Compliance Auditor

The Compliance Auditor supports SailPoint’s initiatives to obtain, maintain, and/or adhere to numerous SaaS certifications, industry best practices, and regulatory requirements. You will play a key role in cross-functional efforts to test, implement, and maintain controls and the policies, standards, workflows, and other documents as mandated by these requirements. This position may occasionally interface with Third Party Assessment Organizations in support of external assessments and activities.

 Within the first month:

• You will be trained on SailPoint products and services, as well as Compliance’s responsibilities, resources, internal processes, and key stakeholders
• You will familiarize with required ISO, SOC, C5 or similar framework controls and SailPoint specific controls to prepare for internal and external audits.

Within 3 months:

• You support routine Compliance activities, demonstrating familiarity with SailPoint product environments as well as their relevant controls, business processes, and stakeholders.
• You will have been exposed to current state efforts and deliverables and will begin assuming ownership of Compliance projects and initiatives.

Within 6 months-1 year:

• You have established yourself as the point-of-contact for your portfolio:
  • You lead the planning, preparation, and on-time completion of audit projects per our quality standards, consistently providing proactive status updates
  • You provide clear audit findings to management, document their responses, and track progress against their recommendations
• You set and promote high standards of work and support the team’s continuous improvement and maturity
  • You suggest beneficial changes to audit methodologies and procedures, actively contributing to our team’s continued maturity and progress
     

Overall Responsibilities
A Compliance Auditor’s portfolio typically includes the below responsibilities, in addition to other team responsibilities that may emerge:

Compliance Program Baseline

• Maintaining and developing effective working relationships with numerous internal teams to maintain controls for assessment certifications.
• Manage and triage escalations for timely resolution and without impact to certifications
• Evaluate and provide assurance that risk management, controls and governance systems are functioning in alignment with SailPoint’s objectives and goals
• Identify, implement, and maintain appropriate security and compliance measures in line with emerging risks, technology, or industry best-practice
• Manage the audit process, including documentation preparation and communication with external auditors.
• Overseeing and maintaining an organization's compliance with both SOC (1,2,3) and ISO standards, ensuring alignment with industry standards through regular assessments, policy development, employee training, and audit preparation to achieve and sustain certification across both compliance regimes. 
• Analyze audit reports and develop remediation plans to address identified gaps

Project Portfolio

• SailPoint Certification Program: You will monitor and maintain the documentation required to support continued certification activity
• Product Design: You will serve as the Compliance representative on engineering project teams designing and developing of cloud-based products and services.
  • You will facilitate and maintain on-going these teams’ self-assessment, including review of applicable processes and procedures for each certification
  • You summarize and report the self-assessment results to SailPoint Management.
• Security Plan: You will actively monitor, track, and report progress on remediations addressing identified gaps in the SailPoint System Security Plan.
  • You support efforts to identify and remediate security risks and develop cross-functional risk treatment plans.
  • You provide recommendations to improve SailPoint’s workflows, processes, and operations.

This position will require a general working knowledge of the processes and procedures required to develop, test, promote, manage, distribute, support and secure SailPoint cloud-based products and services.
 

Requirements

Must have-

• 3-4 years of experience as a compliance analyst and/or IT auditor AND
• Minimum 1 year experience with leading ISO audits independently with emphasis on the following competencies-

• Well-versed in compliance guidelines and best practices
  • Demonstrable understanding of corporate governance, documentation requirements and best practices, and evaluating documents against control requirements
• Audit Methodology
  • Planning, scoping and implementation, including knowledge and proficiency about internal controls

  • Strong understanding of SOC 2 and ISO 27001 frameworks, including control requirements and audit processes

  • Risk Identification and analysis methodologies and best practice
  • Experience with SOC 1 Type 2, SOC 2 Type 2, ISO27001, ISO 27017, ISO 27018, ISO 27701, ISO 9001, PCI, C5, IRAP or similar compliance frameworks
• Familiarity with technical systems requirements, particularly: access control and logging.
  • General knowledge of IT systems, DevOps, IT security, AWS/Azure, GRC tools
  • General knowledge of SaaS SDLC.

• Soft Skills
  • Strong analytical skills
  • Attention to detail
  • Ability to maintain confidentiality
  • Strong technical writing and research skills
  • Excellent interpersonal communication, coordination, and negotiation skills
  • Project management experience

Any of the following certifications are a plus:

• CISA, CIA, CISSP, PMP

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD):

$50,540 - $72,200 - $93,860

Base salaries for employees based in other locations are competitive for the employee’s home location.

Benefits Overview

1. Health and wellness coverage: Medical, dental, and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children

5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.