Senior GRC Analyst, Security - Reston

About the position At Qualtrics, we create software the world's best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers. When you join one of our teams, you'll be part of a nimble group that's empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the mic and iterating until the best solution comes to light. You won't have to look to find growth opportunities—ready or not, they'll find you. From retail to government to healthcare, we're on a mission to bring humanity, connection, and empathy back to business. Join over 5,000 people across the globe who think that's work worth doing. This Senior GRC Security Analyst role is essential to maintaining and advancing our governance, risk, and compliance posture amid rapid growth and evolving regulatory landscapes. You will collaborate closely with cross-functional teams including legal, security, product, and compliance to identify, assess, and mitigate risks, ensuring Qualtrics meets rigorous security certifications and regulatory requirements. Your work will directly impact how we protect our customers and enable trusted innovation.

Responsibilities

• Lead the Development and deployment of a comprehensive Security Risk Management program within Qualtrics.
• Apply strong analytical skills to assess risks and develop actionable remediation plans.
• Manage and maintain compliance with industry standards such as FedRAMP, ISO 27001, SOC 2, HITRUST, and emerging AI governance frameworks.
• Take initiative to understand complex compliance frameworks and work entrepreneurially to implement effective controls.
• Communicate clearly and influence stakeholders across teams to build trust and alignment.
• Collaborate effectively with legal, security, product, and customer teams.
• Navigate and support external audits, customer audits and certification processes.
• Demonstrate ownership of governance processes and continuous improvement.

Requirements

• Bachelor's degree in IT, Information Systems, or related discipline.
• 5-9 years of experience in governance, risk, and compliance roles within information security.
• Experience running a risk management program, including risk assessments, treatment, and monitoring.
• Experience with IT security assessments, control testing, and compliance programs such as FedRAMP Moderate/High, PCI and SOC 2.
• Familiarity with other assessments such as ISO 27001, ISO 27005, HITRUST, SSAE18, Protected B, SOX, or TISAX is a plus.
• Proven ability to work cross-functionally and influence without direct authority.
• Strong written and verbal communication skills.
• Project management experience managing partner expectations and audit schedules.
• Relevant security certifications are a plus, such as SSCP, Security+, CISSP, CISM, CIPP, or CISA.
• Experience with AI Risk management practices is a plus.

Benefits

• Access to ongoing professional development, certifications, and security training.
• Hybrid work model with purposeful in-office collaboration days.
• Inclusive culture committed to diversity, equity, and belonging.
• Competitive health, wellness, and financial benefits.
• Frequent team events, creative office spaces, and a strong emphasis on work/life integration.

Apply tot his job Apply To this Job