Job Description – Director, Cyber Product Security Overview SailPoint’s Cybersecurity organization is seeking a leader with a passion for cybersecurity and protecting the organization. The successful candidate will serve as our Director of Cyber Product Security and will lead a team of security engineers who collaborate with stakeholders across the organization. Their mission is to secure technology platforms developed by SailPoint, including customer-facing platforms, as well as software platforms developed primarily for internal business purposes. We’re seeking a leader with proven technical capabilities and experience leading people and teams. They are accustomed to achieving objectives through the leadership of others as well as working in a highly collaborative environment. The Director will be responsible for addressing all dimensions of product cyber security – people, process, and technology – to achieve our objectives. The new Director of Product Security will lead an existing and capable team of both emerging and established talent. The chosen candidate will help shape our strategy and future in collaboration with the rest of the Cyber leadership team, and will also collaborate with SailPoint’s Engineering Security team, Information Technology, Marketing and other internal stakeholders. Central to SailPoint’s product security program will be the implementation of a shared security model that impacts all software developed by SailPoint. Under this shared security model, the Product Security team is responsible for multiple key areas affecting product security, collaborating with the Engineering Security team on areas of mutual responsibility, as well as providing specific security services related to product security. The Director will have the opportunity to shape our future through process and technology optimization, capability acquisition and development, and maturation of our existing activities. They’ll already be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. They will embrace new challenges and will be a positive contributor to an already positive work culture and environment. This is a challenging and impactful role where you will have the opportunity to work with both internal and external stakeholders, drive the continuous improvements of our security program, contribute meaningfully to the security of the global cyber ecosystem, and serve as an ambassador for SailPoint to our customers and the public. This role reports directly to the Deputy CISO and can be remote or based in Austin, TX. Key Responsibilities - Develop and lead the Cyber Product Security team in alignment with business goals and regulatory requirements. - Build and mentor a high-performing team of cyber product security architects, engineers, and software security specialists. - Lead Cyber Product Security’s collaboration with Engineering Security on the establishment and maturation of product security standards, secret management standards, architecture patterns and threat modeling practices, as well as resilient product technology frameworks. - Collaborate with Engineering Security to integrate security tooling and practices into SailPoint’s SDLC and CI/CD pipelines, including the adoption of security automation, SBOM tooling, and AI coding security practices. - Provide SAST/SCA, DAST, IAST, and SBOM support for software platforms developed for internal SailPoint use cases. - Provide threat modeling, penetration testing services for software platforms developed for internal SailPoint use cases. - Collaborate with Engineering Security on penetration testing of SailPoint’s customer-facing platforms, as well as coordinate all requests for customer-performed penetration tests of SailPoint’s platform. - Lead Product Security Incident Response Team (PSIRT) activities across all software products developed by SailPoint, including customer-facing, as well as internally-focused software platforms. - Lead SailPoint’s bug bounty program, requests for CVE’s for SailPoint’s products, as well as questions from 3rd party vendors and customers on product security issues. - Collaborate with Engineering Security to implement developer security training on topics including secure coding practices, open source licensing policies, and AI-coding policies and standards. - Develop a program to validate that product security policies, standards, and procedures are implemented by all SailPoint teams developing SailPoint software platforms. - Monitor emerging threats, technologies, and compliance trends to proactively evolve the security posture of all software developed by SailPoint. - Collaborate with SailPoint’s Legal, Compliance, and GRC teams to ensure alignment with global regulations, standards and certifications. - Define and track KPIs to measure program effectiveness and maturity. Key Requirements - 7+ years in leadership roles, preferably in product or application security. - Experience with secure software development practices and tools. - Experience with regulatory frameworks (e.g., NIST, ISO 27001, GDPR). - Strategic Vision & Execution - Ability to define and communicate a clear vision for product security and resilience aligned with enterprise goals. - Influence & Collaboration – Demonstrable experience building strong partnerships across an organization to drive secure-by-design culture. - Technical Leadership - Understanding of product security issues, modern software development including multi-cloud architectures, Kubernetes, and software bill of materials (SBOM). - Manage entire lifecycle of security researcher findings, customer reported security questions, issues, incidents, associated CVE’s. - Change Management – Experience leading organizational change initiatives to embed security and resilience into product development lifecycles. - Experience building relationships with software engineering teams, including managing mature product security including final security reviews, and, risk-driven product scoring/metrics. - Talent Development - Demonstrable experience building high-performing teams through coaching, mentoring, and career development. - Risk-Based Decision Making – Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure. - Executive Communication – Experience communicating complex technical concepts and ongoing program updates clearly to non-technical stakeholders and executive leadership. - Knowledge of artificial intelligence software security frameworks is preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework. Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint. As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD): $163,200 - $275,176.00Base salaries for employees based in other locations are competitive for the employee’s home location. Benefits Overview 1. Health and wellness coverage: Medical, dental, and vision insurance 2. Disability coverage: Short-term and long-term disability 3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D) 4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children 5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account 6. Financial security: 401(k) Savings and Investment Plan with company matching 7. Time off benefits: Flexible vacation policy 8. Holidays: 8 paid holidays annually 9. Sick leave 10. Parental support: Paid parental leave 11. Employee Assistance Program (EAP) and Care Counselors 12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options 13. Health Savings Account (HSA) with employer contribution SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law. Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact applicationassistance@sailpoint.com or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.

