Security Governance, Risk & Compliance Analyst

UK - Home Based

Applications have closed
About SugarCRM
From the very beginning, SugarCRM had a unique vision: to offer a different kind of Customer Relationship Management (CRM). We pioneered the first commercial open-source CRM platform, and now, more than two decades later, are on a mission to provide products and services that make the hard things easier for sales, marketing and customer service teams. In fact, we help mid-market businesses around the globe reach new levels of performance and predictability by letting our award-winning CRM platform do the work.  Our diverse group of worldwide employees are united and driven by a shared passion for our mission, culture, and values. We treat our employees like humans not line items and are building a culture where your work at Sugar helps fuel personal, professional and business growth – check out our recent ‘Great Place to Work’ certification that we are so proud of. Work/life fit and flexibility for our team matters and together we pride ourselves on solving for our customers, always. What’s more, we empower everyone to do their best work from home, the office, on the road, or anywhere in between.   If you're ready to grow your career and help organizations grow better and faster, you've come to the right place. Find out more about our SugarCRM careers and how you can become a part of our journey. 
The Security Governance, Risk & Compliance Analyst (GRC Analyst) will be responsible for leading the day-to-day governance, risk and compliance (GRC) function as part of the Global Information Security department. The analyst’s role will include the creation, management and effectiveness monitoring of policies, standards, procedures and associated controls aligned to frameworks and regulations. The GRC analyst is also tasked with performing risk assessments, assigning ownership of risks to business units, and ensuring those risks are regularly reviewed. The GRC Analyst will play a key part in aligning SugarCRM’s security program with industry standards, ensuring the company operates at a reasonable level of risk, and in turn helping ensure our customers data is kept secure. The GRC Analyst will have, but is not limited to, the following roles and responsibilities:

Impact you will make in the role:

  • Serve as a key governance, risk, and compliance SME for corporate and product information security.
  • Support compliance initiatives including government regulations, privacy law, and security frameworks such as SOC2, ISO27001, NIST and FedRAMP.
  • Define the global security policy, as well as associated standards and procedures.
  • Support the third-party risk management and vendor due diligence programs.
  • Administer the security GRC toolset, including risk register.
  • Co-ordinate risk assessments and internal auditing activities.
  • Interact with business units to ensure risks are managed correctly.
  • Respond to customer requests relating to RFPs and security and privacy diligence information.
  • Work closely with external auditors on certification and attestation activities.

What you will need to succeed:

  • BS degree in computing, information security, or a related field. MS is preferred.
  • 5+ years of information security GRC/audit experience is also acceptable in lieu of a degree.
  • Industry certifications preferred – for example CRISC, CISA, CISM, ISO27001 Lead Auditor.
  • Strong experience working with security and privacy frameworks including SOC2, ISO27001, SCF (Secure Controls Framework), NIST CSF, and NIST 800 Series.
  • Strong experience governing and championing risk management activities in a global organization.
  • Strong experience working with data protection and privacy laws including GDPR, CCPA.
  • Experience working in a cloud-first and remote-first company.
  • Experience using OneTrust, RSA Archer, ServiceNow GRC or equivalent GRC tools.
  • Experience with compliance automation is a plus, for example Drata or Vanta.
  • Highly organized and motivated, with the ability to work independently as a self-starter.
  • Strong communications skills – an ability to communicate complex compliance requirements to business stakeholders and software engineering teams.


We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of dedication, impact, and the ability to thrive in a fluid and collaborative environment. We want you to learn new things in this role, and we encourage you to apply if your experience is close to what we’re looking for. We also know that diversity of background and thought makes for better problem solving and more creative thinking, which is why we're dedicated to adding new perspectives to the team. Benefits and Perks:Beyond a stellar work environment, friendly people, and inspiring work, we have some sweet benefits and perks: - UK Pension Scheme- Private medical and dental insurance- Health &Wellness Reimbursement Program- Unpaid sabbatical leave- Educational Resources - Career & Personal Development Program- Various discount programs (i.e. travel, virtual exercises classes, etc.)- We are a merit-based company with many opportunities to learn, excel and grow your career!
#LI-Remote

Tags: Audits Automation CCPA CISA CISM Cloud Compliance CRISC FedRAMP GDPR Governance ISO 27001 Monitoring NIST Privacy Risk assessment Risk management RSA SOC 2

Perks/benefits: Career development Health care Medical leave Team events Wellness

Regions: Remote/Anywhere Europe
Country: United Kingdom
Job stats:  34  4  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.