Compliance Program Analyst

This position helps ensure that the company remains in compliance with SaaS industry regulations and certifications.  This position reports to the Compliance Manager and works with various organizations at the company to help implement and maintain standards, policies, plans, processes, procedures, and other activities as required to meet corporate compliance and regulatory requirements.  This position will manage compliance projects, track compliance activities, develop reports, track various matrices, conduct testing of internal controls, and perform internal self-assessments and audits.  This position may occasionally interface with Third Party Assessment Organizations and certification Project Management Offices in support of external assessments and activities.
Responsibilities
This role will be responsible for, but not limited to, these activities –

• Engages with a variety of SailPoint teams in the activity required to maintain controls required of assessment certifications.
• Compliance representative on teams responsible for engineering design and development of cloud-based products and services.
• Manages and conducts on-going assessment of those departments, processes, and procedures within scope of the certifications; responsible for summarizing and reporting results of these self-assessments to SailPoint Management.
• Monitors and maintains established SailPoint Certification Program documentation required to support continual certification activity within SailPoint.
• Responsible for actively monitoring and reporting remediation activity required to address identified gaps in the SailPoint System Security Plan.
• Aids in the Identification of security risks and development of risk treatment plans.
• Provides recommendations for improving the organization’s operations.
• Evaluates and provides reasonable assurance that risk management, controls and the governance systems are functioning as intended and will enable the organization’s objectives and goals to be met.
• Maintains positive and open communication with SailPoint management and teams across Engineering as well as corporate IT and Security.
• Interfaces with outside parties in support of external audits and assessments.
• Work with SailPoint management to ensure plans are in place to deal with compliance problems when they occur and before certifications are jeopardized.
• Assist Management to identify, implement, and maintain appropriate security and compliance measures.
• Leverage dashboards or platform specific consoles and repositories associated with certifications to represent threats and vulnerabilities in the environment.
• Assist with other Compliance duties/projects as needed.

This position will require a general working knowledge of the processes and procedures required to develop, test, promote, manage, distribute, support and secure SailPoint cloud-based products and service.
Requirements:

• 3-4 years of experience as a compliance analyst and/or IT auditor is a must.
• Experience with SOC (1,2 and 3), ISO27001, ISO 27018, PCI, or similar compliance frameworks is a must.
• FedRAMP, PCI, C5, IRAP or similar compliance frameworks is a must.
• Familiarity with FedRAMP, C5, NIST, IRAP, or similar is preferred.
• Project management experience
• General knowledge of IT systems, DevOps, IT security, AWS/Azure, GRC tools, project management tools, Smartsheet, etc.
• General knowledge of SaaS SDLC.
• Well-versed in compliance guidelines and best practices
• Technical systems knowledge – especially in the areas of access control and logging.
• Strong analytical skills
• Attention to detail.
• Ability to maintain confidentiality.
• Ability to build strong relationships across cross-functional teams.
• Strong technical writing and research skills
• Excellent communication, coordination, and negotiation skills

Any of the following certifications are a plus:

• CISA, CIA, CISSP, PMP