SaaS Security Manager

We are the movers of the world and the makers of the future. We get up every day, roll up our sleeves and build a better world -- together. At Ford, we’re all a part of something bigger than ourselves. Are you ready to change the way the world moves?

Enterprise Technology plays a critical part in shaping the future of mobility. If you’re looking for the chance to leverage advanced technology to redefine the transportation landscape, enhance the customer experience and improve people’s lives, this is the opportunity for you. Join us and challenge your IT expertise and analytical skills to help create vehicles that are as smart as you are.

We are seeking a SaaS Security Manager to spearhead our efforts in securing the growing portfolio of Software-as-a-Service (SaaS) applications utilized across the enterprise. The ideal candidate will possess a strong technical background in SaaS security, proven leadership capabilities, demonstrable relationship-building skills, and deep expertise in specific areas including SaaS Security Posture Management (SSPM), Cloud Access Security Brokers (CASB), vendor risk management, and the application of security frameworks like NIST 800-53 to SaaS environments.

This role involves supervising a team of SaaS security professionals, overseeing the implementation and management of security controls within and around SaaS applications, ensuring compliance with both corporate and regulatory requirements, and contributing to the overall security posture of our enterprise SaaS ecosystem. The SaaS Security Lead will be responsible for strategic planning, operational oversight of owned tools, security and operational incident resolution when needed, as well as collaborating with business partners and application owners to apply controls in a way that achieves security objectives while facilitating business adoption.

• Supervise, mentor, and develop a team of SaaS security engineers and analysts, fostering professional growth and maintaining high team performance.
• Manage day-to-day SaaS security operations, including continuous monitoring of SaaS application configurations, user activity, and integrations for security risks.
• Design, implement, and maintain robust security controls and policies aligned with organizational requirements and industry best practices for SaaS applications.
• Oversee the configuration, monitoring, and utilization of SaaS Security Posture Management (SSPM) tools to identify and remediate misconfigurations, excessive permissions, and compliance gaps across the SaaS landscape.
• Lead the assessment and management of security risks associated with third‑party SaaS vendors, including due diligence, contract reviews, and continuous monitoring of vendor security posture and compliance.
• Ensure the secure integration of SaaS applications, focusing on API security, secure authentication (e.g., SSO, MFA), and data flow protection.
• Ensure SaaS application compliance with regulatory and internal requirements, with a specific focus on interpreting, implementing, and documenting controls based on frameworks such as NIST 800-53, SOC 2, and ISO 27001 as applied to SaaS.
• Support SaaS‑specific security incident response activities – when requested by Cyber Defense leadership – ensuring effective containment, analysis, and resolution for incidents involving SaaS applications.
• Collaborate effectively with engineering, operations, procurement, legal, and business teams to integrate security throughout the SaaS application lifecycle, from selection and onboarding to offboarding.
• Develop and present reports on the SaaS security posture, vendor risk, compliance status, and key security initiatives in existing Governance Forums.
• Stay abreast of the latest security threats, vulnerabilities, and security best practices relevant to SaaS applications and their underlying cloud platforms.

• Bachelor's degree in Computer Science, Software Engineering, or a related field (or equivalent practical experience).
• Minimum of 5 years of experience in information security, with at least 3 years in a leadership capacity.
• Demonstrable hands‑on experience securing a diverse…