GRC Analyst

As a software-as-a-service company, our customer’s security and privacy are incredibly important to us. Our software is used by more than 30,000+ customers, including Harrods, IHG, River Island and many others who rely on Sprout to create stronger relationships with their customers through social media.

Our Governance, Risk & Compliance (GRC) team is responsible for building and maintaining our Information Security’s Governance, Risk, and Compliance program. This team collaborates closely with our Legal, Security, Internal Audit, and Sales teams to ensure that we meet all applicable security and compliance-related requirements.

As a GRC Analyst, you will leverage your prior compliance experience to support our team’s processes and drive new automation. Your knowledge of cybersecurity or procurement will support our Sales teams in assuring customers of our security and privacy posture. You’ll assist in internal or external audits and help mature our risk program, all while keeping up-to-date with evolving regulatory requirements.

If you have a propensity for independent work and a desire to refine our IT Audit, Compliance, and Governance initiatives with stakeholders across the globe, we’d love to talk with you! 

Qualifications

These are the minimum qualifications that our hiring team is looking for in this role:

• 3+ years of combined experience in security, IT audit, risk management, or similar roles in a cloud-based environment
• Experience with compliance or data privacy frameworks such as: SOC 2, SOX, NIST, ISO, CSA, GDPR, etc.

Additionally, these are the preferred qualifications that would indicate a particularly strong candidate:

• Strong interpersonal skills and ability to work independently with distributed teams
• Deep knowledge of risk management frameworks and processes 
• Certifications in security (Security+, CISSP) or GRC (CISA, CRISC)
• Experience working closely with Security, Legal, and Sales teams in supporting the sales lifecycle and providing security assurance to customers

Within 1 month, you will:

• Complete Sprout’s New Hire training program alongside other new Sprout team members.
• Be introduced to Sprout’s security, compliance, and privacy stakeholders across the organization.
• Learn our existing tooling and begin understanding the state of our program.
• Support and shadow teammates on security assurance requests, completing questionnaires and joining calls with customers.
• Closely collaborate with members of our Legal team. 
• Begin to recognize the differences in needs between our US and International entities.
• Get regular team feedback on your approach to managing and engaging our existing compliance workstreams.

Within 3 months, you will:

• Work with your manager and teammates to create and prioritize quarterly team goals or projects.
• Start to understand the breadth and depth of our team’s authority.
• Independently triage Security Assurance requests, fielding nuanced security and privacy concerns from our customers, both pre and post-sales.
• Begin to assist in quarterly user access reviews and internal controls testing while identifying areas for process improvement.

Within 6 months, you will:

• Participate in the day-to-day management of our GRC tooling and telemetry.
• Support in maturing our Organizational Risk program – track remediation efforts, identifying third-party risk, and building relationships with stakeholders from other teams to help foster a “security-first” culture. 
• Collaborate with your teammates to draft and improve internal documentation, assist in security awareness training efforts, and document timelines and tasks as they relate to our GRC program.
• Partner with Legal on cross-functional initiatives and continuously improve our team’s “dependability” in providing reliable support to Sales.
• Become a key stakeholder in quarterly and annual internal or external audits over IT controls, all while improving/automating the evidence gathering processes. 

Within 12 months, you will:

• Be the go-to person on all things security and privacy related for Sprout International.
• Fully support our compliance initiatives as they relate to risk and audit.
• Assist in defining the roadmap for future work. 
• Surprise us! Use your unique ideas and abilities to change our GRC program in ways that we haven’t considered yet.

About Sprout Social

Sprout Social powers open communication between individuals, brands and communities through elegant, sophisticated software. We are relentless about solving hard problems for our customers and committed to both customer and team success.

Team Sprout is a group of very talented, smart and passionate people with broad interests and backgrounds. We believe that true employee engagement cannot happen if you can’t bring your whole self to work, so we’re committed to building a diverse team, embracing an inclusive culture and investing in equity across our organization. That dedication is core to Sprout. We want all candidates, particularly those coming from traditionally underrepresented groups in the technology industry, to know they are welcome at Sprout.

We’re proud to regularly be recognized for software, product and company culture achievements. Our team’s shared belief in Sprout’s mission promotes a culture of openness, empowerment and fun. We have built a benefits program to match the strength of our team. This program includes:

• Insurance and benefit options that are built for both individuals and families
• Progressive benefit programs
• High-quality and well-maintained equipment - your computer will never prevent you from doing your best
• Lunch options onsite, more than you can ever imagine
• Beautiful, convenient and state-of-the-art offices in Dublin's city centre
• Growing corporate social responsibility program that is driven by the involvement and passion of our team members

Sprout Social is an equal opportunity employer. Anyone seeking employment here is considered without regards to race, colour, religion, national origin or ancestry, sex (including sexual identity), age, physical or mental disability, pregnancy, veteran or military status, unfavourable discharge from military service, genetic information, sexual orientation, marital status, order of protection status, citizenship status, arrest record or expunged or sealed convictions, or any other legally recognized protected basis under federal, province/state, or local law. We value the things that make us different and want to see how you can make our team better!

Whenever possible, we want to provide team members the flexibility to work in the location that makes the most sense for them. If you prefer an office setting, this role may be based in our Dublin location. If you prefer to work remotely from another location within Ireland or the UK, we will accommodate you as best as possible. 

If you are based in another location within EMEA, we aren’t able to hire in your location at this time; however, if you’d like to stay in touch with us in case that changes in the future, please apply and we’ll save your application for possible future consideration.

#LI-Remote