salesforce.com, inc.
Security GRC Senior Lead
salesforce.com, inc., San Francisco, California, United States, 94199
Overview
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts. Job Category: Enterprise Technology & Infrastructure About Salesforce
Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all. Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place. Agentforce is the future of AI, and you are the future of Salesforce. Our Security teams support the unwritten fourth tenet of Slack's mission: make people's working lives more secure. We're serious about protecting our infrastructure, operations, and most importantly, our customers' data. We take a systemic approach to security and strive to ensure we provide low friction high-impact security across everything we do. As a key member of the Risk & Compliance Team, you understand that building user trust is critical to Slack's success. You are passionate about information security, risk management, SOX ITGC, privacy and maintaining customer confidence. You have the focus and organization to champion the adoption of sound security and SOX ITGC practices across all of Slack's business and engineering teams. You are passionate about learning, building, and sustaining processes to address new regulatory and compliance requirements. In this role, your work will directly impact the way millions of users, teams and businesses get things done. We are seeking a motivated individual that is not only focused on delivering results but does so in a collaborative and courteous manner. Responsibilities
Act as the compliance subject matter expert for Engineering systems to provide leadership in managing ITGC auditing activities, requests and developing responses to audit findings, leading remediation of audit findings. Provide quality assurance of ITGC controls for Engineering to ensure operational effectiveness of those security controls in Engineering. Identify risks and gaps and facilitate remediation Conduct and participate in walkthroughs with engineering stakeholders and auditors. Facilitate tests of design and operational effectiveness for key information technology controls. Assist control owners with root cause analysis and track risk management action plan progress. Implement issue tracking and resolution process. Deliver risk metrics to management regarding audit performance and findings Assist the performance of security risk assessments to maintain compliance with AICPA Trusted Service Principles and ISO security standards. Assist in the design and implementation of information security compliance controls to address current risks, emerging threats and compliance standards. Requirements
Sound understanding of cloud security and control principles including logical access controls, change control, privileged access, segregation of duties, computer operations, network security, vulnerability management, and secure coding. 5+ years of experience in auditing and assessing Sarbanes-Oxley (ITGC) controls. Experience implementing, participating in, or conducting security assessments of compliance programs (e.g. SOC 2, FedRAMP, NIST, ISO 27001/27017/27018, HIPAA, HITRUST, Sarbanes-Oxley ITGC, etc.). Experience leading compliance efforts for Identity and Access Management solutions (E.g. Sailpoint IdentityNow). Ability to work independently. Ability to work with cross-functional stakeholders to reach desired outcomes. Effective communication with great interpersonal and presentation skills; ability to translate complex technical issues into simple language that people who are not experts can understand. A related technical degree required Bonus Points
Hands on information security experience Excellent time management and related organizational skills Understanding of infrastructure technologies including AWS, Chef, Github, Jenkins, etc. CISSP, CISA, or other industry certification Unleash Your Potential
When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world. Accommodations
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form. Posting Statement
Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com. Salesforce will consider for employment qualified applicants with arrest and conviction records. For California-based roles, the base salary hiring range for this position is $200,800 to $276,100.
#J-18808-Ljbffr
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts. Job Category: Enterprise Technology & Infrastructure About Salesforce
Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all. Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place. Agentforce is the future of AI, and you are the future of Salesforce. Our Security teams support the unwritten fourth tenet of Slack's mission: make people's working lives more secure. We're serious about protecting our infrastructure, operations, and most importantly, our customers' data. We take a systemic approach to security and strive to ensure we provide low friction high-impact security across everything we do. As a key member of the Risk & Compliance Team, you understand that building user trust is critical to Slack's success. You are passionate about information security, risk management, SOX ITGC, privacy and maintaining customer confidence. You have the focus and organization to champion the adoption of sound security and SOX ITGC practices across all of Slack's business and engineering teams. You are passionate about learning, building, and sustaining processes to address new regulatory and compliance requirements. In this role, your work will directly impact the way millions of users, teams and businesses get things done. We are seeking a motivated individual that is not only focused on delivering results but does so in a collaborative and courteous manner. Responsibilities
Act as the compliance subject matter expert for Engineering systems to provide leadership in managing ITGC auditing activities, requests and developing responses to audit findings, leading remediation of audit findings. Provide quality assurance of ITGC controls for Engineering to ensure operational effectiveness of those security controls in Engineering. Identify risks and gaps and facilitate remediation Conduct and participate in walkthroughs with engineering stakeholders and auditors. Facilitate tests of design and operational effectiveness for key information technology controls. Assist control owners with root cause analysis and track risk management action plan progress. Implement issue tracking and resolution process. Deliver risk metrics to management regarding audit performance and findings Assist the performance of security risk assessments to maintain compliance with AICPA Trusted Service Principles and ISO security standards. Assist in the design and implementation of information security compliance controls to address current risks, emerging threats and compliance standards. Requirements
Sound understanding of cloud security and control principles including logical access controls, change control, privileged access, segregation of duties, computer operations, network security, vulnerability management, and secure coding. 5+ years of experience in auditing and assessing Sarbanes-Oxley (ITGC) controls. Experience implementing, participating in, or conducting security assessments of compliance programs (e.g. SOC 2, FedRAMP, NIST, ISO 27001/27017/27018, HIPAA, HITRUST, Sarbanes-Oxley ITGC, etc.). Experience leading compliance efforts for Identity and Access Management solutions (E.g. Sailpoint IdentityNow). Ability to work independently. Ability to work with cross-functional stakeholders to reach desired outcomes. Effective communication with great interpersonal and presentation skills; ability to translate complex technical issues into simple language that people who are not experts can understand. A related technical degree required Bonus Points
Hands on information security experience Excellent time management and related organizational skills Understanding of infrastructure technologies including AWS, Chef, Github, Jenkins, etc. CISSP, CISA, or other industry certification Unleash Your Potential
When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world. Accommodations
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form. Posting Statement
Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com. Salesforce will consider for employment qualified applicants with arrest and conviction records. For California-based roles, the base salary hiring range for this position is $200,800 to $276,100.
#J-18808-Ljbffr