Blue J Legal

Senior GRC Analyst

Blue J Legal$110K — $130K *
US-Anywhere
+ 2 other locationsRemote
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3-5 years in GRC or related roles with a proactive approach.
  • Experience with SOC 2 Type 2 audits.
  • Background in vendor due diligence and risk assessment.
  • Excellent communication skills, especially in simplifying compliance topics.
  • Experience in B2B SaaS, preferably in startup/scale-up environments.
  • Familiarity with compliance tools like Drata, Vanta, and Jira.
  • Ability to leverage AI tools to enhance workflows and efficiency.

Responsibilities

  • Execute security questionnaires to facilitate Sales.
  • Support the annual SOC 2 Type 2 audit and privacy regulation compliance.
  • Monitor AI-related laws and contribute to regulatory alignment.
  • Conduct vendor due diligence and risk assessments.
  • Maintain and enhance compliance policies and procedures.
  • Manage risk analysis, reporting on trends and treatment strategies.
  • Drive continuous improvement initiatives to reduce risk and improve processes.

Benefits

  • Unique opportunity to impact security and compliance early in the company's growth.
  • Mission-driven culture focusing on efficiency and clarity in tax research.
  • Flexibility to work remotely with occasional office meet-ups.
  • Collaborative team environment that values innovation and fun.
  • Exciting prospects in a fast-growing, well-funded company.
Full Job Description
A Note on Location

This role is primarily remote, with the expectation of occasional in-person meetings at our Toronto office and some travel for conferences.

The Opportunity

This is a unique opportunity to be the hands-on GRC analyst at a high-growth SaaS company that already operates at a strong external standard (SOC 2 Type 2) and sells to discerning legal, tax, and public-sector clients. You'll unblock deals, strengthen our privacy & security posture across multiple jurisdictions (Canada, US, UK/EU), and create the headroom for the team to improve processes without sacrificing day-to-day responsiveness.

What You'll be Doing

  • Security questionnaires / sales surveys end-to-end to help Sales move quickly and confidently.
  • Support our annual SOC 2 Type 2 activities (evidence collection, control monitoring, audit coordination) and applicable privacy regulation obligations (such as GDPR/UK GDPR, PIPEDA, CCPA/CPRA, etc.).
  • Monitor emerging AI-related laws and compliance frameworks to ensure Blue J remains aligned with evolving AI governance requirements; contribute to developing internal readiness in this rapidly growing regulatory space.
  • Perform vendor due diligence (new & existing vendors/sub-processors), assess risk, document findings, and track remediation; maintain the vendor inventory.
  • Maintain and improve policies & procedures (security, privacy, incident response, acceptable use, access, etc.), ensuring versions, ownership, and review cadence are clear.
  • Risk analysis & risk register: run/refresh risk assessments, rate risks, propose controls, and report on trends and treatment status.
  • Continuous improvement: identify pragmatic process upgrades that save time, reduce risk, and scale with growth while staying hands-on in daily execution.


What You Offer Blue J

  • 3-5 years in GRC or closely related roles, with a bias for action and comfort working as a doer in a lean team.
  • Proven experience with SOC 2 Type 2 audits.
  • Strong background in vendor due diligence/TPRM, policy management, and risk assessment.
  • Excellent written and verbal communication, including the ability to simplify complex compliance topics for customers and internal stakeholders.
  • Experience in B2B SaaS, ideally startup/scale-up environments serving regulated or enterprise customers.
  • Tooling familiarity with Drata, Vanta, and Jira, and other collaboration and compliance tools.
  • Comfortable leveraging AI tools and emerging technologies to drive efficiency, improve workflows, and stay ahead of industry trends.


What We Offer You

  • A rare opportunity to be an early team member shaping our security and compliance with visible business impact.
  • A mission-driven culture where your work directly advances clarity, efficiency, and accessibility in tax research.
  • Competitive base salary, stock options, and benefits designed to support you and your family.
  • Flexibility in how you work: primarily remote, with occasional travel to our Toronto office.
  • A collaborative, ambitious, and supportive team that values innovation, respect, and fun.
  • The excitement of a fast-growing, well-funded company with clear momentum, and the resources to back bold initiatives.


What to Expect in the Interview Process

We anticipate a high volume of applicants for this role and are excited to grow our team. A human will review each application and get back to you as soon as possible. We appreciate your patience and look forward to connecting with you!

Interview Process

  • Chat with Elli, Talent Acquisition Manager
  • Meet Mark, Senior Manager, GRC
  • Present your ideas to the team
  • Meet Brett, CTO
  • Meet Ben, CEO


How We Use AI in Our Hiring Process

To ensure transparency, we want candidates to know that Blue J uses AI-enabled tools within our applicant tracking system to help organize applications and highlight profiles that match the key requirements for each role.

AI does not make hiring decisions.

Every application is reviewed by a member of our Talent team, and all decisions throughout the process are made by humans.

We use these tools to support efficiency and consistency, not to replace human judgment and we're committed to a fair, thoughtful, and equitable experience for every candidate.

Compensation

The base pay range for this role is $110-$130k per year.

This is a Level 3 in Blue J's career level framework. We use levels to define the expected scope, autonomy, impact, decision-making, and experience for each role. Final compensation will be set fairly and thoughtfully based on experience, expertise, and alignment with the role's responsibilities. While all candidates are expected to bring directly relevant experience, the top of the range is typically reserved for individuals who demonstrate exceptional depth in the role's core competencies, a strong track record of impact in similar environments, and the ability to operate with a high degree of autonomy from day one.

About Blue J Legal

Blue J Legal is a legal technology company that uses artificial intelligence to help lawyers and tax professionals make better decisions. The company's software is designed to analyze legal and tax issues and provide accurate and reliable answers to complex questions. Blue J Legal's software is used by law firms, accounting firms, and corporations to improve their decision-making processes and reduce their legal and tax risks. Blue J Legal was founded in 2015 and is headquartered in Toronto, Canada.
Learn more about Blue J Legal
Size
50 employees
Industry
Founded
2015

Similar Jobs

More Jobs at Blue J Legal

More Information Technology Jobs

Find similar Senior GRC Analyst jobs: