GRC Analyst, Security - Provo

At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.

 

When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the mic and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 5,000 people across the globe who think that’s work worth doing.

 

GRC Analyst, Security - Provo

 

Why We Have This Role

We create software that the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. Serving over 20,000 clients globally, we are more than a platform—we are the creators and stewards of the Experience Management category. This GRC Security Analyst role is essential to maintaining and advancing our governance, risk, and compliance posture amid rapid growth and evolving regulatory landscapes. You will collaborate closely with cross-functional teams including legal, security, product, and compliance to identify, assess, and mitigate risks, ensuring Qualtrics meets rigorous security certifications and regulatory requirements. Your work will directly impact how we protect our customers and enable trusted innovation.

How You’ll Find Success

• Manage and maintain compliance with industry standards such as FedRAMP, ISO 27001, SOC 2, HITRUST, and emerging AI governance frameworks.
• Take initiative to understand complex compliance frameworks and work entrepreneurially to implement effective controls.
• Communicate clearly and influence stakeholders across teams to build trust and alignment.
• Apply strong analytical skills to assess risks and develop actionable remediation plans.
• Collaborate effectively with legal, security, product, and customer teams.
• Navigate and support external audits, customer audits and certification processes.
• Demonstrate ownership of governance processes and continuous improvement.

How You’ll Grow

• Deepen expertise in commercial and/ federal security compliance programs which can include ISO 27001, TISAX, FedRAMP High, IRAP and others.
• Expand leadership and project management skills through cross-team initiatives and audit coordination.
• Gain exposure to AI security and privacy compliance aligned with NIST AI Risk Management Framework.
• Develop advanced skills in risk assessment, supplier risk management, and security assurance.

Things You’ll Do

• Lead, assist and coordinate internal and external security audits and assessments to achieve and maintain certifications.
• Analyze and interpret regulatory requirements across multiple frameworks and translate them into actionable compliance programs.
• Partner with product and engineering teams to ensure security controls meet customer and regulatory expectations.
• Monitor and report on remediation progress and compliance metrics.
• Support customer security reviews, questionnaires, and risk assessments.
• Drive continuous improvement through automation in GRC processes, tools, and documentation.

What We’re Looking For On Your Resume

• Bachelor’s degree in IT, Information Systems, or related discipline.
• 1-3 years of experience in governance, risk, and compliance roles within information security.
• Experience with IT security assessments, control testing, and compliance programs such as FedRAMP Moderate/High, PCI and SOC 2.
• Familiarity with other assessments such as ISO 27001, HITRUST, SSAE18, Protected B, SOX, or TISAX is a plus.
• Proven ability to work cross-functionally and influence without direct authority.
• Strong written and verbal communication skills.
• Project management experience managing partner expectations and audit schedules.
• Relevant security certifications are a plus, such as SSCP, Security+, CISSP, CISM, CIPP, or CISA.
• Experience with AI models is a plus.

What You Should Know About This Team

• The GRC team is a collaborative, high-performing group dedicated to protecting Qualtrics and its customers through proactive risk management and compliance.
• We work closely with legal, security, product, and customer success teams, as well as external auditors and partners.
• The team embraces strategic risk-taking and continuous learning.
• You will be positioned as a key enabler of business success through security assurance and compliance excellence.

Our Team’s Favorite Perks and Benefits

• Access to ongoing professional development, certifications, and security training.
• Hybrid work model with purposeful in-office collaboration days.
• Inclusive culture committed to diversity, equity, and belonging.
• Competitive health, wellness, and financial benefits.
• Frequent team events, creative office spaces, and a strong emphasis on work/life integration.

  The Qualtrics Hybrid Work Model: Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life.   Qualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic. ​​​​​​​ Applicants in the United States of America have rights under Federal Employment Laws:Family & Medical Leave Act,Equal Opportunity Employment,Employee Polygraph Protection Act   Qualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.   Not finding a role that’s the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.