Senior / Lead GRC Analyst (IGT1 Lanka: Sitecore)

About IGT1 Lanka 

IGT1 Lanka is a rapidly growing offshore technology and talent solutions company based in Port City Colombo. We are a fully owned subsidiary of IGT I Holdings Sweden AB, funded by the three of world’s leading private equity firms; EQT Group, Hg, and TA Associates. We’re also proud to be a sister company of IFS, Sri Lanka’s largest and most established technology company.

At IGT1 Lanka, we partner with global businesses to scale operations, accelerate innovation, and build world-class SaaS platforms through high-quality offshore delivery. Our people-first culture champions diversity, teamwork, and continuous learning, creating an environment where talent thrives.

With a team of over 300 professionals and counting, we are always looking for passionate, skilled individuals who want to make a global impact while being part of something extraordinary.

Through our offshore collaboration model, you'll be embedded within the team of one of our esteemed international clients, contributing directly to high-impact, enterprise-level initiatives.

About the client: Sitecore

Sitecore delivers a composable digital experience platform that empowers the world’s smartest and largest brands to build lifelong relationships with their customers. A highly decorated industry leader, Sitecore is the leading company bringing together content, commerce, and data into one connected platform that delivers millions of digital experiences every day. Thousands of blue-chip companies including American Express, Porsche, Starbucks, L’Oréal, and Volvo Cars rely on Sitecore to provide more engaging, personalized experiences for their customers.

About the role: 

We are looking for a detail-oriented and proactive GRC (Governance, Risk, and Compliance) Analyst to join our team. This role will be based in Sri Lanka and will support operations aligned with U.S. Central or Eastern time zones. The GRC Analyst will work closely with and support two Senior GRC Analysts and the CISO, contributing to the day-to-day execution of compliance programs, audit preparation, risk assessments, and overall security governance efforts.

This is a hands-on role, ideal for someone who thrives in a collaborative, fast-paced environment and is passionate about security, compliance, and risk management.

Key Responsibilities

Governance & Compliance

• Support the implementation and maintenance of compliance programs aligned with frameworks such as ISO 27001, SOC 2, HIPAA, PCI DSS, GDPR, TISAX, NIST, and IRAP.
• Assist in maintaining and updating security policies, procedures, and controls to ensure alignment with regulatory requirements.
• Conduct compliance reviews to identify gaps and assist in defining remediation actions.
• Monitor changes in regulatory requirements and provide input into compliance strategy and updates.

Audit Support

• Collaborate with internal stakeholders to coordinate audit-related activities, including evidence collection, documentation preparation, and status reporting.
• Maintain audit calendars, track deliverables, and ensure readiness for internal and external audits.

Risk Management

• Support periodic risk assessments, helping to identify, document, and track technology and process risks.
• Maintain the risk and findings register, ensuring items are regularly updated and monitored for progress.

Cross-Functional Collaboration

• Work closely with teams across Engineering, Product, Legal, Procurement, and Enterprise Technology to support compliance initiatives and ensure timely completion of action items.
• Provide ongoing support and clarity to teams on compliance tasks and expectations.

Reporting & Documentation

• Assist in preparing and delivering status reports, dashboards, and metrics on GRC activities for leadership and stakeholders.
• Ensure that compliance documentation is consistently updated and centrally stored (e.g., SharePoint, Confluence).

Preferred Skills and Experience: 

• Bachelor’s degree in information technology, Cybersecurity, or a related field.
• Familiarity with industry standards and frameworks such as ISO 27001, SOC 2, HIPAA, GDPR, PCI DSS, NIST, and others.
• 3-5 years of experience in a GRC, risk management, audit support, or compliance role in a technology-driven environment.
• Strong attention to detail, organizational skills, and ability to manage multiple tasks.
• Experience working across global teams and time zones is a plus.
• Certifications such as CISA, CRISC, or ISO 27001 Lead Implementer/Auditor are a plus.
• Comfortable using Microsoft 365 tools (e.g., Outlook, Teams, Excel, SharePoint) and collaboration platforms.

Work Conditions  

• This role requires full coverage of U.S. Central or Eastern time zone hours. 

• Occasional flexibility may be needed to support urgent compliance or audit activities.