InfoSec Lead, SaaS Security

Job not on LinkedIn

12 hours ago

Apply Now

Receive Emails with Similar Jobs

Motive

WebsiteLinkedInAll Job Openings

Transport • Artificial Intelligence • Enterprise

Motive is a company that provides an integrated operations platform designed to enhance the safety, productivity, and profitability of fleet management and operations. Utilizing cutting-edge AI technology, Motive offers solutions such as driver safety monitoring, fleet management, equipment monitoring, and spend management. These services provide unparalleled visibility into vehicles and equipment, automate workflows, reduce costs, and improve efficiency for industries like construction, oil & gas, public sector, food & beverage, and logistics. Motive is recognized as a leader in fleet management and empowers companies to maximize their operational potential with innovative solutions.

1001 - 5000 employees

🚗 Transport

🤖 Artificial Intelligence

🏢 Enterprise

📋 Description

• Work with IT to build and maintain an inventory of SaaS applications, including data sensitivity, owners, and integrations. • Define and maintain baseline security configurations for key SaaS tools (e.g., password policies, session settings, IP/device restrictions, sharing controls). • Review and approve new SaaS apps and integrations from a security perspective: • Data flows (what data, where it goes, which region) • Access model (who can use it, how they log in) • Integration security (API tokens, webhooks, scopes, secrets) • Work with app owners to remediate misconfigurations and close security gaps in SaaS platforms. • Partner with IT/Platform to standardize SSO/MFA across as many SaaS apps as possible. • Help design and enforce role-based access control (RBAC) and least privilege for critical applications. • Support user lifecycle management across SaaS: • Onboarding/offboarding flows • Group-based access • Periodic access reviews and certifications. • Monitor for and reduce “shadow IT” and unmanaged accounts. • Work with SIEM/CASB/SSPM/DLP tools (or equivalent) to: • Ingest and correlate SaaS audit logs (IdP, CRM, collaboration tools, etc.) • Tune alerts for suspicious logins, unusual data access, risky configurations, and anomalous behavior. • Participate in the security incident process for SaaS-related events: • Triage alerts, validate impact, and coordinate containment with system owners and vendors. • Help implement data protection controls in SaaS: • DLP policies (e.g., for PII, payment data, other sensitive data) • Sharing restrictions (public links, external sharing, downloads). • Own/co-own SaaS-related controls for SOC 2, ISO 27001, and similar frameworks, such as: • Access control, authentication, and authorization • Change management and configuration management for SaaS apps • Logging, monitoring, and incident response • Vendor management and third-party risk. • Collect and maintain audit-ready evidence: • Screenshots of configs, exported reports, access review results, SIEM/CASB reports, DLP policies, tickets. • Support internal and external audits by walking auditors through: • How our SaaS security controls are designed • How they operate day-to-day • How we monitor and improve them. • Create and maintain clear documentation: • SaaS security standards and configuration guides • Playbooks for onboarding new SaaS apps and integrations • Runbooks for common SaaS security tasks and incidents. • Provide lightweight, targeted guidance to system owners: • Here’s how to configure this SaaS app securely • Here’s the checklist before you connect a new integration. • Identify manual or repetitive tasks and suggest opportunities for automation (e.g., scripts, SSPM integrations, workflow tools).

🎯 Requirements

• 3–6 years of experience in Information Security, IT Security, or a related technical role, with clear exposure to SaaS-heavy environments. • Hands-on experience administering or securing SaaS platforms (e.g., Google Workspace / Microsoft 365, Salesforce, HRIS, ticketing/support, collaboration tools). • Strong understanding of identity-centric security: • SSO, MFA, SAML/OIDC, SCIM • RBAC and least privilege • Group-based and role-based access models. • Experience working with at least some of: • IdP (e.g., Okta, Azure AD, Google) • CASB / SSPM / DLP / SIEM / or equivalent SaaS monitoring tools. • Familiarity with security and compliance frameworks such as SOC 2, ISO 27001 (or similar). • Ability to read and interpret SaaS security documentation, admin guides, and audit logs. • Strong written and verbal communication; able to explain SaaS security risks and controls to non-security stakeholders.

🏖️ Benefits

• Creating a diverse and inclusive workplace is one of Motive's core values. We are an equal opportunity employer and welcome people of different backgrounds, experiences, abilities and perspectives. • Professional development opportunities.