Blue J is the leading generative AI solution for tax professionals. As a B2B SaaS company, our customers are accountants and tax experts who rely on our market-leading software to deliver fast, accurate, and defensible answers to complex tax questions.

With the launch of our flagship generative AI product, we’ve consistently exceeded our revenue targets quarter over quarter and continue to accelerate our growth. Our product roadmap is ambitious, customer-focused, and designed to deliver exceptional value at speed.

On the heels of our $122M USD Series D funding, we’re racing ahead with an exciting product roadmap and are looking for a Senior GRC Analyst/ GRC Manager to support our growth. This role will focus heavily on hands‑on execution while also contributing ideas to mature our GRC program.

A Note on Location

This role is primarily remote, requiring travel to the Toronto office a few times a quarter for in-person meetings. All candidates must be eligible to work in Canada.

The Opportunity

This is a unique opportunity to be the hands-on GRC partner at a high‑growth SaaS company that already operates at a strong external standard (SOC 2 Type 2) and sells into discerning legal, tax, and public‑sector clients. You’ll unblock deals, strengthen our privacy & security posture across multiple jurisdictions (Canada, US, UK/EU), and create the headroom for the team to improve processes without sacrificing day‑to‑day responsiveness.

What You’ll be Doing

Own security questionnaires / sales surveys end‑to‑end to help Sales move quickly and confidently.
Support our annual SOC 2 Type 2 activities (evidence collection, control monitoring, audit coordination) and applicable privacy regulation obligations (such as GDPR/UK GDPR, PIPEDA, CCPA/CPRA, etc.).
Monitor emerging AI-related laws and compliance frameworks to ensure Blue J remains aligned with evolving AI governance requirements; contribute to developing internal readiness in this rapidly growing regulatory space.
Perform vendor due diligence (new & existing vendors/sub‑processors), assess risk, document findings, and track remediation; maintain the vendor inventory.
Maintain and improve policies & procedures (security, privacy, incident response, acceptable use, access, etc.), ensuring versions, ownership, and review cadence are clear.
Risk analysis & risk register: run/refresh risk assessments, rate risks, propose controls, and report on trends and treatment status.
Contract reviews with Legal (e.g., security/privacy clauses in MSAs, DPAs, SCCs as applicable); provide clear, business‑savvy guidance to Sales and customers.
Document and tune the Incident Response plan; schedule exercises/tabletops and track follow‑ups.
Customer‑facing communication: join prospect and customer calls to explain our program in plain language and instill confidence.
Metrics & hygiene: define and report GRC KPIs/SLOs (e.g., questionnaire turn‑around time, evidence completion, vendor reviews on time).
Continuous improvement: identify pragmatic process upgrades that save time, reduce risk, and scale with growth while staying hands‑on in daily execution.

What You Offer Blue J

5 plus years in GRC or closely related roles, with a bias for action and comfort working as a doer in a lean team.
Proven experience shipping outcomes across SOC 2 Type 2 and at least one privacy regime (e.g., GDPR/UK GDPR, PIPEDA, CCPA/CPRA).
Strong background in vendor due diligence/TPRM, policy management, and risk assessment.
Comfortable reading and commenting on contractual language related to security & privacy (DPAs, data protection clauses) in partnership with Legal.
Excellent written and verbal communication, including the ability to simplify complex security topics for customers and internal stakeholders.
Experience in B2B SaaS, ideally startup/scale‑up environments serving regulated or enterprise customers.
Tooling familiarity with Drata, Vanta, and Jira, and other collaboration tools.

What We Offer You

A rare opportunity to be an early team member shaping our security and compliance with visible business impact.
We are leading the generative AI tax research market with an exciting product in a virtually untapped market, amidst significant buzz about our work.
We are flexible! Work remotely most of the time and drop by our downtown Toronto office to connect with the team whenever you’d like.
We’re well-funded and offer competitive base salaries and stock options. You’ll play a crucial role in our growth, and it’s important to us that you share in our long-term success.
We care about you as a whole person, not just an employee. Our thoughtfully designed benefits package covers you and your family, and we work hard to maintain a healthy work/life balance.
We’ve got an amazing team. We’re mission-driven and motivated by success, but we’re friendly, we’re collaborative, and we care about each other.
We’ve got all the start-up perks you’d expect, and are intentionally building a culture where you can feel safe to be yourself at work, and watch your career grow because your team has invested in you.

The Core Values that Define Our Culture

We are customer-focused
We put the team interest before self-interest
We are pleasant and playful
We are open to better ideas
We deliver on our promises
We solve the toughest problems

What to Expect in the Interview Process

We anticipate a high volume of applicants for this role and are excited to grow our team. A human will review each application and get back to you as soon as possible. We appreciate your patience and look forward to connecting with you!

Interview Process

Chat with Lavita, Talent Acquisition Manager
Meet Troy, Security and Compliance Manger
Panel with Matt, Cloud Lead, and Avi B, COO
Engineering team conversation
Meet Ben, CEO

We believe our strength is built on diversity of thought, and encourage candidates from all backgrounds and experiences to apply. We value inclusiveness and are an equal opportunity employer. We do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

We strive to create an inclusive and accessible hiring experience for all candidates. If you need any accommodations during the interview process, please let us know in your application. Our team is dedicated to providing the necessary support and making reasonable adjustments to ensure a smooth process for everyone.

Ready to apply?

Powered by

First name *

Last name *

Email *

LinkedIn URL *

Resume *

Click to upload or drag and drop here

Do you have any comments or accommodation needs you'd like to share?

Are you currently residing in Canada and authorized to work without sponsorship? *

Yes

No

This is a GRC role focused on frameworks, audits, policies, and risk management, not a technical cybersecurity role. Does this align with your experience and the type of work you’re looking for? *

Yes - I have experience or strong interest in GRC (governance, risk, and compliance)

No - my background and interests are primarily in cybersecurity or technical security operations

Have you spent most of the past 3-5 years working in governance, risk, and compliance (GRC)? *

Yes

No

Have you directly supported or led a SOC 2 Type 2 audit process? *

Yes

No

We love getting together in our downtown Toronto office 1-2 times per quarter, would that be manageable for you? *

I live in downtown Toronto and can come in as needed

I live in Ontario and can travel to the office 1-2 times per quarter

I live in Ontario but traveling downtown would be challenging for me

I live outside of Ontario and can travel to the office 1-2 times per quarter

By applying you agree to Gem's terms and privacy policy.

Save your info to apply to other roles faster & help employers reach you.

Req ID: R50

See more open positions at Blue J Legal

Privacy policy Cookie policy

Find the best jobs with the most innovative companies in the MaRS community.

Senior GRC Analyst/ GRC Manager

About Blue J