Security GRC Manager

GRC Orchestration Teams - Two GRC Orchestration teams are being formed that will drive the integrated execution of GRC activities for the clouds. GRC Orchestration Team 1 covers Salesforce Services, Salesforce Government Cloud, Enterprise, and international certifications (commercial and public sector).GRC Orchestration Team 2 covers Heroku, Einstein, Quip, MuleSoft, MuleSoft Government Cloud, Commerce Cloud, and Marketing Cloud. GRC activities performed by the GRC Orchestration teams include leading external audits, driving issue resolution, conducting Tier 2 risk assessments, being a cloud SME and providing support across all GRC activities.

A successful candidate who is passionate about security and excels at explaining complex technology to diverse audiences (across varying technical and business backgrounds) in a way that fosters understanding and ownership.What You’ll Do:

Plan, coordinate and execute work assignments with process/control owners and external auditorsPerform controls testing, document results, and provide detailed updates to the Compliance management, and internal stakeholdersTier 2, and other security risk assessmentsPlans and supports risk assessment projects including approach, scope, tactical execution tasks and timelinesMonitors and manages risks and mitigation efforts in partnership with Risk Owners, initiative owners and key stakeholdersAssist in managing the timely and high-quality execution of certification programsAssist process/control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)Proactively identify gaps or conflicts in existing processes and work to develop solutions with internal business partnersAssist with tracking of remediation of all security compliance issues identified during various assessmentsAssist with the education and training of process/control owners so they better understand the security controls framework and their responsibilitiesEvaluate new and evolving certification programs and impacts to technologyBuild strong relationships with business partners and facilitate continuous improvement aligned with operational processesEffectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to business partnersConvey Salesforce's strategy for compliance and control design to external 3rd partiesPartner with other leaders within the Security Compliance team collaborate and support both process maturity and staff development

Plan, coordinate and execute work assignments with process/control owners and external auditors

Perform controls testing, document results, and provide detailed updates to the Compliance management, and internal stakeholders

Tier 2, and other security risk assessments

Plans and supports risk assessment projects including approach, scope, tactical execution tasks and timelines

Monitors and manages risks and mitigation efforts in partnership with Risk Owners, initiative owners and key stakeholders

Assist in managing the timely and high-quality execution of certification programs

Assist process/control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)

Proactively identify gaps or conflicts in existing processes and work to develop solutions with internal business partners

Assist with tracking of remediation of all security compliance issues identified during various assessments

Assist with the education and training of process/control owners so they better understand the security controls framework and their responsibilities

Evaluate new and evolving certification programs and impacts to technology

Build strong relationships with business partners and facilitate continuous improvement aligned with operational processes

Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to business partners

Convey Salesforce's strategy for compliance and control design to external 3rd parties

Partner with other leaders within the Security Compliance team collaborate and support both process maturity and staff development

Qualifications:

Experience with security risk management frameworks including related regulatory compliance requirements (PCI, SOC, ISO, etc)Understanding of security governance, monitoring, mapping risks to controlsKnowledge of, or experience working with, Cloud technologies/environments (AWS is a plus)Capable of coordinating with requests and inquiries from external auditors and understanding how to translate the asks to technical teams and control ownersAble to build productive relationships with different stakeholder groups such as Technical Operations, Security Operations, Incident Response, Engineering and Software Development, ComplianceStrong written and verbal communication skills; ability to effectively communicate across all levels of the Company; demonstrating flexibility in approachAnalytical thinker with strong organizational skills; attention to detail is a mustInnovation and creativity are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirementsPrior experience in an audit, compliance and regulatory environment related to security and privacy including standards across industries and geographies such as PCI, ISO 27001, SOC, HIPAA, HITRUST, FedRAMP is a plusAbility to work independently and efficiently with limited oversight/direction1+ years of security experience or IT audit

Experience with security risk management frameworks including related regulatory compliance requirements (PCI, SOC, ISO, etc)

Understanding of security governance, monitoring, mapping risks to controls

Knowledge of, or experience working with, Cloud technologies/environments (AWS is a plus)

Capable of coordinating with requests and inquiries from external auditors and understanding how to translate the asks to technical teams and control owners

Able to build productive relationships with different stakeholder groups such as Technical Operations, Security Operations, Incident Response, Engineering and Software Development, Compliance

Strong written and verbal communication skills; ability to effectively communicate across all levels of the Company; demonstrating flexibility in approach

Analytical thinker with strong organizational skills; attention to detail is a must

Innovation and creativity are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirements

Prior experience in an audit, compliance and regulatory environment related to security and privacy including standards across industries and geographies such as PCI, ISO 27001, SOC, HIPAA, HITRUST, FedRAMP is a plus

Ability to work independently and efficiently with limited oversight/direction

1+ years of security experience or IT audit

Argentina Benefits & Perks

Employee Stock Purchase ProgramOSDE 410 for the family groupWellness and Education ReimbursementUnlimited PTOParental LeaveBimonthly salary inflation reviewsChildcare subsidiesAnd more!

Employee Stock Purchase Program

OSDE 410 for the family group

Wellness and Education Reimbursement

Unlimited PTO

Parental Leave

Bimonthly salary inflation reviews

Childcare subsidies

And more!

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.Salesforce welcomes all

Accommodations - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.