Does the CSR need to be signed with the matching private key for the CA to validate it?
Yes. A PKCS #10 certificate request is always signed with the private key that matches the public key.
Is there a way where I can use PubKey1 to make the CSR (Without access to PrivKey1), but sign it with PrivKey2 to preserve integrity?
No. The reason the private key signs the CSR is to demonstrate to the CA that you have ownership of the private key that corresponds to the public key. If you sign with a different private key, the CA will reject your request as invalid.