Principal Risk and Compliance Analyst

About CoLab. At CoLab, we want to help mechanical engineering teams bring life-changing products to market years sooner. CoLab is a cloud-based platform purpose-built for fast, effective design review. Using CoLab, multiple engineers, designers, and other stakeholders can review designs together and build off one another's feedback. Engineers at companies like Ford, Komatsu, and Johnson Controls use CoLab to review designs faster, prevent mistakes, and build the next generation of innovative products.

About the Role. This is a mission-critical role for someone who thrives on ownership, complexity, and getting things done. As our Principal Risk and Compliance Analyst, you'll be CoLab's senior-most compliance lead—responsible for managing multiple concurrent audit and certification streams while also laying the groundwork for new ones, particularly as we expand into defense and international markets.

You'll report into our Director of Risk and Compliance and step in to lead all net-new compliance efforts: from scoping and implementing EU frameworks, to advancing our defense-readiness, to participating in customer calls and managing end-to-end audit cycles. This is a hands-on, high-accountability role that directly supports sales, security, and executive stakeholders.

If you have deep expertise in risk and compliance, especially in regulated industries like defense and want to own and scale an entire program, this role is for you.

You're a senior compliance professional with a background in security, risk, and regulatory frameworks. You've led audits for complex certifications in the past. You can confidently navigate conversations with auditors, customers, and executives alike. You know how to manage multiple workstreams without losing sight of the details.

You're not looking to just 'maintain compliance.' You want to build something. You know what right looks like and aren't afraid to roll up your sleeves to get there—whether that's writing policy from scratch, configuring a GRC tool, or jumping on a customer call to walk through our controls.

This role requires Canadian citizenship due to the sensitivity of the information involved.

• Lead end-to-end audit management across multiple certifications and frameworks including SOC 2 Type II, TISAX, FedRAMP, CPCSC, CCCS (Medium), and three ISO certifications—with EU and defense requirements on deck.
• Act as CoLab's internal compliance authority and primary liaison to external auditors, assessors, and customer security teams.
• Participate in sales cycles by completing security questionnaires, documentation packages, and customer calls.
• Manage risk assessments and reviews, maintain risk registers, and recommend mitigations to business and technical leaders.
• Drive policy development and refinement across security and compliance programs.
• Build automation into our compliance workflows (using tools like Vanta and others) to increase audit readiness and reduce manual effort.
• Own and update GRC tooling, controls documentation, evidence gathering, and internal compliance training.

• 10+ years of experience in risk, compliance, or security programs within B2B software, with a strong preference for defense sector or regulated industry experience.
• Demonstrated experience owning and completing audits such as SOC 2 Type II, ISO 27001, FedRAMP, and/or similar.
• Strong knowledge of GRC platforms (e.g., Vanta, OneTrust) and experience configuring automation or workflows.
• Exceptional written and verbal communication skills with the ability to speak credibly with auditors, sales teams, engineers, and executives.
• Ability to read, interpret, and implement complex frameworks and policies from multiple jurisdictions (Canada, US, EU).
• Experience supporting high-stakes sales processes with timely and accurate security documentation.
• Ability to work independently, manage competing priorities, and drive programs forward without micromanagement.
• Canadian citizenship is required for this role.

Compensation: This is a full-time, permanent position with a competitive compensation package that includes a stock options package. Benefits: Extended health and benefits, unlimited paid vacation, and RRSP matching. Remote/Hybrid Work: Our main office is in St. John's, NL. This role can be done remotely from anywhere in Canada.

We are an equal opportunities employer and welcome applications from all qualified candidates. Frequently cited statistics show that people who identify with historically marginalized groups are likely to apply to jobs only if they meet 100% of the qualifications. We encourage you to help us break that statistic and apply even if you don't meet every single qualification—your potential is what matters most to us.