GRC Analyst, Partnership Compliance

Description 

Sprout Social is looking to hire a GRC Analyst focused on Partnership Compliance for the IT team. 

Why join Sprout’s IT team? 

Sprout’s Corporate IT team is a combination of adjacent squads working on projects under one umbrella. This unique structure is an exciting opportunity to grow your career in technology with exposure to projects all across our discipline—something you don’t see often in other organizations. It allows us to move quickly and collaborate with minimal friction or red tape. As a part of this team, you’re also given the space and encouraged to stretch beyond your core function and make a deeper impact on the broader organization. In short, the work you do here matters and you’ll feel that day in and day out. 

What you’ll do 

• Create monitoring processes for changes in our social network partners’ terms of service
• Respond to technical assessments from our social network partners
• Pair with other members of the GRC, Legal, and Engineering teams to create, remediate, and monitor a set of internal controls built on the requirements from our social network partners
• Implement access governance over the social networks’ developer portals 
• Participate in internal and external audits–testing, maturing, and automating our security controls along the way
• Support our Sales and Success teams in assuring customers of our industry-leading security and privacy posture with your knowledge of cybersecurity and procurement

What you’ll bring 

If you have a propensity for independent work, experience in IT Audit or Compliance, and a desire to implement world-class governance for our partnership ecosystem, we’d love to talk with you!

The minimum qualifications for this role include: 

• 5+ years of combined experience in security, IT audit, risk management, legal, or similar roles supporting a cloud-based environment 
• Experience with system/tool administration and a deep understanding of role-based access controls
• Experience with reviewing and interpreting legal documents
• Experience in developing, implementing, and testing controls in support of compliance or privacy frameworks (e.g., SOC 2, SOX, NIST, ISO, CSA, GDPR, etc.

Preferred qualifications for this role include: 

• Ability to work US central or US eastern time zone working hours is highly preferred
• Attention to detail and a willingness to learn the technicalities of people, processes, and systems
• Strong interpersonal skills and ability to work independently across distributed teams
• Experience at social media, marketing, or similar companies
• Deep knowledge of security frameworks and processes
• Certifications in security (Security+, CISSP) or GRC (CISA, CRISC) 
• Experience working closely with Security, Legal, Engineering, and Sales teams in supporting of company-wide objectives, internal and external audits, and the sales lifecycle

How you’ll grow 

Within 1 month, you’ll plant your roots, including:

• Complete Sprout’s New Hire training program alongside other new Sprout team members. 
• Be introduced to Sprout’s security, compliance, and legal stakeholders across the organization. 
• Learn our existing tooling and begin understanding the state of our GRC program.
• Learn the current state of Partnership Compliance and begin to identify gaps or areas of improvement. 
• Support and shadow teammates on security assurance requests, completing questionnaires and joining calls with customers. 
• Receive feedback from the team on your approach to managing and engaging our existing IT audit and compliance workstreams. 

Within 3 months, you’ll start hitting your stride by:

• Work with your manager and teammates to create and prioritize quarterly team goals or projects. 
• Start to understand the breadth and depth of our team’s authority and remit.
• Pair with Legal to embed yourself into the product-build lifecycle, reviewing terms and other legal documents, and creating a process for monitoring changes to our social network partners’ terms of service 
• Create internal controls, mapping them to our current frameworks, in support of requirements from our social network partners 
• Begin identifying gaps in our current controls or processes, pairing with internal stakeholders to develop remediation plans
• Assist in quarterly user access reviews, internal and external audits, and internal controls testing in support of our compliance frameworks 
• Independently triage Security Assurance requests, fielding nuanced security and privacy concerns from our customers, both pre and post-sales. 

Within 6 months, you’ll be making a clear impact through:

• Participate in the day-to-day management of our GRC tooling. 
• Become the subject matter expert with respect to the social networks’ developer portals, pairing with Engineering to enhance governance over RBAC  
• Support our Sales and Success teams in assuring customers of our industry-leading security and privacy posture with your knowledge of cybersecurity and procurement
• Become a key stakeholder in quarterly/annual internal and external audits, including IT controls and user access reviews, all while improving/automating the evidence gathering processes.

Within 12 months, you’ll make this role your own by:

• Own our partnership compliance program and independently lead technical assessments from our social network partners, testing controls and gathering evidence.
• Independently perform user access reviews and participate in internal and external audits, all while identifying and assessing gaps or issues 
• Fully support our broader compliance and governance initiatives.
• Assist in defining the roadmap for future work. 
• Surprise us! Use your unique ideas and abilities to change our GRC program in ways that we haven’t considered yet. 

