About this role
Information Security Consultant focused on securing the organization's SaaS ecosystem, driving security reviews, defining baselines, and managing post-onboarding SaaS risk and compliance across enterprise stakeholders.
Key Responsibilities
- Provide SaaS security advisory and risk analysis
- Define and maintain SaaS security baselines
- Partner with Third-Party Onboarding
- Translate regulatory requirements into guidance
- Review SaaS architectures and data flows
Technical Overview
SaaS security governance, standards development, vendor security reviews, CSA/NIST/ISO considerations, SSPM/CASB/GRC tooling, IAM/SOC/Privacy coordination, and risk management across SaaS lifecycle
Ideal Candidate
The ideal candidate is a senior SaaS security-focused consultant with 5+ years in information security, strong governance knowledge, and the ability to coordinate across cross-functional teams and third-party risk.
Must-Have Skills
Bachelor's degree in Information SecurityComputer ScienceRisk Managementor a related field (or equivalent practical experience).5+ years of experience in Information SecurityCloud SecuritySaaS Securityor Cyber Risk Management roles
Nice-to-Have Skills
8+ years of information securitySaaS securityor cloud security experienceDeep expertise in SaaS security governance modelsExperience as a security consultant/advisorKnowledge of M365SalesforceServiceNowWorkdayAtlassianSaaS security tooling (SSPMCASBGRC platforms)Professional security certifications such as CISSPCISMCCSPCRISCor ISO 27001 Lead Implementer/Auditor
Tools & Platforms
SSPMCASBGRC platformsSOC 2ISO 27001SIG/CAIQ
Required Skills
Bachelor's degree in Information SecurityComputer ScienceRisk Managementor related field; 5+ years in Information SecurityCloud SecuritySaaS Securityor Cyber Risk Management; deep SaaS security knowledge; vendor risk management
Hard Skills
Network security principlesNetwork architectureIntrusion detection/prevention (IDS/IPS)Network segmentationRoutersSwitchesFirewallsProxy serversReverse proxiesLoad balancersIDS/IPSVPNSDWANNetwork tapsApplication-centric networkingZero trustSecure configuration practices for OS/infrastructureUnix/LinuxWindowsDockerKubernetesVMwareEC2ECSEKSLambdaEndpoint security (EDRMDM)Data Loss Prevention (DLP)Identity and Access Management (IAM)SSOMFARBACProvisioningWireless securityTCP/IPUDPIPSECSSL/TLSHTTPDNSDHCPLDAPSMBCIFSNTPZero Trust Network ArchitectureCloud interconnectivityVulnerability managementAuditNIST 800-53CIS ControlsSecurity policy and standards developmentCloud interconnectivity methodsSecurity assessmentsRemediation guidanceSaaS governanceCSA SSCFCCMSOC 2SaaS lifecycleSSPMCASBGRC platforms
Soft Skills
Problem solvingCritical thinkingInterpersonalCollaborationWritten communicationVerbal communicationLeadershipInfluence without authority
Certifications
Preferred
CISSPCISMCCSPCRISCISO 27001 Lead Implementer/Auditor
Keywords for Your Resume
Information Security ConsultantSaaS SecurityEnterprise Cyber SecuritySaaS security governanceSOC 2 Type IIISO 27001SIG/CAIQSSPMCASBGRC platformsNISTCCPA/CPRAGDPRSaaS lifecycleIAMSSOMFANIST CSF/800-53CSA SSCFCCMAuditVendor onboardingrisk managementvendor security reviews
Deal Breakers
Bachelor's degree not in information security or related field, Lack of 5+ years information security / SaaS security experience, No experience with SaaS governance or vendor risk
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile