Sr. GRC Analyst

About The Position

Requirements

• 3–4+ years in information security, risk, or compliance.
• Prior FedRAMP operational support experience.
• FedRAMP authorization and sustainment experience: develop/maintain SSP, POA&M, IR/Contingency/Configuration Management plans, and related artifacts.
• Strong understanding of FISMA; NIST RMF (SP 800 37) and NIST SP 800 53 Rev. 5; familiarity with the Cloud Computing SRG.
• FedRAMP Continuous Monitoring experience: vulnerability scanning/analysis, POA&M updates, and monthly/annual reporting.
• Cloud security across AWS, Google Cloud, and Azure with working knowledge of networking (IPsec, firewalls, routing, addressing); ability to apply FedRAMP control requirements to cloud services.
• Knowledge of security control frameworks and audits (NIST 800 53, ISO 27001/27002, SOC 2, SOX, PCI DSS, HIPAA); control design/testing and evidence management.
• Customer facing experience: responding to security questionnaires, RFPs, and customer audits/due diligence with clear written and verbal communication.
• Process automation: interest and experience automating GRC/compliance workflows, evidence collection, and reporting (e.g., within GRC platforms and via integrations/scripts).
• Vendor risk management experience across the third party lifecycle (intake, due diligence, risk rating, contract/security terms review, remediation, and periodic reviews).

Responsibilities

• Create and maintain core FedRAMP security artifacts (SSP, POA&M, checklists/templates); develop Significant Change Request documentation and support related assessments.
• Apply FedRAMP, NIST SP 800 53, and NIST SP 800 37 RMF to cloud environments; support control implementation and evidence.
• Support monthly/annual FedRAMP continuous monitoring; assist with vulnerability identification/mitigation and POA&M tracking; monitor and maintain in scope asset inventory.
• Manage and support audit engagements (SOC 2, ISO 27001, C5, SOX, PCI DSS, HIPAA).
• Assist with vendor risk management activities: intake, due diligence assessments, risk rating, contract/security terms review, remediation tracking, and periodic reviews.
• Drive GRC process automation to streamline evidence collection, control testing, workflows, and reporting using the GRC platform and integrations.
• Respond to customer security questionnaires, RFPs, and due diligence requests; Coordinate evidence and liaise with SMEs, assessors, and customers.
• Manage the control and process libraries; assist the business in implementing internal controls; document, assess, and remediate issues from audits and risk assessments.
• Contribute to meetings by preparing agendas, documenting minutes, and tracking follow up actions; assist with management of Sprinklr security standards/policies and maintain GRC repositories (Confluence, shared drives).

Benefits

• We offer a comprehensive suite of benefits designed to help each member of our team thrive.
• Sprinklr believes that you should be able to get the type of care you need for your personal well-being when you need it. We offer you and your family voluntary healthcare coverage in countries where applicable.
• We believe it is important to take time off – it is essential for your mental and physical wellbeing. We provide Sprinklrites with paid time off to recharge and spend time with loved ones.
• Our open Mentoring Program is designed to create meaningful connections that support growth and amplify our focus.
• US-based Sprinklr employees are eligible for a highly competitive benefits package as well, which demonstrates our commitment to our employees’ health, well-being, and financial protection.
• The US-based benefits include a 401k plan with 100% vested company contributions, flexible paid time off, holidays, generous caregiver and parental leaves, life and disability insurance, and health benefits including medical, dental, vision, and prescription drug coverage.