SaaS Security Manager

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves?

Enterprise Technology plays a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.

We are seeking a SaaS Security Manager to spearhead our efforts in securing the growing portfolio of Software-as-a-Service (SaaS) applications utilized across the enterprise. The ideal candidate will possess a strong technical background in SaaS security, proven leadership capabilities, demonstrable relationship‑building skills, and deep expertise in specific areas including SaaS Security Posture Management (SSPM), Cloud Access Security Brokers (CASB), vendor risk management, and the application of security frameworks like NIST 800‑53 to SaaS environments.

This role involves supervising a team of SaaS security professionals, overseeing the implementation and management of security controls within and around SaaS applications, ensuring compliance with both corporate and regulatory requirements, and contributing to the overall security posture of our enterprise SaaS ecosystem. The SaaS Security Lead will be responsible for strategic planning, operational oversight of owned tools, security and operational incident resolution when needed, as well as collaborating with business partners and application owners to apply controls in a way that achieves security objectives while facilitating business adoption.

• Bachelor's degree in Computer Science, Software Engineering, or a related field (or equivalent practical experience).
• Minimum of 5 years of experience in information security, with at least 3 years in a leadership capacity.
• Demonstrable hands‑on experience securing a diverse portfolio of production SaaS applications and managing SaaS vendor security.
• Strong understanding of core SaaS security concepts, including shared responsibility model, Identity and Access Management (IAM) for SaaS, data protection (DLP, encryption) in SaaS, API security, and secure configuration management.
• Extensive hands‑on experience utilizing and managing SaaS Security Posture Management (SSPM) tools and/or Cloud Access Security Brokers (CASB) for security posture management, threat detection, and compliance assessment.
• Proven experience conducting security assessments and due diligence for third‑party SaaS vendors.
• Direct experience interpreting, implementing, and documenting controls based on frameworks like NIST 800‑53, SOC 2, or ISO 27001 as applied to SaaS environments.
• Experience with security tools and services relevant to SaaS (e.g., SSPM platforms, CASBs, Identity Providers, vendor risk management platforms, API security gateways).
• Solid understanding of common security frameworks and standards (e.g., SOC 2, ISO 27001, NIST 800‑53, GDPR, CCPA).
• Excellent leadership, communication, and interpersonal skills, with the ability to effectively articulate technical concepts and security risks to diverse audiences.

You may not check every box, or your experience may look a little different from what we've outlined, but if you think you can bring value to Ford Motor Company, we encourage you to apply!

• A candidate with multiple years of experience securing specific business functions (e.g., HR, Finance, Marketing) that heavily leverage SaaS applications, able to articulate a mature view on the tradeoffs between security and usability.
• Experience with automating security tasks for SaaS applications via APIs and scripting languages (e.g., Python, Power Shell, Bash).
• Knowledge of Dev Sec Ops  principles and integrating security into the SaaS adoption and management lifecycle.
• Familiarity with secure access service edge (SASE) or zero trust network access (ZTNA)…