GRC Analyst - Incident Management

Pax8

3d•Hybrid

About The Position

Join Pax8 as a GRC Analyst on the front line of security in one of the fastest-moving cloud marketplaces. This role is about being the calm voice during incidents and driving them to resolution. It's a career-defining early-career opportunity within Pax8’s Trust and Security organization, offering direct involvement in protecting partners, people, and the platform. You will be the first in this role to take the Incident Commander seat during US working hours, providing a unique chance to build and shape the function. Beyond incident response, you will engage in the broader GRC program, corrective actions, technology risk, and compliance frameworks like SOC 2, ISO 27001, and PCI DSS, gaining exposure to a modern, cloud-first business. This role is ideal for individuals energized by fast-moving environments, curious about security, and motivated to make a significant impact.

Requirements

Reasonable experience in security, IT, audit, compliance, or a related field (internships and rotational programs count).
Strong written and verbal communication skills.
Confidence to guide a room of senior stakeholders on the next right step.
Comfort with ambiguity and a bias for follow-through.
Judgement to know when to escalate issues.
Willingness to participate in a shared on-call rotation, including occasional nights and weekends.
A Bachelor’s degree in Cybersecurity, Information Systems, IT, Computer Science, or equivalent practical experience.
Valid right to work in the United States.

Nice To Haves

Exposure to SOC 2, ISO 27001, NIST CSF, or PCI DSS.
Familiarity with GRC, ticketing, or SIEM tooling (LogicGate, ServiceNow, Jira, SumoLogic).
Entry-level certifications such as Security+, SSCP, CISA, or Network+.
Experience in a SaaS, cloud, or MSP/channel environment.
Curiosity about AI and a willingness to explore its application in security.

Responsibilities

Lead Security incident response, stepping in as Incident Commander as part of a shared on-call rotation.
Triage, document, and coordinate response activities across engineering, IT, and security teams.
Maintain clear incident records, timelines, and post-incident reports, partnering with the response team to find root causes and drive remediation.
Sharpen runbooks for future incidents based on lessons learned.
Drive corrective actions arising from incidents, audits, and assessments, tracking open items and escalating when necessary.
Support evidence collection and control testing for SOC 2, ISO 27001, PCI DSS, and NIST CSF.
Maintain GRC tooling, policies, and control documentation.
Assist with business continuity and disaster recovery work.
Manage technology risk, including intake, assessment, and monitoring of risks across Pax8 systems and vendors.
Bring AI into the workflow to develop a high-performing operations organization that scales with Pax8.