GRC Analyst

Summary

Join Pantheon as a Governance, Risk, and Compliance Analyst and play a key role in enhancing the company's Information Security Program. You will develop and implement security and operational controls, support annual SOC 2 assessments, contribute to risk management, and collaborate with teams to meet compliance needs. This role blends technical expertise with program development, ensuring a robust security and compliance posture. The position is remote, Canada-based, with a preference for candidates in Vancouver, BC or Toronto, ON. Responsibilities include managing and enhancing Pantheon's Information Security Program, providing oversight and support to business units, partnering with sales teams on security requests, conducting vendor due diligence, identifying and assessing enterprise risks, assisting with privacy compliance, and staying informed on regulatory updates. The ideal candidate will possess 3+ years of experience in governance, risk, and compliance roles within technical environments.

Requirements

• 3+ years of experience in governance, risk, and compliance roles, with a focus on technical environments
• Experience developing and recommending security and operational internal controls to Business Units and Process Owners (first line of defense)
• Experience conducting risk assessments and managing risk treatment strategies
• Familiarity with automation tools for compliance and evidence management
• Strong interpersonal skills to effectively collaborate with management and stakeholders across all levels of the organization
• Exceptional written and verbal communication skills, with a focus on clarity, conciseness, and precision
• Team-oriented mindset with a focus on contributing to shared success

Responsibilities

• Manage and enhance Pantheon’s Information Security Program in alignment with SOC 2 and other frameworks
• Provide oversight and support to our Business Units and Process Owners (the first Line of Defense) in managing risk and adhering to relevant regulatory frameworks such as SOC 2 and others
• Partner with the Sales & Sales Engineering teams to address due diligence security requests from current and prospective customers
• Conduct security due diligence on Pantheon’s vendors, ensuring compliance with Pantheon’s third party risk management requirements
• Identify, assess, and track enterprise risks, ensuring appropriate risk treatment aligned with Pantheon’s risk management strategy
• Assist with privacy compliance efforts (e.g., GDPR, CCPA) in collaboration with Legal and other stakeholders
• Stay informed of regulatory updates and industry best practices to evolve Pantheon’s security and compliance strategy

Preferred Qualifications

Hands-on experience coordinating SOC 2 Type 2 engagements and interacting with external auditors; PCI-DSS, ISO 27001, or StateRAMP experience is a plus

Benefits

• Industry competitive compensation and equity plan
• Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
• Full medical coverage (Extended health care, dental, vision)
• In-office workspace (Vancouver)
• Top-of-line equipment
• Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
• Events and activities both team-based and company wide that inspire, educate and cultivate