Third Party Risk Analyst

Position Overview

• Location Type: Onsite
• Job Type: Full time
• Salary: Not specified

SailPoint’s Cybersecurity organization is seeking a Third-Party Risk Analyst with a passion for cybersecurity and protecting the organization. The successful candidate will work on maturing third party risk services in the Cybersecurity organization to manage/review the security requirements of our vendors. This role will work with an established team of talented and dedicated GRC teammates to achieve our security objectives. Our new analyst will join a growing and capable GRC team of both emerging and established talent. The ideal candidate will have a high passion for security, innovation, and problem-solving and the ability to work well within a team. This potential team member will be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. They will embrace new challenges and will be a positive contributor to an already positive work culture and environment. This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders, including our fantastic colleagues in the Cybersecurity, IT, Procurement, Legal and beyond. This role will be a vital member of the CISO team and will be based out of Mexico.

Responsibilities

• Develop and manage the end-to-end third-party risk management program for the Cybersecurity team which includes managing security risks associated with working with our suppliers and third parties.
• Perform ongoing risk assessments of SailPoint’s third-party relationships to identify, validate and remediate risks.
• Develop third party risk management processes such as questionnaires in accordance with SailPoint’s risk management framework.
• Support ongoing monitoring of SailPoint’s third-party relationships to review compliance with regulatory requirements.
• Partner and collaborate with internal stakeholders such as procurement, IT and other businesses to successfully manage the third-party risk program including pre and post contract activities.
• Manage a consistently growing portfolio of vendors to help maintain visibility into the risk landscape of the organization's third parties.
• Assist in continuous strategic planning activities for the cybersecurity organization.
• Regularly meet with compliance to collaborate on compliance activities, control recommendations, and provide assistance with audit activities.
• Maintain documentation on processes and procedures in accordance with standards, regulations, and industry best practices.
• Contribute to the development and improvement of processes as well as policies and procedures to ensure our third-party risk program is aligned to regulatory requirements globally.
• Maintain understanding of emerging trends in information security threats and risks.

Requirements

• More than 5 years of related work experience working in the Cybersecurity space.
• Suggested certifications: CISSP, CISA, CISM, CRISC or other relevant certifications.
• Strong English language fluency.
• Strong understanding of industry frameworks and best practices (e.g., NIST, ISO, FAIR, OWASP, CIS).
• Experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP.
• Excellent analytical and problem-solving skills.
• Excellent communication skills (verbal and written), ability to influence without authority.
• Demonstrated teamwork and collaboration skills, in leading or contributing to multi-functional teams.
• Detail oriented, organized, methodical, follow up skills with an analytical thought process.
• Ability to manage time independently while handling multiple projects concurrently.
• Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines.

Company Information

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gen