GRC Analyst

About Pantheon

Pantheon WebOps Platform powers the open web, running more than 300,000 sites in the cloud for customers including Google, Princeton, Salesloft, and Doctors Without Borders. Every day, thousands of developers and marketers create, iterate, and scale WordPress and Drupal sites to reach billions of people globally. Pantheon’s multitenant, container-based platform enables organizations to manage all of their websites from a single dashboard. Organizations, including Clorox and the United Nations, drive results through accelerated development and real-time publishing using Pantheon’s collaborative workflows.

The Role

As a Governance, Risk, and Compliance Analyst, you will play a critical role in maturing Pantheon’s Information Security Program. You will help develop and implement security and operational controls, ensuring they align with industry best practices and regulatory frameworks. In this role, you will support our annual SOC 2 assessments, contribute to risk management efforts, and work collaboratively across teams to address compliance requirements. This position combines technical expertise with a focus on program development, helping Pantheon maintain a robust security and compliance posture

📍 Remote – Canada-based
We are only considering candidates based in Canada for this remote position, with a preference for those located in Vancouver, BC or Toronto, ON

What You Need to Succeed: 

• Manage and enhance Pantheon’s Information Security Program in alignment with SOC 2 and other frameworks.
• Provide oversight and support to our Business Units and Process Owners (the first Line of Defense) in managing risk and adhering to relevant regulatory frameworks such as SOC 2 and others.
• Partner with the Sales & Sales Engineering teams to address due diligence security requests from current and prospective customers.
• Conduct security due diligence on Pantheon’s vendors, ensuring compliance with Pantheon’s third party risk management requirements.
• Identify, assess, and track enterprise risks, ensuring appropriate risk treatment aligned with Pantheon’s risk management strategy.
• Assist with privacy compliance efforts (e.g., GDPR, CCPA) in collaboration with Legal and other stakeholders.
• Stay informed of regulatory updates and industry best practices to evolve Pantheon’s security and compliance strategy.

What You Bring to the Table

• 3+ years of experience in governance, risk, and compliance roles, with a focus on technical environments.
• Experience developing and recommending security and operational internal controls to Business Units and Process Owners (first line of defense).
• Hands-on experience coordinating SOC 2 Type 2 engagements and interacting with external auditors; PCI-DSS, ISO 27001, or StateRAMP experience is a plus.
• Experience conducting risk assessments and managing risk treatment strategies.
• Familiarity with automation tools for compliance and evidence management.
• Strong interpersonal skills to effectively collaborate with management and stakeholders across all levels of the organization.
• Exceptional written and verbal communication skills, with a focus on clarity, conciseness, and precision.
• Team-oriented mindset with a focus on contributing to shared success.

What We Offer

We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.

• Industry competitive compensation and equity plan
• Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
• Full medical coverage (Extended health care, dental, vision)
• In-office workspace (Vancouver)
• Top-of-line equipment
• Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
• Events and activities both team-based and company wide that inspire, educate and cultivate

The Canadian base salary range for this position is between 98,900-110,000 CAD per year. Our salary ranges are determined by role, level, and location. 

Pantheon is an equal opportunity/affirmative action employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law.  Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities.  If you need a reasonable accommodation due to a disability for any part of the interview process, please contact talent@pantheon.io.  Pursuant to local and federal regulations, Pantheon will consider qualified applicants with arrest and conviction records for employment.

To review the Employee and Applicant's Privacy Policy, click here.