Salesforce.com, Inc GRC Analyst, Risk Assessment, Security & Compliance Manager, Security Risk Analyst, GRC Program Manager in San Francisco, California
Job CategoryProducts and Technology
GRC TEAM OVERVIEWSalesforce Security, Governance, Risk, and Compliance (GRC) Team is responsible for enterprise wide GRC ensuring Salesforce leadership has the information needed to make strategic risk-based decisions enabling the achievement of Salesforce business objectives globally. Our team builds and deploys common governance, risk, and compliance processes, controls, conducts audits, and ensures that technologies and business operations structured and configured for data protection and compliance.Leveling: If you fit that profile, we will work with you to ensure that your job title/level is aligned to your skill set. Levels: Analyst, ManagerLocations: San Francisco, CA or Bellevue, WA(some roles will be in Herndon, VA, Burlington, MA or Indianapolis, IN)Open Roles:
Common Controls Analyst: Experience developing and managing complex controls frameworks. Knowledge of, or experience working with, Cloud technologies/environments, including evaluating and implementing controls on Software a Service (SaaS) services.Experience with GRC tools (MetricStream, Archer, etc.).
External 3rd Party Audit Analyst: responsible for the execution and management of security compliance certification programs across the company that our customers depend on. This role will be heavily focused on evaluating security controls, supporting audits for the company's certification programs, and acting as a compliance subject matter expert to the business.
GRC Controls Monitoring: Maintains Security Controls Monitoring standards and standard operating procedures in cooperation with the GRC team. Experience with compliance controls lifecycle including design, design consultation, effectiveness testing, ongoing monitoring, mapping to risks, policies & standards along with external obligations and change management. Knowledge and experience in all facets of security governance, risk and compliance management. Understanding of security risk scenarios including related threats and vulnerabilities is a plusRisk Management: Risk Assessment & Compliance framework (Rate/scoring), maturity model, GRC selection process. Qualitative & Quantitative risk modeling. Knowledge of risk remediation/mitigation/control processes. Experience in related Governance, Risk or Compliance function or role, or even related IT Audit/AssessmentsCompliance Systems Engineering: Network and Systems Engineering Audit/Compliance automation. Controls monitoring (data feeds, automation, etc.)Compliance Audit Management: Broad spectrum knowledge of security engineering, security operations, product security, governance, risk, compliance, security communications management.
Security & Compliance Program Manager: Initiate projects by leading alignment on scope, budget, release planning, aligning the team on project goals, and securing cross-functional support. Facilitate and develop all Project Plan elements including, but not limited to, Charter, Schedule, Risk, and Communications plansRESPONSIBILITIESIn these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team. Depending on your function within the GRC team, you will have knowledge of your key focus area.You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes. Expect around 10% travel.You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a “bridge” builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels.REQUIRED
5+ years of experience in your relevant GRC focus area.
You have experience in security risk management, controls assessment, or configuration management as appropriate for your area of GRC expertise.
You have general knowledge across all of GRC, with focused expertise in your area.
You have worked with both business and technical risk and understand how to translate between the two and communicate to various levels of technical and business management.
You have familiarity with some relevant security frameworks such as FedRAMP, ISO 27001, SOC1/2, PCI, etc.
Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
You have built productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance and other stakeholders.
You have relevant knowledge of network engineering, systems engineering and related device engineering if appropriate as appropriate for your focus area.
Knowledge of, or experience working with, Cloud technologies/environments is a plus
Strong knowledge of security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRamp, PCI, GDPR, etc.)
Experience with GRC tools (Metricstream, Archer, etc.)
10% travel could be needed depending on role.
Salesforce, the Customer Success Platform and world's #1 CRM, empowers companies to connect with their customers in a whole new way. The company was founded on three disruptive ideas: a new technology model in cloud computing, a pay-as-you-go business model, and a new integrated corporate philanthropy model. These founding principles have taken our company to great heights, including being named one of Forbes’s “World’s Most Innovative Company” five years in a row and one of Fortune’s “100 Best Companies to Work For” eight years in a row. We are the fastest growing of the top 10 enterprise software companies, and this level of growth equals incredible opportunities to grow a career at Salesforce. Together, with our whole Ohana (Hawaiian for "family") made up of our employees, customers, partners, and communities, we are working to improve the state of the world!
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
Founded in 1999, Salesforce is the global leader in Customer Relationship Management (CRM). Companies of every size and industry are using Salesforce to transform their businesses, across sales, service, marketing, commerce, and more by connecting with customers in a whole new way. We harness technologies that can revolutionize companies, careers, and, hopefully, our world.
Salesforce is built on a set of four core values: Trust, Customer Success, Innovation, and Equality. By making technology more accessible, we're helping create a future with greater opportunity and equality for all. This has taken our company to great heights, including being ranked by Fortune as one of the “Most Admired Companies in the World” and one of the “100 Best Companies to Work For” eleven years in a row, and named “Innovator of the Decade” and one of the “World’s Most Innovative Companies” eight years in a row by Forbes.
There are those who choose to work with the best and brightest. And then, there are those who want to do more than just a job. They are the ones improving lives, not only their careers. Having an impact now instead of later. Doing something that’s so much bigger than themselves, an industry, and their company.
We believe everyone can be a Trailblazer. Join Salesforce and discover a future of new opportunities.
- Salesforce.com, Inc Jobs