Security Risk Manager

Job Description

<p><p><b>About Pantheon</b><br/>Pantheon WebOps Platform powers the open web, running more than 300,000 sites in the cloud for customers including Google, Princeton, Salesloft, and Doctors Without Borders. Every day, thousands of developers and marketers create, iterate, and scale WordPress and Drupal sites to reach billions of people globally. Pantheon’s multitenant, container-based platform enables organizations to manage all of their websites from a single dashboard. Organizations, including Clorox and the United Nations, drive results through accelerated development and real-time publishing using Pantheon’s collaborative workflows.</p><p><b>The Role</b><br/>Drive technical risk excellence across Pantheon as a key member of our <b>Governance, Risk, and Compliance</b> (GRC) team. You'll collaborate with teams throughout the organization to transform security risk initiatives into sustainable programs that support our business growth, compliance requirements, and security objectives. By combining your risk expertise with program management skills, you'll help shape the future of Pantheon’s GRC strategy while solving complex challenges critical to Pantheon’s continued growth and success.</p><p><b>About The Team</b><br/>Our GRC team serves as the second line of defense and works closely with Information Security, IT, Product, Engineering, Legal and other departments to ensure comprehensive risk management across Pantheon. We create and maintain processes that identify, assess, and mitigate risk. The GRC team plays a vital role in supporting Pantheon’s commitment to delivering a secure, reliable, and available platform for our customers.</p><p><b>Remote – Canada-based</b><br/>We are only considering candidates based in Canada for this position, with a preference for those located in Vancouver, BC or Toronto, ON</p><p><b>What You Need To Succeed</b><br/></p><ul><li>Define the Risk Management Methodology: The Risk Manager is responsible for creating and documenting Pantheon’s overall approach to risk. This includes defining the criteria for what constitutes an acceptable level of risk (risk appetite), how to score the likelihood and impact of a risk, and how to ultimately treat those risks.</li><li>Lead the Risk Assessment Process: This is the most crucial part. The Risk Manager orchestrates and guides the process of identifying, analyzing, and evaluating all information security risks.</li><li>Develop the Risk Treatment Plan (RTP): Once risks are identified and assessed, the Risk Manager develops the formal plan for how to address each one.</li><ul><li>Modify: Implementing controls to reduce the risk.</li><li>Retain: Accepting the risk because it falls within the acceptable risk appetite.</li><li>Avoid: Stopping the activity that causes the risk.</li><li>Transfer: Shifting the risk to a third party, for example, through cyber insurance or outsourcing.</li></ul></ul><p><b>What You Bring to the Table</b><br/></p><ul><li>Risk Management Expertise: 6+ years of a strong background in formal risk management frameworks, such as ISO 27001/ISO 27005, NIST SP 800-30, or others.</li><li>Risk Registers Experience: Experienced in implementing and maintaining comprehensive risk registers and control inventories.</li><li>Communication & Collaboration: The ability to effectively and proactively work across teams (Information Security, IT, Product, Engineering, Legal, etc.) to gather information and ensure buy-in.</li><li>Analytical Skills: The ability to analyze data and make informed decisions about risk prioritization and treatment.</li><li>GRC’s Role: An understanding of GRC's role within broader security and risk management contexts.</li><li>GRC Tool Proficiency: Experience with GRC platforms (especially Vanta or OneTrust) can be a huge plus, as they can streamline documentation, evidence collection, and reporting.</li><li>Certifications: Certifications like CRISC (Certified in Risk and Information Systems Control) or ISO 27001 Lead Implementer are highly valuable as they demonstrate a proven understanding of the domain.</li></ul><p><b>What We Offer</b><br/></p><ul><li>Industry competitive compensation and equity plan</li><li>Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays</li><li>Full medical coverage (Extended health care, dental, vision)</li><li>In-office workspace (Vancouver)</li><li>Top-of-line equipment</li><li>Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development</li><li>Events and activities both team-based and company wide that inspire, educate and cultivate</li></ul><p>The Canadian base salary range for this position is between <b>127,454-142,500</b> CAD per year.</p><p>Pantheon is an equal opportunity/affirmative action employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities.</p></p> #J-18808-Ljbffr