Senior GRC Analyst

About Pattern:

Pattern is the leader in global e-commerce and marketplace acceleration, headquartered in Utah's Silicon Slopes tech hub—with offices in Asia, Australia, Europe, and the Middle East. Hundreds of global brands rely on the company’s e-commerce acceleration platform to grow their online sales on direct-to-consumer websites, online marketplaces, and other digital channels in more than 60 countries, all while managing fulfillment and logistics. With last year's revenue exceeding $1 Billion, Pattern has been named one of the fastest growing tech companies in North America by Deloitte and one of best-led companies by Inc. We place employee experience at the center of our business model and have been recognized as one of Newsweek’s Global Most Loved Workplaces®.

Role Overview

As a GRC Analyst, you will play a critical role in strengthening the security, risk, and compliance posture of our SaaS-based eCommerce acceleration platform.
You will collaborate closely with Engineering, Product, and Legal teams to ensure adherence to regulatory, contractual, and customer-driven compliance requirements, including those related to the responsible and secure use of AI-enabled technologies. This role supports the delivery of a secure, scalable, and highly available cloud environment by contributing to audit readiness, control design and testing, policy and standards development, and continuous compliance monitoring. You will also help support emerging AI governance initiatives by assisting with risk assessments, documentation, and oversight of AI usage across the organization.

Key Responsibilities:
• Support security and compliance initiatives aligned with industry frameworks including SOC 2, ISO/IEC 27001, ISO 27701, NIST CSF, NIST SP 800-53, CIS Controls, and CSA CCM.
• Assist in the execution of security, privacy, and risk assessments across cloud infrastructure, applications, and third-party vendors.
• Participate in external and internal audits, including SOC 1/2, ISO certification audits, customer audits, and internal risk reviews.
• Coordinate audit readiness activities, including evidence collection, control mapping, walkthroughs, and remediation tracking.
• Support compliance with privacy and data protection regulations, such as GDPR, CCPA/CPRA, and other global privacy laws, in partnership with Legal and Product teams.
• Contribute to the development, maintenance, and review of security policies, standards, procedures, and risk registers.
• Assist in identifying and assessing AI-related risks, such as data privacy, model bias, explainability, security misuse, and third-party AI dependencies.
• Support compliance efforts related to emerging AI regulations and standards, including EU AI Act, NIST AI Risk Management Framework (AI RMF), ISO/IEC 23894, and ISO/IEC 42001.
• Assist with third-party risk management (TPRM), including vendor assessments, due diligence reviews, and risk reporting.
• Assist with documentation and evidence collection for AI governance controls during internal, customer, and regulatory audits.
• Collaborate with Engineering and Product teams to ensure secure and responsible use of generative AI tools across the organization.
• Manage and continuously improve the internal security awareness and phishing simulation program.

Required Qualifications:
• 3–5 years of experience in GRC, information security, risk management, and IT audit, preferably in a SaaS or cloud-native environment.
• Strong understanding of IT security principles and technologies, as well as experience with cloud computing environments.
• Working knowledge of emerging AI standards and frameworks such as NIST AI RMF, ISO/IEC 42001, and OECD AI Principles.
• Familiarity with international and domestic compliance regulations,AI governance and risk management concepts, cybersecurity frameworks, and industry best practices.
• Experience supporting security, privacy, and compliance audits, including evidence collection and auditor interaction.
• Ability to interpret technical controls and translate them into compliance and risk documentation.
• Strong documentation, analytical, and communication skills.
• Professional certifications such as CRISC, CCSK or similar are highly desirable.
• Ability to communicate technical risk and compliance requirements clearly to engineering and non-technical stakeholders.

What Success looks Like:
• Security and privacy controls are clearly documented, tested, and consistently implemented across the platform.
• Risks and compliance gaps are identified early, tracked effectively, and remediated in partnership with technical teams.
• Compliance processes scale smoothly alongside platform growth and new customer requirements
• Stakeholders view GRC as a trusted, enabling function rather than a blocker.

Career Growth and Team Environment:
• You will join a collaborative, security-focused team that values learning, technical depth, and continuous improvement. This role offers exposure to a broad range of security, privacy, cloud, and audit domains, providing a strong foundation for career growth into senior GRC, risk management, or security leadership roles. You will work closely with experienced engineers and security professionals while gaining hands-on experience in a fast-paced SaaS environment supporting enterprise-scale eCommerce operations. If you’re passionate about strengthening governance, risk, and compliance programs including responsible AI governance while enabling secure and scalable SaaS platforms, we’d love to have you join us at Pattern.