Senior GRC Analyst- Policies and Controls

Position Summary:

We are seeking a detail-oriented and proactive Senior Technology Governance, Risk, and Compliance (GRC) Analyst to join our growing organization. In this role, you will play a critical part in safeguarding our cloud-based platforms by identifying and managing technology risks, supporting compliance initiatives, and ensuring the effectiveness of security controls. You will collaborate cross-functionally with teams across engineering, security, technology services, legal, and customer success to maintain our compliance posture, support audits, and drive continuous improvement in our GRC program.

The ideal candidate has a strong understanding of cloud-native technologies, SaaS delivery models, and regulatory frameworks such as SOC 2, ISO 27001, and GDPR. This role requires a mix of analytical rigor, technical acumen, and business judgment to help scale and mature our risk and compliance functions in a dynamic, fast-paced environment.

Essential Responsibilities:

• Proven experience in Governance, Risk, and Compliance (GRC), with a focus on security policies, standards, and control implementation.
• In-depth knowledge of one or more major security frameworks: ISO 27001, SOC 2, or NIST (800-53, 800-171, or CSF).
• Proven experience drafting, maintaining, and rolling out security policies, standards, and procedures across a medium to large enterprise.
• Strong understanding of technical security controls, such as access management, encryption, vulnerability management, and endpoint protection.
• Ability to collaborate with engineering, security, and business teams to develop, train, and align technical controls with compliance and risk management requirements.
• Familiarity with GRC platforms or tools (e.g., LogicGate, OneTrust or similar).
• Excellent written and verbal communication skills, including the ability to simplify complex regulatory concepts for technical and non-technical audiences.
• Demonstrated ability to work independently, manage multiple priorities, and deliver high-quality work on time.
• Perform control assessments to ensure alignment with internal policies, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, SOC 2).
• Maintain and update the GRC framework, ensuring it supports strategic business objectives and regulatory compliance for a cloud-native environment and DevSecOps practices.
• Coordinate and support internal and external IT audits, including evidence collection, walkthroughs, and remediation tracking.
• Facilitate and monitor the completion of risk treatment plans, working with business units to implement mitigation strategies.
• Lead or support the incident response process, including documentation, root cause analysis, and post-incident reviews. Includes required on-call Incident Commander rotation (approximately 1 out of 6 weeks).
• Track and report compliance metrics, risk trends, and audit findings to key stakeholders and leadership.
• Monitor and interpret emerging regulations and industry best practices, recommending changes to the GRC program as needed.

Ideal Skills, Experience, and Competencies:

• 3-5 years in a technology GRC role.
• Technical background with a focus on SaaS and multi-tenant cloud platforms highly preferred.
• Proven experience in running assessments and/or audits with demonstratable track record of driving improvements.
• Relevant certifications preferred (e.g., CISSP, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor).

Required Behaviors:

• Compassionate Candour—We aim to assist others with candid, actionable feedback.
• Seek to Understand—Be open, curious and committed to learning.
• We Before Me—Actively collaborate and seek out diverse perspectives to ensure a win for Team Pax8.
• Do What You Say—Take ownership and honor your commitments; prioritize and deliver.
• Light Up Learning—Be brave and try new ideas; be vulnerable and share your failures so everyone can learn from our mistakes.
• Driven by Passion—Connects personal passion to Pax8 mission, resilient in face of adversity and uncertainty in pursuit of mission.

Required Education & Certifications:

• B.A./B.S. in a related field or equivalent work experience.

#LI-Remote #LI-AG1