Senior Governance, Risk & Compliance Analyst

We’re in an unbelievably exciting area of tech and are fundamentally reshaping the data storage industry. Here, you lead with innovative thinking, grow along with us, and join the smartest team in the industry. This type of work—work that changes the world—is what the tech industry was founded on. So, if you're ready to seize the endless opportunities and leave your mark, come join us. THE ROLE As a Senior Governance, Risk Compliance (GRC) Analyst, you will transform complex security and compliance requirements into streamlined processes that safeguard our customers and accelerate global growth. You’ll serve as a strategic bridge between technical teams and business functions—including Legal, Privacy, and Product—ensuring risks are visible and decisions are data-driven. By joining the Global Information Security Office, you’ll directly influence our risk posture and operational resilience in a high-scale, SaaS-driven environment. WHAT YOU’LL DO Drive Governance and Compliance Metrics and Visibility: Architect and maintain GRC dashboards to provide leadership with actionable insights, ensuring all key governance and compliance metrics are documented and actively managed. Advance GRC Strategy Automation: Collaborate with the Director of GRC to lead strategic GRC projects, drive process automation, and evaluate emerging technologies like AI to enhance GRC function efficiency and effectiveness. Standardize Global Compliance: Manage the evolution of our Common Controls Framework (SOC 2, ISO, NIST) by mapping requirements to business processes, ensuring we meet regional and regulatory obligations while maintaining customer trust. Manage Security Awareness Training: Track and report on annual security training completion, partnering with stakeholders to ensure high adoption and enhance the global security awareness program. Streamline Security Exception Workflows: Own the end-to-end security exception lifecycle within Jira, validating requests and supporting risk assessments to balance business velocity with necessary security guardrails. Develop and Manage GRC Repositories: Consolidate and mature the Governance, Risk, and Compliance (GRC) program documentation into a repository. This central repository will house the GRC charter, links to policy library, risk framework, and compliance mappings (e.g., SOC 2, GDPR), serving leadership, control owners, employees, and auditors. WHAT YOU BRING Risk Framework Proficiency: Deep understanding of mapping business processes to frameworks like SOC 2, ISO 27001, or NIST, with the ability to translate technical security gaps into clear business impact (likelihood, impact, and operational implications). Analytical Execution: Technical proficiency in building and managing GRC metrics, dashboards, and risk registers using tools like Jira or GRC platforms to identify trends and support objective decision-making. Collaborative Influence: Exceptional communication skills used to align diverse stakeholders from Legal and Finance to Engineering on compliance goals and risk mitigation strategies across a global, SaaS-focused organization preferred. Operational Resilience Expertise: Experience navigating third-party risk management and supply chain security within a shared-responsibility model to ensure continuous operational uptime and data protection. We are primarily an in-office environment and therefore, you will be expected to work from the Lehi, Utah office in compliance with Pure’s policies, unless you are on PTO, or work travel, or other approved leave. #LI-ONSITE #LI-KQ1 Salary ranges are determined based on role, level and location. For positions open to candidates in multiple geographical locations, the base salary range is reflective of the labor market across the applicable locations. This role may be eligible for incentive pay and/or equity. There is no application deadline and we accept applications on an ongoing basis until the job is filled. The annual ba ... (truncated, view full listing at source)