Cybersecurity Governance Architect
Cybersecurity Governance Architect
SailPoint is seeking an experienced Cybersecurity Governance Architect with demonstrated competence and technical leadership capability to contribute towards the success of our governance service. As a provider of both SaaS and enterprise software for some of the world's most prestigious organizations, SailPoint strives for best-in-class security.
The Cybersecurity Governance Architect will play a crucial role in improving our enterprise's governance posture through active engagement with SailPoint teams and will be responsible for ensuring that SailPoint's governance service conforms to industry best practices. The Cybersecurity Governance Architect will play a key role in supporting coordination and execution of security governance activities for SailPoint such as policy and standards management, strategic initiatives.
The ideal candidate will have a passion for cybersecurity, innovation, and problem-solving. The ability to collaborate with cross-functional teams, participate in security assessments and audits are critical to the role. Candidates must be comfortable communicating and driving technical, collaborative, analytical topics. Ability to share governance, risk and compliance topics to technical and non-technical audiences are critical. This role will be a vital member of the Cybersecurity team and can be remote or based in Austin, TX.
Responsibilities:
- Develop a governance strategy for the organization to implement based on regulatory standards, compliance, and industry best practices.
- Collaborate with Cybersecurity, IT and Engineering teams to establish cybersecurity standards, baselines, policies, controls, and architecture designs to align with industry frameworks and business strategy.
- Understand SailPoint architectural patterns to identify gaps, develop control recommendations and design solutions meeting Cybersecurity objectives.
- Document and verify recommended current state controls against internal Cybersecurity policies and standards as well as industry best practices, ensure proper documentation of exceptions to standards and/or recommend mitigating controls.
- Prepare required Cybersecurity documentation, ensuring alignment with applicable laws, regulations, policies, and standards, as well as industry best practices.
- Implement change management processes to socialize and educate on Cybersecurity governance strategy updates such as policies and standards.
- Present technical information to technical and non-technical audiences to ensure business understanding of security controls and recommendations. Present recommendations to various levels within the organization including senior management.
- Design and operationalize governance framework including creating committees and operating models for governance as required.
- Regularly collaborate with Office of Cybersecurity to provide inputs into risk-based strategy improvements to the program.
- Utilize frameworks and regulation guidelines to build policy/ standards/ procedures.
- Support internal & external Audit readiness.
- Utilize GRC tools to create and update security content to be used across SailPoint
- Work cross functionally with audit, legal and compliance to stay updated on indoctrinating regulatory changes and future initiatives and changing IT/security trends.
- Focus on continuous improvement of operational processes and designing innovative and automated functionality for added efficiency.
- Support security governance awareness operations and help maintain knowledge management materials such as Confluence pages, etc.
- Keep up to date with the latest security, emerging changes and impacts pertaining to SailPoint security architecture.
- Maintain comprehensive understanding of external regulatory coalitions and partnerships external to SailPoint.
- Establish architecture capability models aligned with existing architectural frameworks and artifacts.
- Establish methodology to define and measure the current risk posture of the organization.
Requirements:
- Demonstrated experience creating architecture artifacts for the documentation of current and desired state for technology and processes.
- Extensive understanding of industry compliance, regulatory frameworks, and best practices (e.g., NIST, ISO, FAIR, OWASP, CIS).
- Experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP et al.
- Experience with Security governance, GRC, Policy management.
- Experience driving out resolution and mediation between business partners and security teams for identified risks.
- Proven examples of analytical and problem-solving skills in a high paced environment.
- Excellent communication skills (verbal and written), ability to influence without authority.
- Demonstrated teamwork and collaboration skills, in leading or contributing to multi-functional teams.
- Detail oriented, organized, methodical, follow up skills with an analytical thought process.
- Innovative and efficiency focused with the ability to formalize program governance, processes, report templates, and metrics.
- Ability to manage time independently while handling multiple projects concurrently.
- Ability to work in a fast-paced environment, multi-task, switch task, re-prioritize and meet deadlines.
- Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into stakeholder-friendly language.
- Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
- Ability to work effectively with both local and remote staff, teammates, and managers.
Preferred:
- Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field
- 8 years of technical related work experience working in Security Governance, Risk, and compliance.
- Preferred certifications: CISSP, CISA, CISM, CRISC or other relevant certifications.
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.