Senior GRC Analyst

Summary

Join Pax8 as a Senior Technology Governance, Risk, and Compliance (GRC) Analyst and play a critical role in safeguarding our cloud-based platforms. You will identify and manage technology risks, support compliance initiatives, and ensure effective security controls. Collaborate with cross-functional teams to maintain compliance, support audits, and drive continuous improvement in our GRC program. The ideal candidate possesses a strong understanding of cloud-native technologies, SaaS delivery models, and regulatory frameworks like SOC 2, ISO 27001, and GDPR. This role demands analytical rigor, technical acumen, and business judgment to scale and mature our risk and compliance functions. Pax8 offers a dynamic, fast-paced environment and embraces hybrid and remote work.

Requirements

• 3-5 years in a technology GRC role
• Proven experience in running assessments and/or audits with demonstratable track record of driving improvements
• Compassionate Candor—We aim to assist others with candid, actionable feedback
• Seek to Understand—Be open, curious and committed to learning
• We Before Me—Actively collaborate and seek out diverse perspectives to ensure a win for Team Pax8
• Do What You Say—Take ownership and honor your commitments; prioritize and deliver
• Light Up Learning—Be brave and try new ideas; be vulnerable and share your failures so everyone can learn from our mistakes
• Driven by Passion—Connects personal passion to Pax8 mission, resilient in face of adversity and uncertainty in pursuit of mission
• B.A./B.S. in a related field or equivalent work experience

Responsibilities

• Conduct regular IT risk assessments to identify and mitigate technology and cybersecurity risks in a SaaS environment
• Perform control assessments to ensure alignment with internal policies, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, SOC 2)
• Maintain and update the GRC framework, ensuring it supports strategic business objectives and regulatory compliance for a cloud-native environment and DevSecOps practices
• Coordinate and support internal and external IT audits, including evidence collection, walkthroughs, and remediation tracking
• Facilitate and monitor the completion of risk treatment plans, working with business units to implement mitigation strategies
• Lead or support the incident response process, including documentation, root cause analysis, and post-incident reviews.  Includes on-call Incident Commander rotation (approximately 1 out of 6 weeks)
• Maintain the risk register, ensuring accurate and up-to-date records of all identified risks and mitigation actions
• Develop and deliver GRC training and awareness programs for staff, promoting a culture of risk-conscious behavior
• Track and report compliance metrics, risk trends, and audit findings to key stakeholders and leadership
• Collaborate with IT, security, legal, and business teams to assess and manage third-party/vendor risks
• Ensure timely updates and maintenance of policies, standards, and procedures related to IT risk and compliance
• Monitor and interpret emerging regulations and industry best practices, recommending changes to the GRC program as needed
• Participate in the development of business continuity and disaster recovery plans, ensuring alignment with risk management objectives
• Utilize GRC tools and platforms to streamline risk, compliance, and audit processes
• Provide ongoing support for special projects and initiatives related to cybersecurity, data privacy, and regulatory compliance

Preferred Qualifications

Technical background with a focus on SaaS and multi-tenant cloud platforms highly preferred

Benefits

• Non-Commissioned Bonus Plans or Variable Commission
• 401(k) plan with employer match
• Medical, Dental & Vision Insurance
• Employee Assistance Program
• Employer Paid Short & Long Term Disability, Life and AD&D Insurance
• Flexible, Open Vacation
• Paid Sick Time Off
• Extended Leave for Life events
• RTD Eco Pass (For local Colorado Employees)
• Career Development Programs
• Stock Option Eligibility
• Employee-led Resource Groups