Conduct comprehensive risk assessments of third-party SaaS providers, including evaluating security documentation, reviewing evidence, interviewing technical stakeholders, and assessing both control design and operating effectiveness
Analyze user traffic and interactions with external SaaS platforms to identify, assess, and report enterprise security risks
Monitor emerging security trends and proactively align insights with organizational objectives and evolving business needs
Develop, maintain, and enhance operational documentation, dashboards, and reports to support monthly risk trending and project deliverables
Evaluate SaaS technologies and tools for technical, functional, and financial viability, providing actionable recommendations
Collaborate with cross-functional technology and business teams to drive timely execution of security initiatives and risk mitigation efforts
Provide subject matter expertise to Cloud Security programs, including SaaS platforms and cloud application architecture initiatives
Required Technical Skills
Strong knowledge of data classification and data protection solutions
Deep understanding of multi-tenant SaaS environments and associated security risks
Solid grasp of cloud shared responsibility models across IaaS, PaaS, and SaaS
Experience with containerization technologies such as Docker and Kubernetes
Proficiency in identity and access management concepts, including federation protocols (SAML, OIDC)
Familiarity with financial industry standards and regulatory frameworks such as FedRAMP, NIST, CSA, and PCI DSS
Preferred Experience
Experience with SaaS security posture management (SSPM) tools
Knowledge of CASB or SASE solutions
Familiarity with vendor risk management frameworks