Lead hands-on GRC activities for a high-growth B2B SaaS company: manage security questionnaires, support SOC 2 Type 2 audits, maintain privacy compliance across jurisdictions, run vendor due diligence and risk assessments, improve policies and controls, monitor AI-related regulations, and drive pragmatic process improvements to scale security and compliance.
About Blue J
A Note on Location
The Opportunity
What You’ll be Doing
What You Offer Blue J
What We Offer You
The Core Values that Define Our Culture
What to Expect in the Interview Process
Interview Process
How We Use AI in Our Hiring Process
Compensation
Blue J is the leading generative AI solution for tax professionals and one of Canada's fastest-growing AI companies. Headquartered in Toronto, we're a high-growth B2B SaaS company building industry-leading tax research software that helps accountants find accurate answers to complex tax questions with greater speed and confidence.
Backed by a $122M USD Series D funding round, we're scaling rapidly across North America and the UK while continuing to push the boundaries of what's possible with AI. By combining advanced technology with deep tax expertise, we empower tax professionals to work more efficiently, make better decisions, and deliver greater value to their clients.
This role is primarily remote, with the expectation of occasional in-person meetings at our Toronto office and some travel for conferences.
This is a unique opportunity to be the hands-on GRC analyst at a high‑growth SaaS company that already operates at a strong external standard (SOC 2 Type 2) and sells to discerning legal, tax, and public‑sector clients. You’ll unblock deals, strengthen our privacy & security posture across multiple jurisdictions (Canada, US, UK/EU), and create the headroom for the team to improve processes without sacrificing day‑to‑day responsiveness.
- Security questionnaires / sales surveys end‑to‑end to help Sales move quickly and confidently.
- Support our annual SOC 2 Type 2 activities (evidence collection, control monitoring, audit coordination) and applicable privacy regulation obligations (such as GDPR/UK GDPR, PIPEDA, CCPA/CPRA, etc.).
- Monitor emerging AI-related laws and compliance frameworks to ensure Blue J remains aligned with evolving AI governance requirements; contribute to developing internal readiness in this rapidly growing regulatory space.
- Perform vendor due diligence (new & existing vendors/sub‑processors), assess risk, document findings, and track remediation; maintain the vendor inventory.
- Maintain and improve policies & procedures (security, privacy, incident response, acceptable use, access, etc.), ensuring versions, ownership, and review cadence are clear.
- Risk analysis & risk register: run/refresh risk assessments, rate risks, propose controls, and report on trends and treatment status.
- Continuous improvement: identify pragmatic process upgrades that save time, reduce risk, and scale with growth while staying hands‑on in daily execution.
- 3-5 years in GRC or closely related roles, with a bias for action and comfort working as a doer in a lean team.
- Proven experience with SOC 2 Type 2 audits.
- Strong background in vendor due diligence/TPRM, policy management, and risk assessment.
- Excellent written and verbal communication, including the ability to simplify complex compliance topics for customers and internal stakeholders.
- Experience in B2B SaaS, ideally startup/scale‑up environments serving regulated or enterprise customers.
- Tooling familiarity with Drata, Vanta, and Jira, and other collaboration and compliance tools.
- Comfortable leveraging AI tools and emerging technologies to drive efficiency, improve workflows, and stay ahead of industry trends.
- A rare opportunity to be an early team member shaping our security and compliance with visible business impact.
- A mission-driven culture where your work directly advances clarity, efficiency, and accessibility in tax research.
- Competitive base salary, stock options, and benefits designed to support you and your family.
- Flexibility in how you work: primarily remote, with occasional travel to our Toronto office.
- A collaborative, ambitious, and supportive team that values innovation, respect, and fun.
- The excitement of a fast-growing, well-funded company with clear momentum, and the resources to back bold initiatives.
- We are customer-focused
- We put the team interest before self-interest
- We are pleasant and playful
- We are open to better ideas
- We deliver on our promises
- We solve the toughest problems
We anticipate a high volume of applicants for this role and are excited to grow our team. A human will review each application and get back to you as soon as possible. We appreciate your patience and look forward to connecting with you!
- Chat with Elli, Talent Acquisition Manager
- Meet Mark, Senior Manager, GRC
- Present your ideas to the team
- Meet Brett, CTO
- Meet Ben, CEO
We believe our strength is built on diversity of thought, and encourage candidates from all backgrounds and experiences to apply. We value inclusiveness and are an equal opportunity employer. We do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
We strive to create an inclusive and accessible hiring experience for all candidates. If you need any accommodations during the interview process, please let us know in your application. Our team is dedicated to providing the necessary support and making reasonable adjustments to ensure a smooth process for everyone.
To ensure transparency, we want candidates to know that Blue J uses AI-enabled tools within our applicant tracking system to help organize applications and highlight profiles that match the key requirements for each role.
AI does not make hiring decisions.
Every application is reviewed by a member of our Talent team, and all decisions throughout the process are made by humans.
We use these tools to support efficiency and consistency, not to replace human judgment and we’re committed to a fair, thoughtful, and equitable experience for every candidate.
Compensation
The base pay range for this role is $110-$130k per year.
This is a Level 3 in Blue J’s career level framework. We use levels to define the expected scope, autonomy, impact, decision-making, and experience for each role. Final compensation will be set fairly and thoughtfully based on experience, expertise, and alignment with the role’s responsibilities. While all candidates are expected to bring directly relevant experience, the top of the range is typically reserved for individuals who demonstrate exceptional depth in the role’s core competencies, a strong track record of impact in similar environments, and the ability to operate with a high degree of autonomy from day one.
Similar Jobs
Productivity • Software • App development • Automation
Run pipeline, lifecycle, and demand programs to drive multi-seat B2B SaaS conversions. Build and execute full-funnel campaigns, manage HubSpot workflows and reporting, partner with sales on account targeting, and run customer advocacy, review-generation, and content initiatives to grow pipeline and bookings.
Top Skills:
Ai ToolsAutomation PlatformsCanvaCapterraFigmaG2HubspotMartech
Artificial Intelligence • Hardware • Healthtech • Software
The VP of Quality leads the development and maintenance of the Quality Management System (QMS), ensures compliance with ISO 13485, collaborates with engineering on product quality, and develops a high-performing quality team.
Top Skills:
CapaFmeaIec 62304Iso 13485Plm Software
Blockchain • eCommerce • Fintech • Payments • Software • Financial Services • Cryptocurrency
Design, build, and operate production ML decision systems to detect and prevent payment fraud, account takeover, scams, and other abuse. Integrate diverse signals into low-latency serving and batch scoring, own feature pipelines and model lifecycle, develop AI-assisted triage and feedback loops, and partner cross-functionally to balance fraud reduction with legitimate customer access.
Top Skills:
Cloud InfrastructureData LakehouseData WarehouseEmbeddingsFeature StoreJavaKafkaKotlinKubernetesLightgbmModel ServingMonitoringObservabilityPythonPyTorchSQLTensorFlowWorkflow OrchestrationXgboost
What you need to know about the Ottawa Tech Scene
The capital city of Canada and the nation's fourth-largest urban area, Ottawa has proven a rapidly growing global tech hub. With over 1,800 tech companies, many of which are leaders in their sectors, the city's tech talent now makes up more than 13 percent of its total workforce. This growth is driven not only by the big players like UL Solutions and Dropbox, but also by a thriving startup ecosystem, as new businesses emerge to follow in the footsteps of those that came before them.



