Information Security Analyst – SaaS

Roles & Responsibilities

• Conduct comprehensive risk assessments of third-party SaaS providers, including evaluating security documentation, reviewing evidence, interviewing technical stakeholders, and assessing both control design and operating effectiveness
• Analyze user traffic and interactions with external SaaS platforms to identify, assess, and report enterprise security risks
• Monitor emerging security trends and proactively align insights with organizational objectives and evolving business needs
• Develop, maintain, and enhance operational documentation, dashboards, and reports to support monthly risk trending and project deliverables
• Evaluate SaaS technologies and tools for technical, functional, and financial viability, providing actionable recommendations
• Collaborate with cross-functional technology and business teams to drive timely execution of security initiatives and risk mitigation efforts
• Provide subject matter expertise to Cloud Security programs, including SaaS platforms and cloud application architecture initiatives

• Strong knowledge of data classification and data protection solutions
• Deep understanding of multi-tenant SaaS environments and associated security risks
• Solid grasp of cloud shared responsibility models across IaaS, PaaS, and SaaS
• Experience with containerization technologies such as Docker and Kubernetes
• Proficiency in identity and access management concepts, including federation protocols (SAML, OIDC)
• Familiarity with financial industry standards and regulatory frameworks such as FedRAMP, NIST, CSA, and PCI DSS

• Experience with SaaS security posture management (SSPM) tools
• Knowledge of CASB or SASE solutions
• Familiarity with vendor risk management frameworks
• Relevant certifications (e.g., CISSP, CCSP, CISM)