SailPoint is seeking a Sr. Cybersecurity Resilience Analyst with demonstrated competence and thought leadership capability to contribute towards the success of our Strategy and Risk service. As a provider of both SaaS and enterprise software for some of the world’s most prestigious organizations, SailPoint strives for best-in-class security. This analyst will play a key role in driving maturity for the Cybersecurity’s business continuity and resilience program to align to industry best practices and strengthen SailPoint’s resilience goals. This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders while driving the continuous improvements for our Resiliency program. Our new analyst will join an existing, capable team of both emerging and established talent. They’ll have the opportunity to shape and drive SailPoint's control and compliance activities. They’ll already be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. They will embrace new challenges and will be a positive contributor to an already positive work culture and environment. This role will be a vital member of the CISO team and will be based out of United States. Responsibilities: - Develop, implement, and maintain SailPoint’s resiliency program, including response plans, procedures, and protocols that align with industry best practices and organizational needs - Design, facilitate, and evaluate resiliency exercises and simulations of increasing complexity to validate plans, build team capabilities, and identify improvement opportunities - Conduct Business Impact Analyses (BIAs) to map critical business processes, system dependencies, and recovery time objectives/ recovery point objectives (RTOs/RPOs) in line with SailPoint’s processes - Build and maintain relationships with key stakeholders across SailPoint to support cross-functional response capabilities and ensure alignment with business objectives - Lead and facilitate cyber-resilience exercises such as failover simulations, recovery validation tests, load/stress assessments, and cyberattack tabletop scenarios - Contribute to the continuous improvement of the company's overall resilience posture through regular program assessments and implementation of best practices Requirements: - 5 plus years of hands-on experience in business continuity, disaster recovery, operational risk, or cyber resilience, with a demonstrated track record of leading technical continuity and recovery initiatives across complex, global environments - Suggested certifications: CISSP, CISA, CISM, CRISC or other relevant certifications - Strong English language fluency - Strong understanding of industry frameworks and best practices (e.g., NIST, ISO, FAIR, OWASP, CIS) - Strong experience with compliance frameworks such as ISO27001, SOC2, and FedRAMP - Excellent analytical and problem-solving skills - Excellent communication skills (verbal and written), ability to influence without authority. - Demonstrated teamwork and collaboration skills, in leading or contributing to multi-functional teams. - Detail oriented, organized, methodical, follow up skills with an analytical thought process. - Ability to manage time independently while handling multiple projects concurrently. Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint. As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD): $87,400 - $147,264.00Base salaries for employees based in other locations are competitive for the employee’s home location. Benefits Overview 1. Health and wellness coverage: Medical, dental, and vision insurance 2. Disability coverage: Short-term and long-term disability 3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D) 4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children 5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account 6. Financial security: 401(k) Savings and Investment Plan with company matching 7. Time off benefits: Flexible vacation policy 8. Holidays: 8 paid holidays annually 9. Sick leave 10. Parental support: Paid parental leave 11. Employee Assistance Program (EAP) and Care Counselors 12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options 13. Health Savings Account (HSA) with employer contribution SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law. Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact applicationassistance@sailpoint.com or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.

• Own and execute user access management, including provisioning and deprovisioning across AWS, O365, HRIS, SaaS platforms, and databases). • Implement and maintain least-privilege RBAC, access control matrices, and entitlement catalogs. • Administer identity and access systems, including IdP/SSO integrations (SAML, OAuth) and SCIM provisioning. • Enforce privileged access management (PAM), multi-factor authentication (MFA), separation of duties, and key/secret rotation. • Conduct recurring access reviews (quarterly and annual) across systems. • Maintain provisioning workflows and track SLA performance for onboarding/offboarding. • Monitor, triage, and investigate security alerts. • Support incident response activities. • Perform audit trail and log reviews (SIEM, CloudTrail, O365 logs) and track remediation. • Support SOC 2, HIPAA, and HITRUST audits, including evidence collection and remediation tracking. • Maintain and update security policies, standards, and procedures.

• Support implementation and oversight of security controls in accordance with federal requirements and contract obligations • Monitor compliance with government security standards and contractual security obligations • Assist with system security planning, documentation, and authorization activities • Support risk assessments, vulnerability management, and remediation tracking • Coordinate security activities across technical, operational, and program teams • Maintain security artifacts such as: System Security Plans (SSPs), Security assessment reports, POA&Ms and risk registers, Incident response and contingency documentation • Support audits, inspections, and security reviews conducted by government stakeholders, OIG, or third parties • Assist with security incident identification, reporting, and response coordination • Provide security guidance and awareness to project teams and stakeholders • Prepare status reports, briefings, and documentation for government review

• Serve as a senior subject matter expert and program lead for the Governance, Risk, and Compliance (GRC) function supporting federal information systems • Oversee enterprise GRC and RMF programs, ensuring consistency across multiple system authorizations and enclaves • Direct the risk management process, ensuring risk identification, quantification and treatment strategies align with federal and agency guidance • Lead assurance activities, validating that control implementations meet the intent of NIST 800-53 Rev.5 requirements • Govern SSP and POA&M quality, establishing standards, templates and review checkpoints across systems • Oversee cloud service provider assessments, ensuring proper inheritance of FedRAMP controls and shared responsibilities • Provide leadership for privacy and data governance, ensuring integration of PIA activities into RMF documentation • Develop and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure compliance and risk health • Drive adoption of GRC automation, Continuous Controls Monitoring (CCM) and compliance analytics • Serve as primary point of contact during audits, IG reviews and authorization package evaluations • Mentor analysts and guide cross-functional teams on risk-informed decision-making and RMF optimization