Principal Risk and Compliance Analyst

About CoLab

At CoLab, we want to help mechanical engineering teams bring life-changing products to market years sooner.

CoLab is a cloud based platform for engineering design review. We make it easy for subject matter experts (SMEs) across your business to access, evaluate, and comment on 2D drawings and 3D models. Our built-in AI peer checker, AutoReview, scans designs for common errors or non-compliance with your standards and guidelines. AutoReview creates markups and comments on your files, in context – just like a human checker.

With CoLab, human SMEs and AI work together to help you make better decisions and improve designs faster. We automatically capture knowledge from across your global business that would otherwise be buried in emails, spreadsheets, slide decks, and unknown locations in Sharepoint or PLM. Then, we make sure every lesson learned and every design guideline is applied exactly when it matters.

Companies like Johnson Controls, Komatsu, Schaeffler, and Polaris have launched products 40% faster, cut BOM costs by 50%, and reduced quality escapes by 15% in 1 year.

About the Role

This is a mission-critical role for someone who thrives on ownership, complexity, and getting things done. As our Principal Risk and Compliance Analyst, you’ll be CoLab’s senior-most compliance lead—responsible for managing multiple concurrent audit and certification streams while also laying the groundwork for new ones, particularly as we expand into defense and international markets.

You’ll report into our Director of Risk and Compliance and step in to lead all net-new compliance efforts: from scoping and implementing EU frameworks, to advancing our defense-readiness, to participating in customer calls and managing end-to-end audit cycles. This is a hands-on, high-accountability role that directly supports sales, security, and executive stakeholders.

If you have deep expertise in risk and compliance, especially in regulated industries like defense and want to own and scale an entire program, this role is for you.

Our Ideal Candidate

You're a senior compliance professional with a background in security, risk, and regulatory frameworks. You’ve led audits for complex certifications in the past. You can confidently navigate conversations with auditors, customers, and executives alike. You know how to manage multiple workstreams without losing sight of the details.

You’re not looking to just “maintain compliance.” You want to build something. You know what right looks like and aren’t afraid to roll up your sleeves to get there—whether that’s writing policy from scratch, configuring a GRC tool, or jumping on a customer call to walk through our controls.

This role requires Canadian citizenship due to the sensitivity of the information involved.

Job Responsibilities:

• Lead end-to-end audit management across multiple certifications and frameworks including SOC 2 Type II, TISAX, FedRAMP, CPCSC, CCCS (Medium), and three ISO certifications—with EU and defense requirements on deck.
• Act as CoLab’s internal compliance authority and primary liaison to external auditors, assessors, and customer security teams
• Participate in sales cycles by completing security questionnaires, documentation packages, and customer calls
• Manage risk assessments and reviews, maintain risk registers, and recommend mitigations to business and technical leaders
• Drive policy development and refinement across security and compliance programs
• Build automation into our compliance workflows (using tools like Vanta and others) to increase audit readiness and reduce manual effort
• Own and update GRC tooling, controls documentation, evidence gathering, and internal compliance training

Qualifications

• 10+ years of experience in risk, compliance, or security programs within B2B software, with a strong preference for defense sector or regulated industry experience
• Demonstrated experience owning and completing audits such as SOC 2 Type II, ISO 27001, FedRAMP,  and/or similar
• Strong knowledge of GRC platforms (e.g., Vanta, OneTrust) and experience configuring automation or workflows
• Exceptional written and verbal communication skills with the ability to speak credibly with auditors, sales teams, engineers, and executives
• Ability to read, interpret, and implement complex frameworks and policies from multiple jurisdictions (Canada, US, EU)
• Experience supporting high-stakes sales processes with timely and accurate security documentation
• Ability to work independently, manage competing priorities, and drive programs forward without micromanagement
• Canadian citizenship is required for this role

Extra Details

Compensation: This is a full-time, permanent position with a competitive compensation package that includes a stock options package

Benefits: Extended health and benefits, unlimited paid vacation, and RRSP matching

Remote/Hybrid Work: Our main office is in St. John’s, NL. This role can be done remotely from anywhere in Canada

Equity Note

Frequently cited statistics show that people who identify with historically marginalized groups are likely to apply to jobs only if they meet 100% of the qualifications. We encourage you to help us break that statistic and apply even if you don’t meet every single qualification—your potential is what matters most to us.