Job Description
Responsibilities
Assess SaaS applications and third-party vendors for security, risk, and compliance posture.
Evaluate and document the Shared Responsibility Model between SaaS providers and the organization.
Perform third‑party risk assessments, including security questionnaires, evidence reviews, and control validations.
Analyze SaaS solutions against regulatory and control frameworks (e.g., SOC 2, ISO 27001, NIST, CIS).
Review and assess controls related to:
Identity and Access Management (IAM)
Network Security
Data Protection and Encryption
Identify security gaps, determine risk levels, and provide remediation recommendations.
Partner with procurement, legal, compliance, and security teams during vendor onboarding and renewals.
Maintain assessment documentation, risk registers, and reporting artifacts.
Stay current on SaaS security trends, threats, and best practices.
Required Skills And Experience
Strong experience in SaaS security assessments and third‑party/vendor risk analysis.
Deep understanding of the Shared Responsibility Model in SaaS and cloud environments.
Knowledge of regulatory and control frameworks, including:
SOC 2.
ISO 27001.
NIST / CIS.
Solid understanding of Information Security principles and risk management.
Hands‑on knowledge of IAM, network security, and data protection controls.
Ability to interpret security documentation, audit reports, and compliance evidence.
Strong communication skills to articulate risks to technical and non-technical stakeholders.
#J-18808-Ljbffr
Assess SaaS applications and third-party vendors for security, risk, and compliance posture.
Evaluate and document the Shared Responsibility Model between SaaS providers and the organization.
Perform third‑party risk assessments, including security questionnaires, evidence reviews, and control validations.
Analyze SaaS solutions against regulatory and control frameworks (e.g., SOC 2, ISO 27001, NIST, CIS).
Review and assess controls related to:
Identity and Access Management (IAM)
Network Security
Data Protection and Encryption
Identify security gaps, determine risk levels, and provide remediation recommendations.
Partner with procurement, legal, compliance, and security teams during vendor onboarding and renewals.
Maintain assessment documentation, risk registers, and reporting artifacts.
Stay current on SaaS security trends, threats, and best practices.
Required Skills And Experience
Strong experience in SaaS security assessments and third‑party/vendor risk analysis.
Deep understanding of the Shared Responsibility Model in SaaS and cloud environments.
Knowledge of regulatory and control frameworks, including:
SOC 2.
ISO 27001.
NIST / CIS.
Solid understanding of Information Security principles and risk management.
Hands‑on knowledge of IAM, network security, and data protection controls.
Ability to interpret security documentation, audit reports, and compliance evidence.
Strong communication skills to articulate risks to technical and non-technical stakeholders.
#J-18808-Ljbffr