Utbildning: Informationssäkerhetssamordnare Utbildningskod: INFD26LIN Utbildningsnummer: YH03090-2026-1 Ort: Linköping Studieform: Distans Studietakt: Helfart Kurs: Systematiskt och riskbaserat informationssäkerhetsarbete Antal YH-poäng: 30 yhp Max antal deltagare: 40 stycken Lärarledd tid vid distansutbildning: Vecka: 46-51 Närträff: Nej Antal timmar lärarledd tid via videolänksystem: 36 stycken Totalt antal timmar: 36 stycken Jämnt fördelat över perioden enligt överenskommelse med Utbildningsledare Utbildningsledare: Anneli Polstam I länkarna nedan finns viktig information att ta del av inför ansökan om kursansvar hos oss på TUC Yrkeshögskola. Praktisk information - Ansöka om kursansvar Praktisk information - Uppdraget att utbilda på TUC PRELIMINÄR KURSPLAN Systematiskt och riskbaserat informationssäkerhetsarbete, 30 yh-poäng Utbildning: Informationssäkerhetssamordnare, 325 yhp Utb.nummer och omgång: YH03090-2026-1 Kursens omfattning: 35 yhp Version: 1 Valbar kurs: Ej valbar Undervisningsspråk: Svenska Förkunskapskrav: Inga Innehåll Kursen behandlar systematiskt och riskbaserat arbetssätt inom informationssäkerhet, inklusive identifiering, analys och hantering av informationsrisker. Kursen behandlar även utveckling av säkerhetsstrategier, policys och åtgärder samt prioritering av resurser utifrån risknivåer. Kursen leder till specialiserade kunskaper om riskhantering inom informationssäkerhet och ger färdigheter i att analysera och planera säkerhetsåtgärder på ett strukturerat sätt, vilket är tillämpligt i yrkesrollen som Informationssäkerhetssamordnare. Utbildningsmoment Risk- och sårbarhetsanalyser (RSA) Hotbilds- och sårbarhetsidentifiering Policy- och åtgärdsutveckling Riskbaserad prioritering och styrning Rapportering och dokumentation av risker Lärandemål Efter genomförd kurs med godkänt resultat ska den studerande ha: Kunskaper att: - Redogöra för principerna bakom systematiskt och riskbaserat arbete inom informationssäkerhet. - Beskriva olika typer av säkerhetsrisker och hotbilder. - Förklara hur riskanalyser påverkar prioritering av åtgärder. - Redogöra för metoder och verktyg för riskidentifiering och riskbedömning. Färdigheter i att: - Utföra teoretiska hotbilds- och riskanalyser. - Använda metoder för att strukturera säkerhetsstrategier och policys. - Tillämpa riskbedömningar för prioritering av säkerhetsåtgärder. - Identifiera säkerhetsbrister och föreslå relevanta åtgärder. Kompetens att: - Självständigt analysera och föreslå säkerhetsåtgärder utifrån identifierade risker. Former för kunskapskontroll Den studerandes kunskaper och färdigheter bedöms utifrån resultatet av följande kunskapskontroller: • Kursens lärandemål : Skriftlig tentamen (IG/G/VG) • Kursens lärandemål: Inlämningsuppgifter med fallstudier/Case (IG/G/VG) Vid särskilda pedagogiska behov kan anpassning av kunskapskontrollerna göras. Efter ordinarie tillfälle har den studerande rätt till ytterligare två omprov eller kompletteringar. Om den studerande kan styrka giltig frånvaro från kunskapskontroll enligt anordnarens anvisningar ersätts tillfället. Kursbetyget baseras på en sammanvägning av samtliga bedömningsunderlag. När betyget godkänt uppnåtts på en kunskapskontroll beviljas inga omprov för högre resultat.

