Careers within the Foundry Network
0
Companies
0
Open Positions

Foundry has an expansive network of innovative companies that are constantly growing their teams. Explore the opportunities below.

Search 
jobs
Explore 
companies
Join talent network
Talent
My job alerts

Security Risk Manager

Pantheon

Pantheon

Operations
Vancouver, BC, Canada · Toronto, ON, Canada
CAD 127,454-142,500 / year
Posted on Oct 1, 2025
Apply now

About Pantheon

Pantheon WebOps Platform powers the open web, running more than 300,000 sites in the cloud for customers including Google, Princeton, Salesloft, and Doctors Without Borders. Every day, thousands of developers and marketers create, iterate, and scale WordPress and Drupal sites to reach billions of people globally. Pantheon’s multitenant, container-based platform enables organizations to manage all of their websites from a single dashboard. Organizations, including Clorox and the United Nations, drive results through accelerated development and real-time publishing using Pantheon’s collaborative workflows.

The Role

Drive technical risk excellence across Pantheon as a key member of our Governance, Risk, and Compliance (GRC) team. You'll collaborate with teams throughout the organization to transform security risk initiatives into sustainable programs that support our business growth, compliance requirements, and security objectives. By combining your risk expertise with program management skills, you'll help shape the future of Pantheon’s GRC strategy while solving complex challenges critical to Pantheon’s continued growth and success.

About The Team

Our GRC team serves as the second line of defense and works closely with Information Security, IT, Product, Engineering, Legal and other departments to ensure comprehensive risk management across Pantheon. We create and maintain processes that identify, assess, and mitigate risk. The GRC team plays a vital role in supporting Pantheon’s commitment to delivering a secure, reliable, and available platform for our customers.

📍 Remote – Canada-based
We are only considering candidates based in Canada for this position, with a preference for those located in Vancouver, BC or Toronto, ON

What You Need to Succeed:

  • Define the Risk Management Methodology: The Risk Manager is responsible for creating and documenting Pantheon’s overall approach to risk. This includes defining the criteria for what constitutes an acceptable level of risk ("risk appetite"), how to score the likelihood and impact of a risk, and how to ultimately treat those risks. This ensures everyone in the organization is on the same page and using a consistent process.
  • Lead the Risk Assessment Process: This is the most crucial part. The Risk Manager orchestrates and guides the process of identifying, analyzing, and evaluating all information security risks. This individual ensures that all assets—from data and software to physical devices and intellectual property—are considered. The Risk Manager works with different departments to identify potential threats and vulnerabilities.
  • Develop the Risk Treatment Plan (RTP): Once risks are identified and assessed, the Risk Manager develops the formal plan for how to address each one. ISO 27001 gives four main options for risk treatment:
    • Modify: Implementing controls to reduce the risk. This is the most common option.
    • Retain: Accepting the risk because it falls within the acceptable risk appetite.
    • Avoid: Stopping the activity that causes the risk.
    • Transfer: Shifting the risk to a third party, for example, through cyber insurance or outsourcing.

The Risk Manager documents these treatment option decisions and ensures each risk has a designated "risk owner" who is accountable for its treatment.

  • Create the Statement of Applicability (SoA): This is a critical document for ISO 27001 certification. The Risk Manager is responsible for compiling the SoA, which details all the controls from ISO 27002 that Pantheon has selected to mitigate its identified risks. The SoA also includes justifications for any controls that were deemed unnecessary and not included.
  • Monitor and Report: The Risk Manager continuously monitors the effectiveness of the implemented controls and the overall risk environment. The individual provides regular reports to the Director of GRC on Pantheon’s risk posture, any new or emerging threats, and the status of the risk treatment plan. This ensures that the ISO 27001 Information Security Management System (ISMS) is always evolving to meet new challenges.
  • Maintain Risk-Related Documentation: A significant part of the Risk Manager's job is maintaining all the necessary documentation, including the risk register, the risk treatment plan, and the statement of applicability. This is essential for a smooth audit process.

What You Bring to the Table

  • Risk Management Expertise: 6+ years of a strong background in formal risk management frameworks, such as ISO 27001/ISO 27005, NIST SP 800-30, or others.
  • RIsk Registers Experience: Experienced in implementing and maintaining comprehensive risk registers and control inventories.
  • Communication & Collaboration: The ability to effectively and proactively work across teams (Information Security, IT, Product, Engineering, Legal, etc.) to gather information and ensure buy-in.
  • Analytical Skills: The ability to analyze data and make informed decisions about risk prioritization and treatment.
  • GRC’s Role: An understanding of GRC's role within broader security and risk management contexts.
  • GRC Tool Proficiency: Experience with GRC platforms (especially Vanta or OneTrust) can be a huge plus, as they can streamline documentation, evidence collection, and reporting.
  • Certifications: Certifications like CRISC (Certified in Risk and Information Systems Control) or ISO 27001 Lead Implementer are highly valuable as they demonstrate a proven understanding of the domain.

What We Offer

We have all the usual perks and benefits but what we can really offer you is a fantastic work environment powered by an amazing team.

  • Industry competitive compensation and equity plan
  • Paid Time Off (PTO), Paid Sick Leave (PSL) and 11 Paid Company Holidays
  • Full medical coverage (Extended health care, dental, vision)
  • In-office workspace (Vancouver)
  • Top-of-line equipment
  • Monthly allowance for wellness, reading and access to LinkedIn Learning for continued development
  • Events and activities both team-based and company wide that inspire, educate and cultivate

The Canadian base salary range for this position is between 127,454-142,500 CAD per year. Our salary ranges are determined by role, level, and location.

Pantheon is an equal opportunity/affirmative action employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law. Pantheon complies with federal and local disability laws and makes reasonable accommodations for applicants and employees with disabilities. If you need a reasonable accommodation due to a disability for any part of the interview process, please contact talent@pantheon.io. Pursuant to local and federal regulations, Pantheon will consider qualified applicants with arrest and conviction records for employment.

To review the Employee and Applicant's Privacy Policy, click here.

Apply now
See more open positions at Pantheon
Privacy policyCookie policy