Sr. GRC Analyst

Sprinklr is the definitive, AI-native platform for Unified Customer Experience Management (Unified-CXM), empowering brands to deliver extraordinary experiences at scale — across every customer touchpoint. 

By combining human instinct with the speed and efficiency of AI, Sprinklr helps brands earn trust and loyalty through personalized, seamless, and efficient customer interactions. Sprinklr’s unified platform provides powerful solutions for every customer-facing team — spanning social media management, marketing, advertising, customer feedback, and omnichannel contact center management — enabling enterprises to unify data, break down silos, and act on real-time insights. 

Today, 1,900+ enterprises and 60% of the Fortune 100 rely on Sprinklr to help them deliver consistent, trusted customer experiences worldwide. 

The Sr. Governance, Risk, and Compliance (GRC) Analyst plays a key role in supporting the organization’s security and compliance programs across multiple frameworks. This position assists with maintaining security documentation, supporting security audits, and coordinating with internal teams, external assessors, and customers. Responsibilities include contributing to FedRAMP activities, handling customer security questionnaires and due‑diligence requests, advancing process automation within the GRC program, and supporting vendor risk management to strengthen the organization’s overall security posture.  As this is a global organization, the Sr. GRC Security Analyst may occasionally be asked to attend meetings or respond to requests outside of normal respective office hours. 

Responsibilities:

• Create and maintain core FedRAMP security artifacts (SSP, POA&M, checklists/templates); develop Significant Change Request documentation and support related assessments.
• Apply FedRAMP, NIST SP 800 53, and NIST SP 800 37 RMF to cloud environments; support control implementation and evidence.
• Support monthly/annual FedRAMP continuous monitoring; assist with vulnerability identification/mitigation and POA&M tracking; monitor and maintain in scope asset inventory.
• Manage and support audit engagements (SOC 2, ISO 27001, C5, SOX, PCI DSS, HIPAA).
• Assist with vendor risk management activities: intake, due diligence assessments, risk rating, contract/security terms review, remediation tracking, and periodic reviews.
• Drive GRC process automation to streamline evidence collection, control testing, workflows, and reporting using the GRC platform and integrations.
• Respond to customer security questionnaires, RFPs, and due diligence requests;
• Coordinate evidence and liaise with SMEs, assessors, and customers.
• Manage the control and process libraries; assist the business in implementing internal controls; document, assess, and remediate issues from audits and risk assessments.
• Contribute to meetings by preparing agendas, documenting minutes, and tracking follow up actions; assist with management of Sprinklr security standards/policies and maintain GRC repositories (Confluence, shared drives).

Qualifications:

• 3–4+ years in information security, risk, or compliance.
• Prior FedRAMP operational support experience.
• FedRAMP authorization and sustainment experience: develop/maintain SSP, POA&M, IR/Contingency/Configuration Management plans, and related artifacts.
• Strong understanding of FISMA; NIST RMF (SP 800 37) and NIST SP 800 53 Rev. 5; familiarity with the Cloud Computing SRG.
• FedRAMP Continuous Monitoring experience: vulnerability scanning/analysis, POA&M updates, and monthly/annual reporting.
• Cloud security across AWS, Google Cloud, and Azure with working knowledge of networking (IPsec, firewalls, routing, addressing); ability to apply FedRAMP control requirements to cloud services.
• Knowledge of security control frameworks and audits (NIST 800 53, ISO 27001/27002, SOC 2, SOX, PCI DSS, HIPAA); control design/testing and evidence management.
• Customer facing experience: responding to security questionnaires, RFPs, and customer audits/due diligence with clear written and verbal communication.
• Process automation: interest and experience automating GRC/compliance workflows, evidence collection, and reporting (e.g., within GRC platforms and via integrations/scripts).
• Vendor risk management experience across the third party lifecycle (intake, due diligence, risk rating, contract/security terms review, remediation, and periodic reviews).

Please note: We are unable to consider applicants who require visa sponsorship or work authorization support for this role. Candidates must have current and unrestricted work authorization in the country where the role is based.

We focus on our mission: Sprinklr was founded in 2009 to solve a big problem: growing enterprise complexity that separated brands from their customers. Our vision was clear: to unify fragmented teams, tools and data — helping large organizations build deeper, more meaningful connections with the people they serve. Today, Sprinklr has a unified, AI-native platform for four product suites: Sprinklr Service, Sprinklr Social, Sprinklr Marketing, and Sprinklr Insights. Sprinklr is here to do three things: 

• Lead a new category of enterprise software that we call Unified-CXM. 

• Empower companies to deliver next generation, unified engagement journeys that reimagine the customer experience. 

• Create a culture of customer obsession, with trust, teamwork, and accountability.

We believe in our product: Customers who value exceptional customer experiences have what they need on our single unified platform, built with an operating system approach on a single codebase. That means that everything — and everyone — can work together to service, respond, sell, and market to customers on the channels they prefer. While Unified Customer Experience Management (Unified-CXM) as a category is just getting started, we are well on our way to creating a no-compromise, unified approach to better customer experiences for the world’s leading enterprise brands. 

We invest in our people: We offer a comprehensive suite of benefits designed to help each member of our team thrive. Sprinklr believes that you should be able to get the type of care you need for your personal well-being when you need it. We offer you and your family voluntary healthcare coverage in countries where applicable. We believe it is important to take time off – it is essential for your mental and physical wellbeing. We provide Sprinklrites with paid time off to recharge and spend time with loved ones. We want to grow our talent with purpose. Our open Mentoring Program is designed to create meaningful connections that support growth and amplify our focus. 

To learn more about employee benefits by region, click here. 

To learn more about all-things-Sprinklr, visit our candidate resource hub here. 

EEO - Our philosophy: Our goal is to ensure every employee feels like they belong and are operating in a collaborative environment. We fervently believe every employee matters and should be respected and heard. We believe we are stronger when we belong because collectively, we’re more innovative, creative, and successful.  

Sprinklr is proud to be an equal-opportunity workplace and complies with all applicable federal, state, and local fair employment practices laws. We are committed to equal employment opportunity regardless of race, color, religion, creed, national origin or ancestry, ethnicity, sex (including gender, pregnancy, sexual orientation, and gender identity), age, physical or mental disability, citizenship, past, current, or prospective service in the uniformed services, genetic information, or any other characteristic protected under applicable law. 

Reasonable accommodations are available upon request during the interview process. To request an accommodation, please work directly with your recruitment coordinator or recruiter. 

JOB REQ COMPENSATION RANGE

The base salary range for this role is shown above. At Sprinklr, base pay depends on multiple individualized factors, including experience, qualifications, job-related knowledge and skills, and geographic location. Base pay is only one part of our competitive Total Rewards package: the successful candidate may also be eligible to participate in Sprinklr’s discretionary bonus plan, commission plan, and/or equity plan, depending on role.

US-based Sprinklr employees are eligible for a highly competitive benefits package as well, which demonstrates our commitment to our employees’ health, well-being, and financial protection. The US-based benefits include a 401k plan with 100% vested company contributions, flexible paid time off, holidays, generous caregiver and parental leaves, life and disability insurance, and health benefits including medical, dental, vision, and prescription drug coverage.

Warning about Recruiting Scams: Please be vigilant for recruiting scams impersonating Sprinklr. Sprinklr will never ask you for money, to pay for equipment, or for unnecessary personal information during the interview process. Sprinklr will also never pay in Bitcoin or send email communications from our executives. Please review the Federal Trade Commission's advice to avoid these types of scams.  

If you are contacted by someone whom you suspect may not be appropriately representing Sprinklr, please do not engage and block their email or phone number immediately.