Sr. Cybersecurity Controls Analyst

SailPoint is seeking a Sr. Cybersecurity Controls Analyst to contribute to the success of our Office of Cybersecurity (GRC) service. This role involves driving control assessments and compliance programs with applicable standards, requirements, and policies. The analyst will conduct audits, automate evidence collection, and support compliance with emerging and existing cybersecurity laws and frameworks. This challenging role offers the opportunity to work with internal and external stakeholders, continuously improving the GRC program within a positive work culture and environment.

Must Have

• Conduct controls assessments, including kickoff to final deliverables across compliance frameworks
• Conduct audits of controls to ensure controls are effective and identify areas for improvement
• Lead assessment interviews, audits, testing, and coordinate evidence requests
• Automate evidence collection within SailPoint GRC tooling
• Work in collaboration with our compliance team to support Cybersecurity’s audit requirements
• Have a deep understanding of and be able to translate requirements, map controls frameworks and maintain knowledge repository of audit and compliance processes
• Support compliance with emerging, new, and existing Cybersecurity laws/frameworks/regulations
• Support internal & external audit readiness
• Support and lead compliance processes and capability improvements
• Regularly meet with compliance to collaborate on compliance activities, control recommendations, and lead audit activities
• Maintain documentation on processes, procedures in accordance with standards, regulations, and industry best practices
• More than 5 years of related work experience working in the Cybersecurity space
• Strong understanding of industry frameworks and best practices (e.g., NIST, ISO, FAIR, OWASP, CIS)
• Related experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP

Good to Have

• Suggested certifications: CISSP, CISA, CISM, CRISC or other relevant certifications

SailPoint is seeking a Sr. Cybersecurity Controls Analyst with demonstrated competence and thought leadership capability to contribute towards the success of our Office of Cybersecurity (GRC) service. As a provider of both SaaS and enterprise software for some of the world’s most prestigious organizations, SailPoint strives for best-in-class security.

This analyst will play a key role driving Cybersecurity’s control assessments and compliance program with applicable standards, requirements, and policies. This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders while driving the continuous improvements for our GRC program.

Our new analyst will join an existing, capable team of both emerging and established talent. They’ll have the opportunity to shape and drive SailPoint's control and compliance activities. They’ll already be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. They will embrace new challenges and will be a positive contributor to an already positive work culture and environment.

This role will be a vital member of the CISO team and will be based out of Mexico

Responsibilities:

• Conduct controls assessments, including kickoff to final deliverables across our compliance frameworks
• Conduct audits of controls to ensure controls are effective and identify areas for improvement
• Lead assessment interviews, audits, testing, and coordinate evidence requests
• Automate evidence collection within SailPoint GRC tooling
• Work in collaboration with our compliance team to support Cybersecurity’s audit requirements
• Have a deep understanding of and be able to translate requirements, map controls frameworks and maintain knowledge repository of audit and compliance processes
• Support compliance with emerging, new, and existing Cybersecurity laws/frameworks/regulations
• Support internal & external audit readiness
• Support and lead compliance processes and capability improvements
• Regularly meet with compliance to collaborate on compliance activities, control recommendations, and lead audit activities
• Maintain documentation on processes, procedures in accordance with standards, regulations, and industry best practices

Requirements:

• More than 5 years of related work experience working in the Cybersecurity space
• Suggested certifications: CISSP, CISA, CISM, CRISC or other relevant certifications
• Strong English language fluency
• Strong understanding of industry frameworks and best practices (e.g., NIST, ISO, FAIR, OWASP, CIS)
• Related experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP
• Excellent analytical and problem-solving skills
• Excellent communication skills (verbal and written), ability to influence without authority.
• Demonstrated teamwork and collaboration skills, in leading or contributing to multi-functional teams.
• Detail oriented, organized, methodical, follow up skills with an analytical thought process.
• Ability to manage time independently while handling multiple projects concurrently. Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines