Salesforce Security, Governance, Risk, and Compliance (GRC) Team is responsible for enterprise-wide GRC ensuring Salesforce leadership has the information needed to make strategic risk-based decisions enabling the achievement of Salesforce business objectives globally. Our team builds and deploys common governance, risk, and compliance processes conduct audits and ensure that technologies and business operations structured and configured for data protection and compliance.
Open Roles, skills and available locations Include:
- Risk Management: Risk Assessment & Compliance framework (Rate/scoring), maturity model, GRC selection process. Qualitative & Quantitative risk modeling.
- Compliance Systems Engineering: Network and Systems Engineering Audit/Compliance automation. Controls monitoring (data feeds, automation, etc.)
- Governance Management: Security governance management, strategy, planning and execution of internal governance controls and related processes in alignment with global regulations and company policies.
- Compliance Audit Management: Broad spectrum knowledge of security engineering, security operations, product security, governance, risk, compliance, security communications management.
- Leveling: We are looking for best the offensive security engineers in the world. If you fit that profile, we will work with you to ensure that your job title/level is aligned with your skill set. We are hiring for the following levels: Analyst, Manager, Sr. Manager and Director.
- Locations: Most locations are available for hire in Herndon, VA or Indianapolis, IN or San Francisco, CA or Bellevue, WA
- In these roles, you are a part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. Depending on your function within the GRC team, you will have knowledge of your key focus area.
- You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. Expect around 10% travel.
- You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a “bridge” builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels.
- 5+ years of experience in your relevant GRC focus area.
- You have experience in security risk management, controls assessment, or configuration management as appropriate for your area of GRC expertise.
- You have general knowledge across off of GRC, with focused expertise in your area.
- You have worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management.
- You have familiarity with some relevant security frameworks such as FedRAMP, ISO 27001, SOC1/2, PCI, etc.
- Depending on the role that you are selected for, a “Federal Background Check” may be required. For roles requiring this background check, you must meet the requirements for and agree to the following: U.S. citizen (the U.S. born or naturalized) who does not hold dual citizenship. You agree to complete a Minimum Background Investigation (MBI) for a Moderate Public Trust position with the U.S. federal government or other clearances as deemed appropriate for the role.
- Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
- You have built productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance and other stakeholders.
- You have relevant knowledge of network engineering, systems engineering and related device engineering if appropriate as appropriate for your focus area.
- Knowledge of, or experience working with, Cloud technologies/environments is a plus
- Strong knowledge of security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRamp, PCI, GDPR, etc.)
- Experience with GRC tools (MetricStream, Archer, etc.)
- 10% travel could be needed depending on role.