At Qualtrics, we create software the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. But we are more than a platform—we are the creators and stewards of the Experience Management category serving over 18K clients globally. Building a category takes grit, determination, and a disdain for convention—but most of all it requires close-knit, high-functioning teams with an unwavering dedication to serving our customers.\n

 

\n

When you join one of our teams, you’ll be part of a nimble group that’s empowered to set aggressive goals and move fast to achieve them. Strategic risks are encouraged and complex problems are solved together, by passing the mic and iterating until the best solution comes to light. You won’t have to look to find growth opportunities—ready or not, they’ll find you. From retail to government to healthcare, we’re on a mission to bring humanity, connection, and empathy back to business. Join over 5,000 people across the globe who think that’s work worth doing.

\n

 

\n

GRC Analyst, Security - Provo

\n

 

\n

Why We Have This Role

\n

We create software that the world’s best brands use to deliver exceptional frontline experiences, build high-performing teams, and design products people love. Serving over 20,000 clients globally, we are more than a platform—we are the creators and stewards of the Experience Management category. This GRC Security Analyst role is essential to maintaining and advancing our governance, risk, and compliance posture amid rapid growth and evolving regulatory landscapes. You will collaborate closely with cross-functional teams including legal, security, product, and compliance to identify, assess, and mitigate risks, ensuring Qualtrics meets rigorous security certifications and regulatory requirements. Your work will directly impact how we protect our customers and enable trusted innovation.

\n

How You’ll Find Success

\n\nManage and maintain compliance with industry standards such as FedRAMP, ISO 27001, SOC 2, HITRUST, and emerging AI governance frameworks.\nTake initiative to understand complex compliance frameworks and work entrepreneurially to implement effective controls.\nCommunicate clearly and influence stakeholders across teams to build trust and alignment.\nApply strong analytical skills to assess risks and develop actionable remediation plans.\nCollaborate effectively with legal, security, product, and customer teams.\nNavigate and support external audits, customer audits and certification processes.\nDemonstrate ownership of governance processes and continuous improvement.\n\n

How You’ll Grow

\n\nDeepen expertise in commercial and/ federal security compliance programs which can include ISO 27001, TISAX, FedRAMP High, IRAP and others.\nExpand leadership and project management skills through cross-team initiatives and audit coordination.\nGain exposure to AI security and privacy compliance aligned with NIST AI Risk Management Framework.\nDevelop advanced skills in risk assessment, supplier risk management, and security assurance.\n\n

Things You’ll Do

\n\nLead, assist and coordinate internal and external security audits and assessments to achieve and maintain certifications.\nAnalyze and interpret regulatory requirements across multiple frameworks and translate them into actionable compliance programs.\nPartner with product and engineering teams to ensure security controls meet customer and regulatory expectations.\nMonitor and report on remediation progress and compliance metrics.\nSupport customer security reviews, questionnaires, and risk assessments.\nDrive continuous improvement through automation in GRC processes, tools, and documentation.\n\n

What We’re Looking For On Your Resume

\n\nBachelor’s degree in IT, Information Systems, or related discipline.\n1-3 years of experience in governance, risk, and compliance roles within information security.\nExperience with IT security assessments, control testing, and compliance programs such as FedRAMP Moderate/High, PCI and SOC 2.\nFamiliarity with other assessments such as ISO 27001, HITRUST, SSAE18, Protected B, SOX, or TISAX is a plus.\nProven ability to work cross-functionally and influence without direct authority.\nStrong written and verbal communication skills.\nProject management experience managing partner expectations and audit schedules.\nRelevant security certifications are a plus, such as SSCP, Security+, CISSP, CISM, CIPP, or CISA.\nExperience with AI models is a plus.\n\n

What You Should Know About This Team

\n\nThe GRC team is a collaborative, high-performing group dedicated to protecting Qualtrics and its customers through proactive risk management and compliance.\nWe work closely with legal, security, product, and customer success teams, as well as external auditors and partners.\nThe team embraces strategic risk-taking and continuous learning.\nYou will be positioned as a key enabler of business success through security assurance and compliance excellence.\n\n

Our Team’s Favorite Perks and Benefits

\n\nAccess to ongoing professional development, certifications, and security training.\nHybrid work model with purposeful in-office collaboration days.\nInclusive culture committed to diversity, equity, and belonging.\nCompetitive health, wellness, and financial benefits.\nFrequent team events, creative office spaces, and a strong emphasis on work/life integration.\n\n \nThe Qualtrics Hybrid Work Model: Our hybrid work model is elegantly simple: we all gather in the office three days a week; Mondays and Thursdays, plus one day selected by your organizational leader. These purposeful in-person days in thoughtfully designed offices help us do our best work and harness the power of collaboration and innovation. For the rest of the week, work where you want, owning the integration of work and life.\n \nQualtrics is an equal opportunity employer meaning that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other protected characteristic.\n​​​​​​​\nApplicants in the United States of America have rights under Federal Employment Laws:Family & Medical Leave Act,Equal Opportunity Employment,Employee Polygraph Protection Act\n \nQualtrics is committed to the inclusion of all qualified individuals. As part of this commitment, Qualtrics will ensure that persons with disabilities are provided with reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please let your Qualtrics contact/recruiter know.\n \nNot finding a role that’s the right fit for now? Qualtrics Insiders is the one-stop shop for all things Qualtrics Life. Sign up for exclusive access to content created with you in mind and get the scoop on what we have going on at Qualtrics - upcoming events, behind the scenes stories from the team, interview tips, hot jobs, and more. No spam - we promise! You'll hear from us two times a month max with fresh, totally tailored info - so be sure to stay connected as you explore your best role and company fit.\n