Cybersecurity Governance Analyst

About the role

SailPoint is seeking a Governance Analyst to contribute towards the success of our GRC service. This analyst will play a key role in driving the maturity of our Cybersecurity's governance program to align with industry best practices and strengthen SailPoint's governance goals. To excel, the position requires a person: Who is a strong communicator with excellent written and verbal skills, capable of influencing without authority. Who can learn quickly, manage time independently, and is eager to develop new skills in a fast-paced environment. Who demonstrates a methodical, detail-oriented, and organized approach to analytical problem-solving. Who will embrace new challenges and contribute positively to our collaborative team culture, embodying SailPoint's values of Individual, Impact, Innovation, and Integrity.

Responsibilities

• Enable SailPoint's Cybersecurity governance activities such as documenting policies, standards and procedures as well as assessing policy effectiveness and compliance.
• Build Cybersecurity documentation, ensuring alignment with applicable laws, regulations, policies, and standards, as well as industry best practices.
• Collaborate with Cybersecurity, IT and Engineering teams to manage and maintain security documentation to align with industry frameworks and overall Cybersecurity and business strategy.
• Facilitate timely execution of Cybersecurity GRC team deliverables and collaborate across the different services for successful delivery.
• Utilize GRC tools to manage policy content used across SailPoint.
• Support internal & external Audit readiness/requests and work collaboratively with internal Compliance teams.
• Support GRC services with emerging, new, and existing Cybersecurity laws, frameworks, and regulations.
• The Path to Success (Milestones):
• A successful Governance Analyst will have achieved the following milestones:
• Within 1 Month (The "Learning" Phase):
• Demonstrate a clear understanding of SailPoint's policy stack, internal systems, and documentation repositories.
• Have met with key stakeholders and SMEs across Cybersecurity, IT, and Engineering to understand their roles and documentation needs.
• Be able to navigate core GRC tools and know where to find existing policies and standards.
• Within 2 Months (The "Connecting" Phase):
• Begin independently conceptualizing and drafting at 2-3 new policy documents based on requests.
• Establish a strong working relationship with the senior architect and other team members, actively contributing to team meetings.
• Solidify an understanding of the content creation workflow and begin taking on specific documentation tasks with mentorship.
• Within 3 Months (The "Contribution" Phase):
• Work collaboratively with senior team members on the content update cycle for existing documentation.
• Take ownership of and restart the policy enforcement project by presenting an initial vision and plan for data gathering.
• Be fully ramped and operate independently within the core GRC tools and content creation processes.
• Within 6 Months (The "Performance" Phase):
• Independently manage the full lifecycle of content creation, from drafting new policies and standards to executing the update cycle for existing documents.
• Drive the policy enforcement project forward, delivering initial metrics and reports on compliance levels to leadership.
• Operate as a fully integrated and self-sufficient member of the GRC team, contributing to ongoing projects and identifying areas for process improvement.
• Education & Qualifications:

Requirements

• 2-3+ years of experience in cybersecurity, compliance, or a related field with a strong focus on technical writing and documentation.
• Excellent written and oral communication skills in English.
• A demonstrated willingness to learn and adapt in a dynamic, technical environment.
• Strong analytical, problem-solving, and organizational skills.
• Experience with compliance frameworks such as ISO 27001, SOC2, and FedRAMP.
• Familiarity with industry best practices and frameworks (e.g., NIST, ISO, CIS).
• Relevant certifications (e.g., CISSP, CISA, CISM, CRISC).
• Travel & Logistics:
• Location: This position is based in Mexico.
• Travel: No regular travel is expected for this role.

Benefits

Additional Information

SailPoint is the undisputed leader in AI-driven identity security. We provide the autonomous governance platform that modern enterprises trust to automate and streamline their identity journey. By marrying deep technical expertise with sharp business acumen, we deliver security solutions that accelerate business forward. We're proud of the culture we've built, and our team has voted us a "Best Place to Work" for 15 consecutive years.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at sailpoint? Share your experience