GRC TEAM OVERVIEW
Salesforce Security, Governance, Risk, and Compliance (GRC) Team is responsible for enterprise wide GRC ensuring Salesforce leadership has the information needed to make strategic risk-based decisions enabling the achievement of Salesforce business objectives globally. Our team builds and deploys common governance, risk, and compliance processes, conducts audits, and ensures that technologies and business operations structured and configured for data protection and compliance.
Open Roles, skills and available locations Include:
Risk Management: Risk Assessment & Compliance framework (Rate/scoring), maturity model, GRC selection process. Qualitative & Quantitative risk modeling.
Compliance Systems Engineering: Network and Systems Engineering Audit/Compliance automation. Controls monitoring (data feeds, automation, etc.)
Governance Management: Security governance management, strategy, planning and execution of internal governance controls and related processes in alignment with global regulations and company policies.
Compliance Audit Management: Broad spectrum knowledge of security engineering, security operations, product security, governance, risk, compliance, security communications management.
Leveling: We are looking for best the offensive security engineers in the world. If you fit that profile, we will work with you to ensure that your job title/level is aligned to your skill set. We are hiring for the following levels: Analyst, Manager, Sr. Manager and Director.
Locations: Most locations are available for hire in Herndon, VA or Indianapolis, IN or San Francisco, CA or Bellevue, WA
In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. Depending on your function within the GRC team, you will have knowledge of your key focus area.
You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. Expect around 10% travel.
You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a “bridge” builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels.
5+ years of experience in your relevant GRC focus area.
You have experience in security risk management, controls assessment, or configuration management as appropriate for your area of GRC expertise.
You have general knowledge across off of GRC, with focused expertise in your area.
You have worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management.
You have familiarity with some relevant security frameworks such as FedRAMP, ISO 27001, SOC1/2, PCI, etc.
Depending on the role that you are selected for, a “Federal Background Check” may be required. For roles requiring this background check, you must meet the requirements for and agree to the following: U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship. You agree to complete a Minimum Background Investigation (MBI) for a Moderate Public Trust position with the U.S. federal government or other clearances as deemed appropriate for the role.
Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
You have built productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance and other stakeholders.
You have relevant knowledge of network engineering, systems engineering and related device engineering if appropriate as appropriate for your focus area.
Knowledge of, or experience working with, Cloud technologies/environments is a plus
Strong knowledge of security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRamp, PCI, GDPR, etc.)
Experience with GRC tools (Metricstream, Archer, etc.)
10% travel could be needed depending on role.
Salesforce, the Customer Success Platform and world’s #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for “family”) made up of our employees, customers, partners, and communities, we are working to improve the state of the world!
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.