GRC Analyst, Partnership Compliance

Description 

Sprout Social is looking to hire a GRC Analyst focused on Partnership Compliance for the IT team. 

Why join Sprout’s IT team? 

Sprout’s Corporate IT team is a combination of adjacent squads working on projects under one umbrella. This unique structure is an exciting opportunity to grow your career in technology with exposure to projects all across our discipline—something you don’t see often in other organizations. It allows us to move quickly and collaborate with minimal friction or red tape. As a part of this team, you’re also given the space and encouraged to stretch beyond your core function and make a deeper impact on the broader organization. In short, the work you do here matters and you’ll feel that day in and day out. 

What you’ll do 

• Create monitoring processes for changes in our social network partners’ terms of service
• Respond to technical assessments from our social network partners
• Pair with other members of the GRC, Legal, and Engineering teams to create, remediate, and monitor a set of internal controls built on the requirements from our social network partners
• Implement access governance over the social networks’ developer portals 
• Participate in internal and external audits–testing, maturing, and automating our security controls along the way
• Support our Sales and Success teams in assuring customers of our industry-leading security and privacy posture with your knowledge of cybersecurity and procurement

What you’ll bring 

If you have a propensity for independent work, experience in IT Audit or Compliance, and a desire to implement world-class governance for our partnership ecosystem, we’d love to talk with you!

The minimum qualifications for this role include: 

• 5+ years of combined experience in security, IT audit, risk management, legal, or similar roles supporting a cloud-based environment 
• Experience with system/tool administration and a deep understanding of role-based access controls
• Experience with reviewing and interpreting legal documents
• Experience in developing, implementing, and testing controls in support of compliance or privacy frameworks (e.g., SOC 2, SOX, NIST, ISO, CSA, GDPR, etc.

Preferred qualifications for this role include: 

• Attention to detail and a willingness to learn the technicalities of people, processes, and systems
• Strong interpersonal skills and ability to work independently across distributed teams
• Experience at social media, marketing, or similar companies
• Deep knowledge of security frameworks and processes
• Certifications in security (Security+, CISSP) or GRC (CISA, CRISC) 
• Experience working closely with Security, Legal, Engineering, and Sales teams in supporting of company-wide objectives, internal and external audits, and the sales lifecycle

How you’ll grow 

Within 1 month, you’ll plant your roots, including:

• Complete Sprout’s New Hire training program alongside other new Sprout team members. 
• Be introduced to Sprout’s security, compliance, and legal stakeholders across the organization. 
• Learn our existing tooling and begin understanding the state of our GRC program.
• Learn the current state of Partnership Compliance and begin to identify gaps or areas of improvement. 
• Support and shadow teammates on security assurance requests, completing questionnaires and joining calls with customers. 
• Receive feedback from the team on your approach to managing and engaging our existing IT audit and compliance workstreams. 

Within 3 months, you’ll start hitting your stride by:

• Work with your manager and teammates to create and prioritize quarterly team goals or projects. 
• Start to understand the breadth and depth of our team’s authority and remit.
• Pair with Legal to embed yourself into the product-build lifecycle, reviewing terms and other legal documents, and creating a process for monitoring changes to our social network partners’ terms of service 
• Create internal controls, mapping them to our current frameworks, in support of requirements from our social network partners 
• Begin identifying gaps in our current controls or processes, pairing with internal stakeholders to develop remediation plans
• Assist in quarterly user access reviews, internal and external audits, and internal controls testing in support of our compliance frameworks 
• Independently triage Security Assurance requests, fielding nuanced security and privacy concerns from our customers, both pre and post-sales. 

Within 6 months, you’ll be making a clear impact through:

• Participate in the day-to-day management of our GRC tooling. 
• Become the subject matter expert with respect to the social networks’ developer portals, pairing with Engineering to enhance governance over RBAC  
• Support our Sales and Success teams in assuring customers of our industry-leading security and privacy posture with your knowledge of cybersecurity and procurement
• Become a key stakeholder in quarterly/annual internal and external audits, including IT controls and user access reviews, all while improving/automating the evidence gathering processes.

Within 12 months, you’ll make this role your own by:

• Own our partnership compliance program and independently lead technical assessments from our social network partners, testing controls and gathering evidence.
• Independently perform user access reviews and participate in internal and external audits, all while identifying and assessing gaps or issues 
• Fully support our broader compliance and governance initiatives.
• Assist in defining the roadmap for future work. 
• Surprise us! Use your unique ideas and abilities to change our GRC program in ways that we haven’t considered yet. 

Of course what is outlined above is the ideal timeline, but things may shift based on business needs and other projects and tasks could be added at the discretion of your manager.

Our Benefits Program

We’re proud to regularly be recognized for our team, product and culture. Our benefits program includes:

• Insurance and benefit options that are built for both individuals and families
• Progressive policies to support work/life balance, like our flexible paid time off and parental leave program 
• High-quality and well-maintained equipment—your computer will never prevent you from doing your best
• Wellness initiatives to ensure both health and mental well-being of our team
• Ongoing education and development opportunities via our Grow@Sprout program, employee-led diversity, equity and inclusion initiatives and mentorship programs for aspiring leaders
• Growing corporate social responsibility program that is driven by the involvement and passion of our team members
• Beautiful, convenient and state-of-the-art offices in Dublin’s city centre, for those who prefer an office setting

Whenever possible, we want to provide team members the flexibility to work in the location that makes the most sense for them. If you prefer an office setting, this role may be based in our Dublin location. If you prefer to work remotely from another location within Ireland and/or the UK, we will accommodate you as best as possible. 

If you are based in another location within EMEA, we aren’t able to hire in your location at this time; however, if you’d like to stay in touch with us in case that changes in the future, please apply and we’ll save your application for possible future consideration. 

#LI-Remote