Grc Analyst

**Job Title**: GRC Analyst (U.S. Time Zone Support)
**Location**: Based in KL
**Time Zone**: U.S. Central or Eastern Time Zone (Full Coverage Required)

**About Us**:
At Sitecore, our mission is to simplify how brands reach, engage, and serve people by delivering intelligent, personalised digital experiences that connect the world. We empower the world’s most iconic brands to build lifelong relationships with their customers—seamlessly, smartly, and at scale.

As the leading provider of agentic digital experience software, Sitecore brings together content, commerce, and data into one composable platform that enables brands to deliver millions of meaningful, adaptive experiences every day. Trusted by global leaders such as American Express, Porsche, Starbucks, and L’Oréal, Sitecore helps brands transform engagement through experiences that are not only personalised but predictive and dynamic.

Our foundation is our people—a diverse, passionate, and collaborative global team spanning over 25 countries. We believe that every experience matters, and that belief starts with how we work together. Our values—empathy, accountability, clarity, and growth—guide how we lead, innovate, and connect. They are the behavior's that bring our mission and vision to life, every day, in every interaction.

**About the Role/ The Opportunity**:
We are looking for a detail-oriented and proactive GRC (Governance, Risk, and Compliance) Analyst to join our team. This role will be based in Kuala Lumpur and will support operations aligned with U.S. Central or Eastern time zones. The GRC Analyst will work closely with and support GRC Manager and the CISO, contributing to the day-to-day execution of compliance programs, audit preparation, risk assessments, and overall security governance efforts. This is a hands-on role, ideal for someone who thrives in a collaborative, fast-paced environment and is passionate about security, compliance, and risk management.

**What You’ll Do**:
**Governance & Compliance**
- Support the implementation and maintenance of compliance programs aligned with frameworks such as ISO 27001, SOC 2, HIPAA, PCI DSS, GDPR, TISAX, NIST, and IRAP.
- Assist in maintaining and updating security policies, procedures, and controls to ensure alignment with regulatory requirements.
- Conduct compliance reviews to identify gaps and assist in defining remediation actions.
- Monitor changes in regulatory requirements and provide input into compliance strategy and updates.

**Audit Support**
- Collaborate with internal stakeholders to coordinate audit-related activities, including evidence collection, documentation preparation, and status reporting.
- Maintain audit calendars, track deliverables, and ensure readiness for internal and external audits.

**Risk Management**
- Support periodic risk assessments, helping to identify, document, and track technology and process risks.
- Maintain the risk and findings register, ensuring items are regularly updated and monitored for progress.

**Cross-Functional Collaboration**
- Work closely with teams across Engineering, Product, Legal, Procurement, and Enterprise Technology to support compliance initiatives and ensure timely completion of action items.
- Provide ongoing support and clarity to teams on compliance tasks and expectations.

**Reporting & Documentation**
- Assist in preparing and delivering status reports, dashboards, and metrics on GRC activities for leadership and stakeholders.
- Ensure that compliance documentation is consistently updated and centrally stored (e.g., SharePoint, Confluence).

**What You Need to Succeed**
- Bachelor’s degree in information technology, Cybersecurity, or a related field.
- Familiarity with industry standards and frameworks such as ISO 27001, SOC 2, HIPAA, GDPR, PCI DSS, NIST, and others.
- 3-5 years of experience in a GRC, risk management, audit support, or compliance role in a technology-driven environment.
- Strong attention to detail, organizational skills, and ability to manage multiple tasks.

**What You Need to Succeed**
- Experience working across global teams and time zones is a plus.
- Certifications such as CISA, CRISC, or ISO 27001 Lead Implementer/Auditor are a plus.
- Comfortable using Microsoft 365 tools (e.g., Outlook, Teams, Excel, SharePoint) and collaboration platforms.

Sitecore is proud to be an equal opportunity workplace. We are committed to equal employment opportunity without unlawful regard to race, color, ancestry, religion, gender, national origin, sexual orientation, age, citizenship, marital status, disability, veteran status or any other local legally protected characteristic.

**How we hire**

At Sitecore, we put a lot of care and time into who we hire. We believe that in order to build the best products, we need to build high impact teams. Our recruitment process centers around what we call the Life Story interview, a conversational-style interview where we get to learn more about you.