Risk Assessment Analyst (Cybersecurity)
SailPoint is seeking an experienced Cybersecurity Risk Analyst with demonstrated competence and thought leadership capability to contribute towards the success of our risk assessment and advisory service. As a provider of both SaaS and enterprise software for some of the world’s most prestigious organizations, SailPoint strives for best-in-class security.
The Cybersecurity Risk Analyst will play a crucial role in improving our enterprise’s risk posture through active engagement with SailPoint teams and will be responsible for ensuring that SailPoint’s risk assessment and advisory service conforms to industry best practices. The Cybersecurity risk analyst will play a key role in supporting coordination and execution of risk management activities for SailPoint including conducting risk assessment and managing the risk register.
The ideal candidate will have a high passion for security, innovation, and problem-solving and the ability to work well within a team, participate in security assessments and audits. They will be highly collaborative, analytical, and comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences in terms of risk. This role will be a vital member of the CISO team and can be remote or based in Austin, TX.
Responsibilities:
Conduct periodic security risk assessments, threat landscape assessments and maturity assessments to identify security gaps and the level of risk they represent to SailPoint.
Organize and maintain the cybersecurity risk registers.
Collaborate with security teams and other SailPoint partner functions to analyze issues, assess risk, develop recommendations, build consensus, and support mitigation activities.
Track, measure, validate and report on risk identification, stakeholder notification, and remediation efforts.
Determine if any compensating controls are necessary due to inability to comply with primary control requirements. Facilitate and help determine compensating controls when needed.
Regularly provide management metrics including status of assessments, issue management, and risk management.
Assist in continuous strategic planning activities for the cybersecurity organization.
Regularly meet with compliance to collaborate on compliance activities, control recommendations, and provide assistance with audit activities.
Educate control owners on security standards to improve our security posture.
Develop risk assessment and issue management processes in accordance with SailPoint’s risk management framework.
Maintain documentation on processes, procedures in accordance with standards, regulations, and industry best practices.
Evaluate third party risks resulting from company’s engagement or use of partners, suppliers, and vendors.
Keep up to date with the latest security and technology developments.
Maintain understanding of emerging trends in information security threats and risks.
Requirements:
Strong understanding of industry frameworks and best practices (e.g., NIST, ISO, FAIR, OWASP, CIS).
Experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP.
Experience with risk assessments, strategic planning, controls, and reporting.
Excellent analytical and problem-solving skills.
Excellent communication skills (verbal and written), ability to influence without authority.
Demonstrated teamwork and collaboration skills, in leading or contributing to multi-functional teams.
Detail oriented, organized, methodical, follow up skills with an analytical thought process.
Innovative and efficiency focused with the ability to formalize program governance, processes, report templates, and metrics.
Ability to manage time independently while handling multiple projects concurrently. Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines.
Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into stakeholder-friendly language.
Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
Ability to work effectively with both local and remote staff, teammates, and managers.
Preferred:
Bachelor’s degree in Computer Science, IT Security, Information Systems, Engineering, or related field
3 years of related work experience working in Security, Risk, and compliance.
Preferred certifications: CISSP, CISA, CISM, CRISC or other relevant certifications.
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.