Lead, SaaS Security Posture Management

Job Classification:

Technology - Information Security

Are you interested in building capabilities that enable the organization with innovation, speed, agility, scalability and efficiency?

Your Team & Role

As a Lead of Software as a Service (SaaS) Security Posture Management on the Vulnerability and Compliance Management Team, you will partner with other security professionals across the Information Security Office, the Chief Technology Office, and other groups in Prudential to drive Prudential's Cloud security efforts across the global enterprise.

You will oversee the security and compliance posture of our SaaS platforms. You will partner with our Corporate Technology teams, Dev Ops and ASM (Attack Surface Management) partners for opportunities to enhance baseline capabilities, partner with stakeholder organizations to establish preventive controls, and identify and mitigate potential security risks and maintain a secure SaaS environment.

In addition, you will help leaders evolve and grow the strategic direction of the program and contribute to SaaS security standards, drive enablement of new capabilities and identification of attack surface reduction opportunities. You will work on significant and unique issues where analysis of context-based risk, unique business environments or vulnerability exploitability requires an evaluation of variables to drive time-sensitive risk reduction efforts.

In your efforts, you will continuously look at opportunities to automate and strengthen controls. An agile and continuous improvement/learning mindset is a must for our team.

Here is What You Can Expect on a Typical Day:

* Lead the SaaS vulnerability and compliance security strategy, including the design and implementation of attack surface reduction and security configurations across all SaaS Platforms.

* Perform regular vulnerability and configuration assessments on SaaS applications to assess the effectiveness and support hardening efforts.

* Track, prioritize, and remediate vulnerability and compliance issues identified in the platform, ensuring timely remediation.

* Implement automated policies for continuous monitoring and preventive controls.

* Lead SSPM vulnerability management efforts as the subject matter expert, collaborating across ISO organizations to prioritize systems and controls for attack surface reduction.

* Automate and define workflows for lifecycle management of SSPM findings, working in partnership with the ASM orchestration team. Instrument risk indicators and reporting.

* Collaborate with the Attack Surface Management team, SaaS Security team and Third Party Governance to identify and address security risks associated with SaaS platforms and ensure that they are properly mitigated.

* Develop and maintain SaaS security policies, procedures, and best practices in alignment with industry standards and regulatory requirements and compliance.

* Support and assist security incident response efforts related to SaaS environments, working closely with the Incident Response team to support any investigations.

* Conduct regular risk assessments and support evaluation of the effectiveness of security controls and identify areas for improvement.

* Ensure SaaS platforms adhere to security compliance standards such as SOC 2, ISO 27001, GDPR, HIPAA, SOX, and others as required.

* Conduct regular compliance audits and assessments, working with auditors and internal teams to resolve gaps.

* Maintain documentation and artifacts for compliance reporting and certifications.

* Stay up-to-date with the latest security trends, threats, and technologies, and recommend innovative solutions to enhance the security posture of the organization. Advocate for and implement security best practices throughout the SaaS development lifecycle

* Provide mentorship, training, and guidance for team members, working with and guiding more junior team members.

* Support managers and Prudential leadership on new initiatives and opportunities to grow our security practices.

* Ensures proper communication of the program's results, opportunities, and deficiencies, as needed, to Prudential upper management.

* Leverage Security Operations and tool/process specific knowledge to resolve complex technical/process/people problems the team faces.

* Responsible for review and approval of remediation deferment requests, escalation where appropriate

The Skills & Expertise You Bring

* Bachelor of Computer Science or Software Engineering or experience in related fields

* Experience with agile development methodologies and Test-Driven Development (TDD).

* Knowledge of business concepts, tools and processes that are needed for making sound decisions in the context of the company's business.

* Ability to learn new skills and knowledge on an on-going basis through self-initiative and tackling challenges.

* Ability to coach others with some guidance and effectively leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.

* Strong communication…