Senior Governance, Risk & Compliance Analyst

Pure Storage•Lehi, UT

7h•Onsite

About The Position

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry. This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us. THE ROLE As a Senior Governance, Risk & Compliance (GRC) Analyst, you will transform complex security and compliance requirements into streamlined processes that safeguard our customers and accelerate global growth. You’ll serve as a strategic bridge between technical teams and business functions—including Legal, Privacy, and Product—ensuring risks are visible and decisions are data-driven. By joining the Global Information Security Office, you’ll directly influence our risk posture and operational resilience in a high-scale, SaaS-driven environment.

Requirements

Risk & Framework Proficiency: Deep understanding of mapping business processes to frameworks like SOC 2, ISO 27001, or NIST, with the ability to translate technical security gaps into clear business impact (likelihood, impact, and operational implications).
Analytical Execution: Technical proficiency in building and managing GRC metrics, dashboards, and risk registers using tools like Jira or GRC platforms to identify trends and support objective decision-making.
Collaborative Influence: Exceptional communication skills used to align diverse stakeholders from Legal and Finance to Engineering on compliance goals and risk mitigation strategies across a global, SaaS-focused organization preferred.
Operational Resilience Expertise: Experience navigating third-party risk management and supply chain security within a shared-responsibility model to ensure continuous operational uptime and data protection.

Responsibilities

Drive Governance and Compliance Metrics and Visibility: Architect and maintain GRC dashboards to provide leadership with actionable insights, ensuring all key governance and compliance metrics are documented and actively managed.
Advance GRC Strategy & Automation: Collaborate with the Director of GRC to lead strategic GRC projects, drive process automation, and evaluate emerging technologies like AI to enhance GRC function efficiency and effectiveness.
Standardize Global Compliance: Manage the evolution of our Common Controls Framework (SOC 2, ISO, NIST) by mapping requirements to business processes, ensuring we meet regional and regulatory obligations while maintaining customer trust.
Manage Security Awareness & Training: Track and report on annual security training completion, partnering with stakeholders to ensure high adoption and enhance the global security awareness program.
Streamline Security Exception Workflows: Own the end-to-end security exception lifecycle within Jira, validating requests and supporting risk assessments to balance business velocity with necessary security guardrails.
Develop and Manage GRC Repositories: Consolidate and mature the Governance, Risk, and Compliance (GRC) program documentation into a repository. This central repository will house the GRC charter, links to policy library, risk framework, and compliance mappings (e.g., SOC 2, GDPR), serving leadership, control owners, employees, and auditors.