FirstMile Ventures
FirstMile Ventures

Director of Governance, Risk and Compliance (GRC)



Arlington, VA, USA
Posted on Wednesday, November 15, 2023
Pax8 is the leading cloud-based technology marketplace, simplifying the cloud journey for our partners by integrating technology, business intelligence and proactive service to deliver an unparalleled experience. Serving thousands of partners through the indirect sales channel, our mission is to be the world’s favorite place to buy cloud products. We are a fast-growing, dynamic and high-energy startup organization, allowing you to make a meaningful impact on the business. Culture is important to us, and at Pax8, it’s business, and it IS personal. We are passionate, creative and humorously offbeat. We work hard, keep it fun, and expect the best.
We Elev8 each other. We Advoc8 for our partners. We Innov8 continuously. We Celebr8 life.

No matter who you are, Pax8 is a place you can call home. We know there’s no such thing as a “perfect" candidate, so we don’t look for the right "fit" – instead, we look for the add. We encourage you to apply for a role at Pax8 even if you don’t meet 100% of the bullet points. We believe in cultivating an environment with a diversity of perspectives, in hopes that we can all thrive in an inclusive environment.

We are only as great as our people. And we have great people all over the world. No matter where you live and work, you’re a part of the Pax8 team. This means embracing hybrid- and remote-work whenever possible.

Position Summary:

The Director of Governance, Risk and Compliance (GRC) is responsible for developing, implementing, and managing the company's GRC program. This includes overseeing all aspects of risk management, compliance, and organizational resilience. The ideal candidate will have a deep understanding of GRC best practices and a proven track record of success in implementing and managing GRC programs in complex organizations.

Essential Responsibilities:

  • Develop and implement a comprehensive GRC program that aligns with the company's overall business goals and risk tolerance.
  • Oversee the annual risk assessment process and develop and implement risk treatment plans.
  • Manage the company's resilience program, including business continuity, disaster recovery, and incident response.
  • Develop and manage security policies and standards.
  • Ensure appropriate controls are implemented throughout the environment to comply with security policies and standards.
  • Audit corporate processes for compliance to policies and standards.
  • Support external audit engagements for ISO, SOC 2 and other standards.
  • Respond to inbound security inquiries from partners, customers and other stakeholders.
  • Assess and manage vendor risk.
  • Develop and track security metrics.
  • Develop and deliver security training and awareness programs.
  • Partner closely with legal, human resources, and other business partners to ensure that GRC considerations are integrated into all aspects of the business

Ideal Skills, Experience, and Competencies:

  • 10+ years of experience in GRC or a related field, with at least 5 years in a leadership role.
  • Strong understanding of security frameworks and certifications, such as ISO 27001, SOC 2, and NIST Cybersecurity Framework (CSF).
  • Experience in developing and managing GRC programs in complex organizations.
  • Experience in risk management, compliance, resilience, security policy and standards, vendor risk management, security metrics, and security training and awareness.
  • Excellent communication and presentation skills.
  • Ability to work independently and as part of a team.

Required Education & Certifications:

  • B.A./B.S. in related field or equivalent work experience


  • Qualified candidates can expect a salary beginning at $153,000 or more depending on experience

#LI-Remote #LI-AG1 #BI-Remote #DICE-A

*Note: Compensation is benchmarked on local Denver Metro area market rates. Qualified candidates in other locations can expect a salary package that may be adjusted based off applicable cost of wages in their respective location.
At Pax8 we believe that your Total Rewards should include a benefits package that shows how much we value our greatest assets. All FTE Pax8 people enjoy the following benefits:
  • Non-Commissioned Bonus Plans or Variable Commission
  • 401(k) plan with employer match
  • Medical, Dental & Vision Insurance
  • Employee Assistance Program
  • Employer Paid Short & Long Term Disability, Life and AD&D Insurance
  • Flexible, Open Vacation
  • Paid Sick Time Off
  • Extended Leave for Life events
  • RTD Eco Pass (For local Colorado Employees)
  • Career Development Programs
  • Stock Option Eligibility
  • Employee-led Resource Groups

Pax8 is an EEOC Employer.