Vulnerability and Baseline Configuration Compliance Analyst – Governance Lead/Analyst

This SaaS Governance role focuses on developing and enforcing policies, controls, and metrics for
SaaS application usage across the enterprise. This includes inventory, risk classification, vendor
management, access governance, usage compliance, and alignment with corporate security and
privacy policies.

Key Responsibilities are as follows:

• Develop and maintain SaaS governance framework, policies, standards, and control
  objectives.
• Oversee implementation and tuning of SaaS Security tools.
• Drive automation of SaaS onboarding, offboarding, and continuous monitoring workflows.
• Maintain centralized inventory of SaaS applications (shadow IT + sanctioned).
• Lead periodic SaaS risk assessments and security reviews.
• Ensure SaaS vendor compliance with contractual obligations (e.g., DPAs, SLAs).
• Work with procurement and legal to vet new SaaS apps and renewals.
• Define metrics and dashboards to track governance posture and exceptions.
• Enable federated governance model via policy-as-code or delegation models.
• Advocate for secure SaaS adoption with business stakeholders.
• Coordinate audits and collaborate with compliance teams on data protection
  requirements.
•  Provide security education and guidance to application owners and end-users.
• Support and respond to incident response efforts related to SaaS data breaches or
  misconfigurations.

SKILLS

Required Skills:

• 5 - 8 years of experience in cybersecurity with 2+ years focused on SaaS or cloud security.
• Strong understanding of SaaS risk, regulatory, and compliance issues.
• Ability to collaborate across IT, legal, security, and procurement functions.
• Experience with SaaS inventory/discovery tools (e.g., Netskope, Wing, BetterCloud).
• Familiarity with SaaS governance frameworks (e.g., NIST, CSA, CIS).
• Excellent policy writing, communication, and stakeholder engagement skills.

Preferred Skills:

• Experience building or maintaining SaaS Governance Risk and Compliance (GRC)
  dashboards.
• Understanding of SaaS license management and shadow IT discovery.
• Knowledge of AI governance in SaaS tools with LLM integration.
• Familiarity with data classification and retention policies across SaaS tools.

Education

• Bachelor’s degree in computer science, Cybersecurity, or related field - or equivalent experience.
  Relevant Certifications

Required:

• Certified Information Security Manager (CISM)
• Certified Information Privacy Professional (CIPP/US or CIPP/E)

Preferred:

• Certified in Governance of Enterprise IT (CGEIT)
• CCSP or CCSK (Cloud Security Alliance)
• SaaS Governance Professional (vendor-specific, if available)