Director, Attack Surface Management

Job Classification:

Technology - Information Security As Director of SaaS Security Posture Management, you will partner with other security professionals across the Information Security Office, the Global Technology Office and Prudential business areas to drive our SaaS Security efforts across the global enterprise.
You will establish the strategy to build, scale, and automate the SaaS Security program with a focus on onboarding new applications, automating compliance reporting, hardening the SaaS environments and operationalizing the function to support ~150 applications.

You will lead and oversee the security and compliance posture of our SaaS platforms and partner with multiple technology partners to enhance baseline capabilities, establish preventive controls, and identify and mitigate potential security risks and maintain a secure SaaS environment.

*
* Key Responsibilities:

*
* • Develop and own the overall SaaS security posture management strategy, aligning with organizational goals and risk appetite.  
• Build and lead a team responsible for the security of all enterprise SaaS applications.  
• Direct and lead the SaaS vulnerability and compliance security strategy, including the design and implementation of attack surface reduction and security configurations across all SaaS Platforms.  
• Design and implement scalable processes for onboarding new SaaS applications, including risk assessments, security reviews, and integration with identity and access management systems.  
• Drive automation initiatives to streamline compliance reporting, monitoring, and remediation activities.  
• Establish and maintain standards and best practices for SaaS environment hardening, including configuration management and continuous posture assessment.  
• Collaborate with application owners, IT, compliance, and legal teams to ensure security requirements are met throughout the SaaS lifecycle.  
• Operationalize the SaaS security program to support and secure a portfolio of ~150 applications, ensuring effective incident response and vulnerability management.  
• Track and report on key metrics, program effectiveness, and risk reduction to executive leadership.  
• Stay current with industry trends, emerging threats, and regulatory changes impacting SaaS security.
*
* Qualifications:

*
* • 5-10 years of experience in cybersecurity with at least 3-5 years focused on SaaS or cloud security.  
• Proven experience building and managing enterprise-level SaaS security programs.  
• Deep understanding of SaaS architectures, security controls, and compliance requirements (e.g., SOC 2, ISO 27001, GDPR).  
• Strong leadership and communication skills, with experience managing cross-functional teams.  
• Hands-on experience with automation, security tooling, and integration with CI/CD pipelines.  
• Ability to effectively prioritize and execute in a fast-paced environment.  
• Ability to coach others with some guidance and effectively leverage diverse ideas, experiences, thoughts, and perspectives to the benefit of the organization.

** Advanced experience in several of the following:*
* • Experience with standard frameworks, such as OWASP, MITRE ATT&CK, and NIST.  
• In-Depth knowledge of threat intelligence frameworks & methodology that will help aid the response process.  
• Experience with Vulnerability management lifecycle best practices and tools used for SaaS and cloud monitoring (Wiz, App Omni, Cloud Native – AWS, Azure)

Experience with standard frameworks, such as MITRE ATT&CK, CIS and NIST.

• In-Depth knowledge of threat intelligence frameworks & methodology that will help aid the response process.  
• Proven experience in SaaS security, vulnerability management, or related roles.  
• Proven experience leading security initiatives in SaaS environments#
*
* What we offer you:

**# Prudential is required by state specific laws to include the salary range for this role when hiring a resident in applicable locations. The salary range for this role is from $ to $. Specific pricing for the role may vary within the above range based on many factors including geographic location, candidate experience, and skills.
* ** Market competitive base…