Of course what is outlined above is the ideal timeline, but things may shift based on business needs and other projects and tasks could be added at the discretion of your manager.

Our Benefits Program 

We’re proud to regularly be recognized for our team, product and culture. Our benefits program includes:

• Insurance and benefit options that are built for both individuals and families
• Progressive policies to support work/life balance, like our flexible paid time off and parental leave program 
• High-quality and well-maintained equipment—your computer will never prevent you from doing your best
• Wellness initiatives to ensure both health and mental well-being of our team
• Ongoing education and development opportunities via our Grow@Sprout program and employee-led diversity, equity, and inclusion initiatives.
• Growing corporate social responsibility program that is driven by the involvement and passion of our team members
• Beautiful, convenient, and state-of-the-art offices in Chicago’s Loop and downtown Seattle, for those who prefer an office setting

Whenever possible, Sprout wants to provide our team with the flexibility to work in the location that makes the most sense for them. Sprout maintains a remote workforce in many places in the United States. However, we are not set up in all states, so please look at the drop-down box in our application to see whether your state is listed. Few roles require an office setting. If your position requires a physical presence in a Sprout office, it will be evident in the job listing and your offer letter.

Individual base pay is based on various factors, including work location, relevant experience and skills, the responsibility of the role, and job duties/requirements. In the United States, we have two geographic pay zones. For this role, our current base pay ranges for new hires are:

• Zone 1 (New York, California, Washington): $81,048 (min), $101,300 (mid), $121,572 (max) USD annually       
• Zone 2 (All other US states): $73,700 (min), $92,100 (mid), $110,500 (max) USD annually

The listed ranges represent the full earning potential in this position. Starting salaries for well-qualified new hires are typically around the midpoint of the range. These ranges were determined by a market-based compensation approach; we used data from trusted third-party compensation sources to set equitable, consistent, and competitive ranges. We also evaluate compensation bi-annually, identify any changes in the market and make adjustments to our ranges and existing employee compensation as needed.

Base pay is only one element of an employee's total compensation at Sprout. Every Sprout team member has an opportunity to receive restricted stock units (RSUs) under Sprout’s equity plan. Employees (and their dependents) are covered by medical, dental, vision, basic life, accidental death, and dismemberment insurance, and Modern Health (a wellness benefit).  Employees are able to enroll in Sprout’s company’s 401k plan, in which Sprout will match 50% of your contributions up to 6% with a maximum contribution. Sprout offers “Flexible Paid Time Off” and ten paid holidays. We have outlined the various components to an employee’s full compensation package here to help you to understand our total rewards package.

Sprout Social is proud to be an Equal Opportunity Employer. We do not discriminate based on identity- race, color, religion, national origin or ancestry, sex (including sexual identity), age, physical or mental disability, pregnancy, veteran or military status, unfavorable discharge from military service, genetic information, sexual orientation, marital status, order of protection status, citizenship status, arrest record or expunged or sealed convictions, or any other legally recognized protected basis under federal, state, or local law. Because Sprout Social is a federal contractor, we affirmatively recruit individuals with a disability and protected veterans. Learn more about our commitment to diversity, equity and inclusion in our latest DEI Report.

If you require a reasonable accommodation for any part of the interview process or to submit your application, please email us at accommodations@sproutsocial.com. Include the nature of your request and your preferred contact information. We'll do everything we can to support your success during our recruitment process while upholding your privacy. Please note that only inquiries regarding accommodations will receive a response from this email address; other inquiries will not be addressed (e.g., you send your resume but are not requesting an accommodation). 

For more information about our commitment to equal employment opportunity, please click here (1) Equal Opportunity Employment Poster and (2) Sprout Social's Affirmative Action Statement. 

When you apply for employment with Sprout Social, we will process your job applicant data, including your employment and education history, transcript, writing samples, and references as necessary to consider your job application for open positions. Your personal data will be shared with Greenhouse Software, Inc., and Crosschq, Inc., cloud services providers located in the United States of America and engaged by Sprout Social to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, by clicking “Submit Application” on this site, you consent to the transfer of your personal data to the United States. For more information about our privacy practices please visit our Privacy Policy. California residents have additional rights and should review the Additional Disclosures for California Residents section in our Privacy Policy.

Additionally, Sprout Social participates in the E-Verify program in certain locations, as required by law. 

#LI-REMOTE