GRC Analyst

GRC Analyst
Kuala Lumpur, Malaysia About Us: Our mission is to elevate leading brands through unforgettable digital connections with their customers. Sitecore delivers a composable digital experience platform that empowers the world’s smartest and largest brands to build lifelong relationships with their customers.A highly decorated industry leader, Sitecore is the leading company bringing together content, commerce, and data into one connected platform that delivers millions of digital experiences every day. Thousands of blue-chip companies including American Express, Porsche, Starbucks, L’Oréal, and Volvo Cars rely on Sitecore to provide more engaging, personalized experiences for their customers. Learn more at Sitecore.com. Sitecore’s foundation is our diverse group of passionate, smart, innovative, and collaborative individuals located across four continents and over 25 countries. Having a wide range of perspectives, experiences, and skills is what makes us the company we are today. The Sitecore values are what drive and unite us across the globe. About the roleWe are looking for a highly motivated and detail-oriented GRC (Governance, Risk, and Compliance) Analyst to join our team based in Kuala Lumpur. This role will support core GRC functions, assist in maintaining security and compliance programs, and provide direct support to the Sales and Customer Success teams. The GRC Analyst will work closely with two Senior GRC Analysts and the CISO to manage risk assessments, audit preparation, policy compliance, and internal control activities. Additionally, this role will play a key part in sales enablement by responding to customer security questionnaires, managing service desk tickets related to GRC, and generating reports that support sales operations. This is a hands-on, cross-functional role that requires collaboration across business units and a proactive approach to compliance and customer support. What You’ll Do: Governance & Compliance

• Support the implementation and ongoing maintenance of compliance programs aligned with ISO 27001, SOC 2, HIPAA, PCI DSS, GDPR, TISAX, NIST, and other regulatory frameworks
• Assist with drafting, maintaining, and updating policies, procedures, and security controls
• Conduct periodic reviews to identify compliance gaps and support remediation efforts
• Track regulatory changes and align internal controls accordingly

Audit Support

• Assist with internal and external audits by collecting evidence, preparing documentation, and coordinating with relevant teams
• Track audit schedules and maintain audit readiness documentation

Risk Management

• Help conduct risk assessments, maintain the risk register, and follow up on remediation actions
• Monitor and document findings to support GRC risk posture

Sales Enablement Support

• Respond to customer security and compliance questionnaires in coordination with the Sales and Security teams
• Manage GRC-related service desk tickets and ensure timely resolution
• Prepare and maintain reporting dashboards and metrics to support Sales and Customer Success teams
• Collaborate with Sales Engineers and Account Managers to ensure alignment on customer security requirements

Cross-Functional Collaboration

• Work with teams across Engineering, Legal, Product, Procurement, and Enterprise Technology to support GRC initiatives
• Provide clarity and guidance on security and compliance expectations during project engagements

Reporting & Documentation

• Prepare reports and summaries of GRC activities for leadership and stakeholders
• Ensure consistent documentation practices and centralized storage of compliance materials

 What You Need to Succeed: 

• Bachelor’s degree in information security, computer science, business, or related field
• 3–5 years of experience in GRC, audit, security operations, or compliance roles
• Familiarity with common compliance frameworks such as ISO 27001, SOC 2, HIPAA, PCI DSS, and GDPR
• Strong organizational skills and attention to detail
• Proficient in Microsoft 365 tools and service management platforms (Service Now)

 Additional Skills That Could Set You Apart: 

• Prior experience working with Sales or Customer Success teams is a plus
• Experience responding to security questionnaires, and knowledge of RFI and RFP tools like Loopio is highly desirable
• Certifications such as CISA, CRISC, ISO 27001 Lead Implementer/Auditor are a plus

 Work Conditions

• Based in the Kuala Lumpur office
• Full-time, standard business hours in Malaysia local time zone
• Occasional flexibility required to support global stakeholders and time-sensitive requests

 Why you should click ‘Apply’: 

• We are passionate about modern technologies and growing! We are tapping into an exciting $30B market opportunity that is still very much in its infancy and feels it’s never been a better time to join Sitecore as we look to grow by 30% YoY. Growth for us means growth for you and your career.
• Great team and company culture! You can find out more about our company culture, a typical day in the Engineering team, and our commitment to creating a diverse and inclusive workplace, on our YouTube Channel. Thanks to the work of every employee globally, Sitecore has been recognized for its award-winning Culture by Comparably.
• Great benefits! We offer a competitive compensation package including a competitive base salary, annual bonus, and strong benefits program.