GRC Analyst

GRC Analyst

Requirements

• 3+ years of experience in governance, risk, and compliance roles, with a focus on technical environments.
• Experience developing and recommending security and operational internal controls to Business Units and Process Owners (first line of defense).
• Hands-on experience coordinating SOC 2 Type 2 engagements and interacting with external auditors; PCI-DSS, ISO 27001, or StateRAMP experience is a plus.
• Experience conducting risk assessments and managing risk treatment strategies.
• Familiarity with automation tools for compliance and evidence management.
• Strong interpersonal skills to effectively collaborate with management and stakeholders across all levels of the organization.
• Exceptional written and verbal communication skills, with a focus on clarity, conciseness, and precision.
• Team-oriented mindset with a focus on contributing to shared success.

Responsibilities

• Manage and enhance Pantheon’s Information Security Program in alignment with SOC 2 and other frameworks.
• Provide oversight and support to our Business Units and Process Owners (the first Line of Defense) in managing risk and adhering to relevant regulatory frameworks such as SOC 2 and others.
• Partner with the Sales & Sales Engineering teams to address due diligence security requests from current and prospective customers.
• Conduct security due diligence on Pantheon’s vendors, ensuring compliance with Pantheon’s third party risk management requirements.
• Identify, assess, and track enterprise risks, ensuring appropriate risk treatment aligned with Pantheon’s risk management strategy.
• Assist with privacy compliance efforts (e.g., GDPR, CCPA) in collaboration with Legal and other stakeholders.
• Stay informed of regulatory updates and industry best practices to evolve Pantheon’s security and compliance strategy.

Preferred Qualifications

• PCI-DSS, ISO 27001, or StateRAMP experience is a plus.