GRC Analyst
Description
About Us:
At Sitecore, our mission is to simplify how brands reach, engage, and serve people by delivering intelligent, personalised digital experiences that connect the world. We empower the world’s most iconic brands to build lifelong relationships with their customers—seamlessly, smartly, and at scale.
As the leading provider of agentic digital experience software, Sitecore brings together content, commerce, and data into one composable platform that enables brands to deliver millions of meaningful, adaptive experiences every day. Trusted by global leaders such as American Express, Porsche, Starbucks, and L’Oréal, Sitecore helps brands transform engagement through experiences that are not only personalised but predictive and dynamic.
Our foundation is our people—a diverse, passionate, and collaborative global team spanning over 25 countries. We believe that every experience matters, and that belief starts with how we work together. Our values guide how we lead, innovate, and connect. They are the behaviours that bring our mission and vision to life, every day, in every interaction.
As we continue to evolve, we are actively cultivating AI skills across our teams to unlock new levels of creativity, efficiency, and insight. From engineering to customer experience, AI capabilities are becoming integral to how we design, build, and deliver the next generation of digital experiences.
Learn more at Sitecore.com.
About the role:
We are looking for a detail-oriented and proactive GRC (Governance, Risk, and Compliance) Analyst to join our team. This role will be based in Dublin and will support operations aligned with U.S. Central and Eastern time zones. The GRC Analyst will report to the GRC Manager contributing to the day-to-day execution of compliance programs, audit preparation, risk assessments, and overall security governance efforts.
This is a hands-on role, ideal for someone who thrives in a collaborative, fast-paced environment and is passionate about security, compliance, and AI Governance.
What You Will Do:
Risk Management
· Assist in performing vendor risk reviews, including due diligence assessments for new vendors and annual reassessments for existing vendors.
· Maintain the central risk register, ensuring risks are accurately documented, assessed, and tracked through to remediation or acceptance.
· Participate in regular risk management forums including risk management meetings with key stakeholders to review risk posture, progress on mitigation activities, and emerging risks.
· Monitor and track remediation actions, escalating risks and issues where required to ensure timely resolution.
Audit Activities
· Participate in external and internal audits for PCI, HIPAA, IRAP, TISAX, SOC2, SOC1, ISO 27001, ISO 42001, and other relevant certifications.
· Prepare audit evidence, coordinate with external auditors, and ensure timely and successful audit outcomes.
· Maintain audit calendars, track deliverables, and ensure ongoing audit readiness.
· Perform detailed controls testing, document results, and support remediation of findings.
GRC Tooling & Implementation
· Assist in configuration and maintenance of GRC tooling to automate compliance workflows, evidence collection, and controls testing.
· Provide subject matter expertise on GRC tool capabilities and best practices.
· Support internal teams on GRC tool usage and compliance processes.
Governance & Emerging Regulations
· Responsible for developing, maintaining, and updating policies, standards, and procedures, while ensuring ongoing compliance with regulatory, audit, and internal governance requirements.
· Support the development and maintenance of the ISMS and AIMS in compliance with ISO 27001 and ISO 42001.
Cross-Functional Collaboration
· Work closely with Engineering, Product, Legal, Data Protection, Procurement, and IT teams to support compliance initiatives and ensure timely completion of action items.
· Provide ongoing support and clarity to teams on compliance tasks and expectations.
Reporting & Documentation
· Prepare and deliver status reports, dashboards, and metrics on GRC activities for leadership and stakeholders.
· Ensure compliance documentation is consistently updated and centrally stored (e.g., SharePoint, Jira, Confluence).
What You Need to Succeed:
- Bachelor’s degree in Information Technology, Cybersecurity, or a related field
- Familiarity with industry standards and frameworks such as ISO 27001, ISO 42001, SOC 2, HIPAA, GDPR, PCI DSS, NIST, and others
- 3 + years of experience in GRC, risk management, audit support, or compliance role
- Highly organised and detail-oriented, with the ability to manage multiple priorities and maintain structure in a fast-paced environment
- Comfortable working across multiple time zones, demonstrating flexibility and clear communication in a global environment
- Able to operate on own initiative, anticipating needs, identifying gaps, and proactively contributing to audit, risk, and compliance activities
- Personable and collaborative, with strong interpersonal skills and the ability to build effective working relationships across diverse teams
- Working towards being self-sufficient and proactive, able to take ownership of tasks and drive work forward with minimal supervision
Additional Skills That Could Set You Apart:
- Experience working with GRC Tooling/ compliance management framework (e.g Vanta, Drata, OneTrust etc) is a plus
- Experience in AI Governance, ISO 42001, and knowledge of the EU AI Act is a plus.
Equal Opportunities at Sitecore
Sitecore is proud to be an equal opportunity workplace. We are committed to equal employment opportunity without unlawful regard to race, colour, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability, veteran status, or any other local legally protected characteristic.