• Discover, investigate and track advanced cyber intrusions and document findings • Enhance understanding of tools and malware through reverse engineering • Develop tools to automate analysis tasks and tracking of threat actors • Create host-based and network-based signatures suited for large-scale hunting, detection, and tracking of threats • Produce high-quality, actionable intelligence reporting • Collaborate with our interdisciplinary team to coordinate adversary and campaign tracking, and to provide support to teams developing mitigation strategies and responding to incidents

About impact.com impact.com is the world’s leading commerce partnership marketing platform, transforming the way businesses grow by enabling them to discover, manage, and scale partnerships across the entire customer journey. From affiliates and influencers to content publishers, brand ambassadors, and customer advocates, impact.com empowers brands to drive trusted, performance-based growth through authentic relationships. Its award-winning products—Performance (affiliate), Creator (influencer), and Advocate (customer referral)—unify every type of partner into one integrated platform. As consumers increasingly rely on recommendations from people and communities they trust, impact.com helps brands show up where it matters most. Today, over 5,000 global brands, including Walmart, Uber, Shopify, Lenovo, L’Oréal, and Fanatics, rely on impact.com to power more than 225,000 partnerships that deliver measurable business results. Your Role at impact.com: As an L2 Security Analyst, you move beyond the "what" and into the "how" and "why." You will handle escalated incidents that require deep technical dives and proactive measures. You are expected to be a self-starter who can manage complex security projects independently, specifically focusing on our SASE/SSE architecture and advanced Cloud environments. What You'll Do: - Advanced Investigation: Lead deep-dive forensics for escalated alerts from L1, determining the root cause and scope of breaches. - Threat Hunting: Conduct proactive threat hunting missions across AWS and Google Cloud to find "living off the land" attackers. - Infrastructure Security: Manage and optimize SASE/SSE policies to ensure secure access for our remote workforce. - Secure SDLC: Partner with DevOps to integrate security scanning and best practices into the SDLC. - AI Implementation: Lead the implementation of AI/Machine Learning models for predictive threat detection and behavioral analysis. What You Bring: - Experience: 2-5 + years of dedicated experience in a SOC or Incident Response role. - Cloud Mastery: Proven experience securing and auditing Google Cloud and AWS environments. - Advanced Tooling: Expertise in configuring SIEM correlation rules and fine-tuning AV/EDR policies to reduce false positives. - Independence: Proven ability to work independently, managing long-term security projects with minimal supervision. - Education: Knowledge of both Red Team (offensive) and Blue Team (defensive) methodologies to better anticipate adversary moves. Benefits and Perks: - Flexible Working: Our Responsible PTO policy means you can take the time off you need to rest and recharge. We're committed to a positive work-life balance and provide a flexible environment that allows you to be happy and fulfilled in both your career and your personal life. - Health and Wellness: Your well-being is a priority. Our mental health and wellness benefit includes up to 12 fully covered therapy/coaching sessions per year, with additional dependent coverage. We also offer a monthly gym reimbursement policy to support your physical health. - A Stake in Our Growth: We offer Restricted Stock Units (RSUs) as part of our total compensation, giving you a stake in the company's growth with a 3-year vesting schedule, pending Board approval. - Investing in Your Growth: We’re committed to your continuous learning. Take advantage of our free Coursera subscription and our PXA courses. - Parental Support: We offer a generous parental leave policy, 26 weeks of fully paid leave for the primary caregiver and 13 weeks fully paid leave for the secondary caregiver. - Technology Financial Support: We provide a technology stipend to help you set up your home office and a monthly allowance to cover your internet expenses impact.com is proud to be an equal opportunity workplace. All employees and applicants for employment shall be given fair treatment and equal employment opportunity regardless of their race, ethnicity or ancestry, color or caste, religion or belief, age, sex (including gender identity, gender reassignment, sexual orientation, pregnancy/maternity), national origin, weight, neurodivergence, disability, marital and civil partnership status, caregiving status, veteran status, genetic information, political affiliation, or other prohibited non-merit factors.