Lead, SaaS Security Posture Management

$125,000 - $186,100/Yr

Prudential Financial - Newark, NJ

posted 17 days ago

Part-time - Mid Level
Newark, NJ
Insurance Carriers and Related Activities

About the position

As a Lead of Software as a Service (SaaS) Security Posture Management on the Vulnerability and Compliance Management Team, you will oversee the security and compliance posture of Prudential's SaaS platforms. This role involves collaborating with various security professionals to enhance cloud security efforts, establish preventive controls, and mitigate potential security risks. You will also contribute to the strategic direction of the program, drive the enablement of new capabilities, and ensure adherence to security compliance standards.

Responsibilities

  • Lead the SaaS and CSPM vulnerability and compliance security strategy, including the design and implementation of attack surface reduction and security configurations across all SaaS Platforms.
  • Perform regular vulnerability and configuration assessments on SaaS applications to assess effectiveness and support hardening efforts.
  • Track, prioritize, and remediate vulnerability and compliance issues identified in the platform, ensuring timely remediation.
  • Implement automated policies for continuous monitoring and preventive controls.
  • Manage and oversee the SSPM vulnerability management program, partnering with other ISO organizations as the subject matter expert.
  • Automate and define workflows for lifecycle management of SSPM findings, working in partnership with the ASM orchestration team.
  • Instrument risk indicators and reporting.
  • Collaborate with the Attack Surface Management team, SaaS Security team, and Third Party Governance to identify and address security risks associated with SaaS platforms.
  • Develop and maintain SaaS security policies, procedures, and best practices in alignment with industry standards and regulatory requirements.
  • Support and assist security incident response efforts related to SaaS environments, working closely with the Incident Response team.
  • Conduct regular risk assessments and support evaluation of the effectiveness of security controls and identify areas for improvement.
  • Ensure SaaS platforms adhere to security compliance standards such as SOC 2, ISO 27001, GDPR, HIPAA, and others as required.
  • Conduct regular compliance audits and assessments, working with auditors and internal teams to resolve gaps.
  • Maintain documentation and artifacts for compliance reporting and certifications.
  • Stay up-to-date with the latest security trends, threats, and technologies, and recommend innovative solutions to enhance the security posture of the organization.
  • Advocate for and implement security best practices throughout the SaaS development lifecycle.
  • Collaborate with external partners, vendors, and auditors to ensure compliance with security standards and regulations.
  • Responsible for continuous monitoring of attack surface and ensuring remediation governance via escalation to business and risk advisors.
  • Partner with support organizations to establish security standards, design requirements, and build the roadmap to implement SaaS security controls.
  • Work to operationalize new processes for SSPM continuous monitoring.
  • Provide mentorship, training, and guidance for team members, working with and guiding more junior team members.
  • Support managers and Prudential leadership on new initiatives and opportunities to grow our security practices.
  • Ensure proper communication of the program's results, opportunities, and deficiencies, as needed, to Prudential upper management.
  • Leverage Security Operations and tool/process specific knowledge to resolve complex technical/process/people problems the team faces.
  • Responsible for review and approval of remediation deferment requests, escalation where appropriate.

Requirements

  • Bachelor of Computer Science or Software Engineering or experience in related fields.
  • Experience with agile development methodologies and Test-Driven Development (TDD).
  • Knowledge of business concepts, tools, and processes needed for making sound decisions in the context of the company's business.
  • Ability to learn new skills and knowledge on an ongoing basis through self-initiative and tackling challenges.
  • Ability to coach others with some guidance and effectively leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.
  • Strong communication skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
  • Excellent problem-solving, communication, and collaboration skills.
  • Ability to think creatively, innovate, and challenge status quo processes or procedures.
  • Advanced experience in several of the following: Experience using industry-standard vulnerability scanning and security tools (Qualys, Tenable, Wiz, NMAP, Cloud Native - AWS, Azure).
  • Experience with standard frameworks, such as OWASP, MITRE ATT&CK, and NIST.
  • In-depth knowledge of threat intelligence frameworks & methodology that will help aid the response process.
  • Familiarity with defensive and monitoring technologies such as intrusion prevention/detection systems (IPS/IDS), Web Application Firewalls (WAFs), security information and event management systems (SIEMs), firewalls, endpoint protection (EPP), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
  • Experience with Vulnerability management lifecycle best practices and tools used for SaaS and cloud monitoring (Wiz, AppOmni, Cloud Native - AWS, Azure).
  • Proven experience in SaaS security, vulnerability management, or related roles.
  • Proven experience leading security initiatives in SaaS environments, including designing and implementing security controls.
  • Strong understanding of network security, encryption, identity and access management, and incident response.

Nice-to-haves

  • Experience with security compliance standards such as SOC 2, ISO 27001, GDPR, HIPAA.
  • Familiarity with cloud security best practices and frameworks.

Benefits

  • Market competitive base salaries, with a yearly bonus potential at every level.
  • Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
  • Retirement plans: 401(k) plan with company match (up to 4%).
  • Company-funded pension plan.
  • Wellness Programs to help achieve wellbeing goals, including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
  • Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
  • Tuition Assistance to help finance traditional college enrollment toward obtaining an approved degree, many accredited certificate programs, and industry designations.
  • Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service