OSS components and make based on that analysis.
• Collaboration & Communication: Excellent communication skills, especially in translating complex license requirements into clear guidance for developers and stakeholders. Experience working cross-functionally. Must be able to influence and educate others who may not have a compliance background, gaining their buy-in for necessary controls.
• Initiative & Continuous Learning: Self-starter mindset with enthusiasm for building a function from the ground up. Passionate about open source and stays updated on the latest developments in OSS licensing, tools, and community practices. Able to proactively improve processes and policies without always having a pre-existing template.