Third-Party Risk Analyst

SailPoint is the leader in identity security for the cloud enterprise. Our identity security solutions secure and enable thousands of companies worldwide, giving our customers unmatched visibility into the entirety of their digital workforce, ensuring workers have the right access to do their job - no more, no less.
SailPoint is seeking an experienced Third-Party Risk Analyst with demonstrated competence and thought leadership capability to contribute towards the success of our risk assessment and advisory service. As a provider of both SaaS and enterprise software for some of the world's most prestigious organizations, SailPoint strives for best-in-class security.
The Third-Party Risk analyst will play a crucial role in improving our enterprise's risk posture through building a Third-Party Risk program and will be responsible for ensuring that SailPoint's Third Party Risk service conforms to industry best practices. This role would be leading and supporting all third-party vendor security reviews for SailPoint
The ideal candidate will have a high passion for security, innovation, and problem-solving and the ability to work well within a team, participate in security assessments and audits. They will be highly collaborative, analytical, and comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences in terms of risk. This role will be a vital member of the CISO team and will be based out of our Mexico Office.
Responsibilities:

• Develop and manage the end-to-end Third-Party Risk Management Program within SailPoint's Office of Cybersecurity which includes managing business, security and compliance risks associated with working with our suppliers and third parties.
• Perform ongoing risk assessments of SailPoint's third-party relationships to identify, validate and remediate risks.
• Develop third party risk management processes such as questionnaires in accordance with SailPoint's Risk Management framework.
• Support ongoing monitoring of SailPoint's third-party relationships to review compliance with regulatory requirements.
• Partner and collaborate with internal stakeholders such as procurement, IT and other businesses to successfully manage the third-party risk program including pre and post contract activities
• Manage a consistently growing portfolio of vendors to help maintain visibility into the risk landscape of the organization's most critical third parties.
• Regularly provide management third party risk management metrics
• Assist in continuous strategic planning activities for the cybersecurity organization.
• Regularly meet with compliance to collaborate on compliance activities, control recommendations, and provide assistance with audit activities.
• Maintain documentation on processes, procedures in accordance with standards, regulations, and industry best practices. Contribute to the development and improvement of processes as well as policies and procedures to ensure our third-party risk program is aligned to regulatory requirements globally.
• Keep up to date with the latest security and technology developments.
• Maintain understanding of emerging trends in information security threats and risks.

Requirements:

• Strong understanding of industry frameworks and best practices (e.g., NIST, ISO, FAIR, OWASP, CIS).
• Experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP.
• Experience with governance, third-party risk assessments, controls, and reporting.
• Excellent analytical and problem-solving skills.
• Excellent communication skills (verbal and written), ability to influence without authority.
• Demonstrated teamwork and collaboration skills, in leading or contributing to multi-functional teams.
• Detail oriented, organized, methodical, follow up skills with an analytical thought process.
• Innovative and efficiency focused with the ability to formalize program governance, processes, report templates, and metrics.
• Ability to manage time independently while handling multiple projects concurrently. Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines.
• Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into stakeholder-friendly language.
• Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
• Ability to work effectively with both local and remote staff, teammates, and managers.

Preferred:

• Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field
• 2-3 years of related work experience working in Security, Risk, and compliance.
• Preferred certifications: CISSP, CISA, CISM, CRISC or other relevant certifications.

SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.