Senior GRC Analyst

Description

About Us:

At Sitecore, our mission is to simplify how brands reach, engage, and serve people by delivering intelligent, personalised digital experiences that connect the world. We empower the world’s most iconic brands to build lifelong relationships with their customers—seamlessly, smartly, and at scale.

As the leading provider of agentic digital experience software, Sitecore brings together content, commerce, and data into one composable platform that enables brands to deliver millions of meaningful, adaptive experiences every day. Trusted by global leaders such as American Express, Porsche, Starbucks, and L’Oréal, Sitecore helps brands transform engagement through experiences that are not only personalised but predictive and dynamic.

Our foundation is our people—a diverse, passionate, and collaborative global team spanning over 25 countries. We believe that every experience matters, and that belief starts with how we work together. Our values—empathy, accountability, clarity, and growth—guide how we lead, innovate, and connect. They are the behaviours that bring our mission and vision to life, every day, in every interaction.

As we continue to evolve, we are actively cultivating AI skills across our teams to unlock new levels of creativity, efficiency, and insight. From engineering to customer experience, AI capabilities are becoming integral to how we design, build, and deliver the next generation of digital experiences.

Learn more at Sitecore.com

About the Role:

We are looking for a detail-oriented and proactive Senior GRC (Governance, Risk, and Compliance) Analyst to join our team. This role will be based in Dublin and will support operations aligned with U.S. Central and Eastern time zones. The Senior GRC Analyst will report to the GRC Manager, contributing to the day-to-day execution of compliance programs, audit preparation, risk assessments, and overall security governance efforts.

This is a hands-on role, ideal for someone who thrives in a collaborative, fast-paced environment and is passionate about security, compliance, and risk management.

What You Will Do:

Governance & Compliance

• Support the implementation and maintenance of compliance programs aligned with frameworks such as ISO 27001, ISO 42001, SOC 2, HIPAA, PCI DSS, GDPR, TISAX, NIST, and IRAP.
• Develop, implement and maintain security policies, procedures, and controls to ensure alignment with regulatory requirements.
• Conduct compliance reviews to identify gaps and assist in defining remediation actions.
• Monitor changes in regulatory requirements and provide input into compliance strategy and updates.

Audit Support

• Lead and manage internal and external audits for required compliance certifications, ensuring successful audit outcomes.
• Maintain audit calendars, track deliverables, and ensure readiness for internal and external audits.

Risk Management

• Support periodic risk assessments, helping to identify, document, and track technology and process risks.
• Maintain the risk and findings register, ensuring items are regularly updated and monitored for progress.

Cross-Functional Collaboration

• Work closely with teams across Engineering, Product, Legal, Data Protection, Procurement, and Information Technology to support compliance initiatives and ensure timely completion of action items.
• Provide ongoing support and clarity to teams on compliance tasks and expectations.

Reporting & Documentation

• Assist in preparing and delivering status reports, dashboards, and metrics on GRC activities for leadership and stakeholders.
• Ensure that compliance documentation is consistently updated and centrally stored (e.g., SharePoint, Confluence).

What You Need to Succeed:

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• Familiarity with industry standards and frameworks such as ISO 27001, ISO 42001, SOC 2, HIPAA, GDPR, PCI DSS, NIST, and others.
• 5 + years of experience in GRC, risk management, audit support, or compliance roles in a technology-driven environment.
• Strong attention to detail, organizational skills, and ability to manage multiple tasks.
• Experience using Microsoft 365 tools (e.g., Outlook, Teams, Excel, SharePoint) and collaboration platforms.

Additional Skills That Could Set You Apart:

• Experience working across global teams and time zones
• Experience working with GRC Tooling/ compliance management framework (e.g Vanta, Drata, OneTrust etc)
• Familiarity working with AI (e.g. AI Governance, AI Risk Assessment, ISO 42001 certification)
• Certifications such as CISA, CRISC, or ISO 27001 Lead Implementer/Auditor