Governance and Risk Analyst (Contractor)

SailPoint

GRC Analyst

SailPoint is seeking an experienced GRC Analyst contractor with demonstrated competence and thought leadership capability to contribute towards the success of our Office of Cybersecurity service. As a provider of both SaaS and enterprise software for some of the world’s most prestigious organizations, SailPoint strives for best-in-class security.

The GRC Analyst will play a crucial role in improving our enterprise’s governance and risk posture through active engagement with SailPoint teams and will be responsible for ensuring that SailPoint’s Governance and Risk service conforms to industry best practices. The GRC Analyst will play a key role in supporting coordination and execution of governance and risk management activities for SailPoint.

The ideal candidate will have a high passion for security, innovation, problem-solving, ability to work well within a team, participate in security assessments/audits and coordinate with compliance. They will be highly collaborative, analytical, and comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences in terms of governance and risk. This role will be a vital member of the CISO team and can be remote or based in Austin, TX.

Responsibilities:

  • Lead risk and issue management process improvement in accordance with SailPoint’s risk management framework.
  • Develop and conduct periodic security risk assessments, threat landscape assessments and maturity assessments to identify security gaps and the level of risk they represent to SailPoint.
  • Assist with implementing governance and policy framework for Cybersecurity
  • Assist with managing the policy, procedure and supporting documentation lifecycle, working with stakeholders across the company.
  • Review and validate the relevant security controls and applicable security & compliance policies for all systems within scope.
  • Develop and implement tools, automation, and practices to better support ongoing GRC services
  • Lead and support processes for risk lifecycle and collaborate with security teams and other SailPoint partner functions to analyze issues, assess risk, develop recommendations, build consensus, and support mitigation activities.
  • Determine if any compensating controls are necessary due to inability to comply with primary control requirements. Facilitate and help determine compensating controls when needed.
  • Lead and support improvement of governance and risk/issue metrics
  • Assist in continuous strategic planning activities for the cybersecurity organization.
  • Regularly meet with compliance to collaborate on compliance activities, control recommendations, and provide assistance with audit activities
  • Educate control owners on security policies/standards to improve our security posture.
  • Maintain documentation on processes, procedures in accordance with standards, regulations, and industry best practices
  • Keep up to date with the latest security and technology developments
  • Maintain understanding of emerging trends in information security threats and risks
  • As needed, provide oncall support on, and not limited to, after hours and weekends such as in the event of unscheduled incident response efforts

Requirements:

  • Strong understanding of industry frameworks and best practices (e.g., NIST, ISO, FAIR, OWASP, CIS)
  • Experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP
  • Experience with risk assessments, policies, strategic planning, controls, and reporting
  • Excellent analytical and problem-solving skills
  • Excellent communication skills (verbal and written), ability to influence without authority
  • Demonstrated teamwork and collaboration skills, in leading or contributing to multi-functional teams
  • Detail oriented, organized, methodical, follow up skills with an analytical thought process
  • Innovative and efficiency focused with the ability to formalize program governance, processes, report templates, and metrics
  • Ability to manage time independently while handling multiple projects concurrently. Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines
  • Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into stakeholder-friendly language
  • Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
  • Ability to work effectively with both local and remote staff, teammates, and managers

Preferred:

  • Bachelor’s degree in Computer Science, IT Security, Information Systems, Engineering, or related field
  • 4 years of related work experience working in GRC space
  • Preferred certifications: CISSP, CISA, CISM, CRISC or other relevant certifications

SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Read Full Description
Confirmed 8 hours ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles