Information Security Compliance Program Analyst at SailPoint
This position will help ensure that the company remains in compliance with current Information Security assessments. This position will be responsible for continuous evaluation of the design and effectiveness of IT controls based upon industry best-practice models in accordance with compliance requirements. This position reports to the Compliance Manager and works with various organizations within the company to help implement, monitor and maintain standards, policies, plans, processes, procedures, and other activities as required to meet corporate regulatory requirements. The candidate should demonstrate enthusiasm and interest in Information Security, have a passion for collaborating with various resources across multiple departments. This position will manage compliance projects, track compliance activities, develop reports, track metrics, conduct testing of internal controls, and performs internal self-assessments and audits. This position may occasionally interface with Third Party Assessment Organizations and certification Project Management Offices in support of external assessments and audits.
This role will be responsible for, but not limited to, these activities:
- Assist Management to identify, implement, and maintain appropriate security and compliance measures.
- Monitors and maintains established SailPoint Certification Program documentation required to support continual Information Security assessment activities within SailPoint.
- Engages with a variety of SailPoint teams in the compliance activities required to maintain information security controls required of these assessments.
- Manages and conducts on-going assessment of those controls, departments, processes and procedures within scope of the certifications; responsible for summarizing and reporting results of these self-assessments to SailPoint Management.
- Interfaces with outside parties in support of external audits and assessments.
- Maintain appropriate records
- Work with SailPoint management to ensure plans are in place to deal with compliance problems when they occur and before certifications are jeopardized.
- Provides recommendations for improving the organization’s operations.
- Tracks remediation activities and provides compliance support related to non-compliance issues.
- Assist or lead in the development, maintenance, and revision of policies, standards, procedures, work instructions, and guidelines of information security compliance programs and related activities
- Stay abreast of legal and regulatory changes that could impact our policies
- Aids in the Identification of security risks and development of risk treatment plans.
- Assist with closing out items identified in the Company risk register and improvement action log.
- Evaluates and provides reasonable assurance that risk management, controls and the governance systems are functioning as intended and will enable the organization’s objectives and goals to be met.
- As required, assists in the effort required to provide and maintain FedRAMP agency authorization for SailPoint services.
- As required, assists with monitoring and reporting remediation activity required to address identified gaps in the SailPoint System Security Plan.
- Maintains positive, and open communication and productive relationships with peers and management in IT and the business function.
- Completes project tasks within time planned.
- Provides status updates on audit and compliance items to management.
- Other job duties as required as a part of the Compliance team.
- This position will require a general working knowledge of the processes and procedures required to develop, test, promote, manage, distribution, support and secure SailPoint cloud based products and services (both on-prem and cloud based).
- Minimum of 3-4 years of experience in the past 5 years as a compliance manager and/or IT auditor
- US Citizenship required
- An active security clearance or the ability to obtain one may be required for this role.
- Experience with SOC 2, ISO 27001, NIST, CMMC or PCI or similar compliance frameworks
- Project management experience
- General knowledge of IT systems, DevOps, IT security.
- General knowledge of SaaS SDLC.
- Well-versed in legal and regulatory guidelines and best practices
- Technical systems knowledge – especially in the arears of access control and logging
- Strong analytical skills
- Strong attention to detail
- Ability to maintain confidentiality
- Ability to build strong relationships across cross-functional teams
- Strong technical writing and research skills
- Excellent communication, coordination skills
- CISA, CIA, QSA, CISSP, PMP certifications a plus
SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.