Compliance Program Manager
This position helps ensure that the company remains in compliance with SaaS industry regulations and certifications. This position reports to the Compliance Director and works with various organizations at the company to help implement and maintain standards, policies, plans, processes, procedures, and other activities as required to meet corporate regulatory requirements. This position will manage compliance projects, tracks compliance activities, develops reports, tracks metrics, conducts testing of internal controls, and performs internal self-assessments and audits. This position will occasionally interface with Third Party Assessment Organizations and certification Project Management Offices in support of external assessments and audits.
This role will be responsible for, but not limited to, these activities –
- Engages with a variety of SailPoint teams in the activity required to maintain controls required of these certifications.
- Compliance representative on teams responsible for engineering design and development of cloud based products and services.
- Manages and conducts on-going assessment of those departments, processes and procedures within scope of the certifications; responsible for summarizing and reporting results of these self-assessments to SailPoint Management.
- Monitors and maintains established SailPoint Certification Program documentation required to support continual certification activity within SailPoint.
- Responsible for actively monitoring and reporting remediation activity required to address identified gaps in the SailPoint System Security Plan.
- Direct management responsibility for generating and updating of the SailPoint Plans of Action and Milestones (POA&M).
- Aids in the Identification of security risks and development of risk treatment plans.
- Provides recommendations for improving the organization’s operations.
- Evaluates and provides reasonable assurance that risk management, controls and the governance systems are functioning as intended and will enable the organization’s objectives and goals to be met.
- Maintains positive and open communication with SailPoint management and teams across Cloud Development & Operation as well as corporate IT and Security.
- Interfaces with outside parties in support of external audits and assessments.
- Work with SailPoint management to ensure plans are in place to deal with compliance problems when they occur and before certifications are jeopardized.
- Assist Management to identify, implement, and maintain appropriate security and compliance measures.
- Leverage dashboards or platform specific consoles and repositories associated with certifications to represent threats and vulnerabilities in the environment.
- As required, assists in the effort required to provide FedRAMP agency authorization for SailPoint services.
This position will require a general working knowledge of the processes and procedures required to develop, test, promote, manage, distribution, support and secure SailPoint cloud based products and service.
- 5-7 years of experience as a compliance manager and/or IT auditor
- Experience with 800-53 controls, ISO 27001, SOC 2 Trust Service Principles, SSAE16 SOC, FedRAMP, PCI or similar compliance frameworks
- Project management experience
- General knowledge of IT systems, DevOps, IT security.
- General knowledge of SaaS SDLC.
- Well-versed in legal and regulatory guidelines and best practices
- Technical systems knowledge – especially in the arears of access control and logging
- Strong analytical skills
- Strong attention to detail
- Ability to maintain confidentiality
- Ability to build strong relationships across cross-functional teams
- Strong technical writing and research skills
- Excellent communication, coordination and negotiation skills
Any of the following certifications are a plus:
- CISA, CIA, CISSP, PMP
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.