Audit Security and Control Compliance Analyst

The Audit Security and Control Compliance Analyst will be responsible for assisting SailPoint in achieving and maintaining its compliance objectives with respect to government compliance frameworks in the U.S. and abroad. This role will support efforts related to SailPoint’s FedRAMP Authorized cloud service offerings, StateRAMP, the Cybersecurity Maturity Model Certification (CMMC), IRAP and other compliance initiatives as required. The nature of this position requires collaboration and partnership with teams across the organization, at all levels with varying levels of technical acumen, as well as contact with outside client representatives, vendors, auditors, and other business-related representatives.

Within the first month:

You will be trained on internal SailPoint processes and products and join other analysts on audit calls. Within 4-7 weeks, you will have introductions as a point of contact for external audit firms and familiarize yourself with different departments like support, product management, development, and sales on behalf of the customer. You will have demonstrated responsiveness and accountability to internal stakeholders and external auditors. 

Within 3 months:

You will have become a main point of contact for CMMC and IRAP compliance and audit inquires. You will be able to answer general questions in relation to different SailPoint offerings in both commercial and FedRAMP. You will actively assist and/or lead audit interviews with technical teams to meet different audit framework requirements.

Within 1 year:

You will become the subject matter expert with respect to SailPoint’s compliance in government frameworks such as FedRAMP, StateRAMP, CMMC, and IRAP. You will have built positive working relationships with technical teams across all lines of business requiring compliance guidance in previously mentioned frameworks. You will be able to manage both internal and/or external compliance engagements with minimal supervision.

Key Responsibilities:

• Act as one of SailPoint’s subject matter experts regarding U.S. and international government information security requirements and compliance objectives.
• Collaborate with interdisciplinary teams on scoping, work breakdown, critical path analysis, time projections, project risks, and quality assurance.
• Advise and assist technical resources from Engineering, CyberSecurity, IT, and DevOps in the design, implementation, assessment, and maintenance of security controls to ensure technical solutions meet requirements.
• Support SailPoint in maintaining compliance with its Continuous Monitoring (ConMon) objectives.
• Serve as a trusted interface between SailPoint and public sector oversight entities (FedRAMP PMO, StateRAMP PMO, agency partners, external auditors, etc.).
• Assist in the management and execution of annual assessment activities such as evidence collection, control interviews, report review, and debrief.
• Update and maintain key security compliance documentation such as policies, procedures, the System Security Plan, and the Plan of Action & Milestones.
• Contribute to the development of new programs and documents supporting upcoming and developing compliance objectives in the public sector such as CMMC and potentially other duties as it relates to the compliance program.

Requirements: 

• Proven track record working in security compliance, security consulting, government auditing or similar role.
• Practical experience (at least a year) designing, supporting, advising, and/or assessing the implementation of security controls for a FedRAMP authorized system derived from NIST 800-53.
• Understanding of core cloud computing concepts and cloud services architecture (Amazon Web Services).
• Strong written, verbal communication and presentation skills.  Ability to partner with stakeholders across a breadth of technicality from engineers to customers to senior leadership.
• Ability to learn quickly in a fast paced and changing environment.
• Due to the nature of this role’s responsibilities, U.S. citizenship is a requirement.

Preferred:

• Bachelor’s degree in relevant field.
• Demonstrated experience supporting certification programs for the U.S. public sector, specifically FedRAMP. CMMC experience a plus.
• Experience with other control frameworks such as NIST 800-171, IRAP, ISO 27001/02, SOC 2 a plus.
• Experience working for a Cloud Service Provider or in professional services a plus
• Certifications such as CISA, CIA, CISSP, PMP

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD):

Base salaries for employees based in other locations are competitive for the employee’s home location.

Benefits Overview

1. Health and wellness coverage: Medical, dental, and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children

5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.