To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job CategoryProducts and Technology
Come join the Security Governance, Risk, and Compliance (GRC) team at Salesforce! Grounded in Salesforce’s core values of Trust, Customer Success, Innovation, and Equality, this team works across Salesforce to deliver sustainable, world-class compliance solutions that protect the company and enable the success of our customers and Salesforce.
The Security GRC team is responsible for helping Salesforce achieve and maintain authorizations and certifications that enable Salesforce services to be used across the world. Specifically, this team is responsible for advisory, readiness, audit, and continuous monitoring programs for Salesforce business and activities across the globe. You will be directly involved in shaping compliance programs at Salesforce.
This role is focused on establishing cross-functional alignment with key business stakeholders and executing compliance workstreams to help bring new products and services to public sector markets. In this role, you will lead a team of subject matter experts from multiple disciplines to support public sector compliance surveillance, advisory and readiness projects. In the end, you will be helping Salesforce deliver new products and capabilities to our global suite of public sector customers.
This role requires a solid operational understanding of the U.S. NIST Risk Management Framework and related NIST publications. This role also requires advisory, consultative, and/or operational experience with FedRAMP as well as other department or agency specific compliance frameworks, including those published by the DoD, DHS, IRS, CMS. Knowledge of commercial compliance frameworks such as ISO 27001, IASE 3402 (SOC), PCI DSS, and HITRUST is a plus.
Success will be measured by your ability to build executive and cross-functional relationships, help establish and drive public sector compliance strategy, enable the delivery of expert compliance guidance and support to Salesforce teams as they work to satisfy new and changing public sector requirements.
Key Responsibilities :
Serve as a primary Security GRC point of contact for public sector strategy and programs;
Manage the execution of public sector compliance surveillance, advisory and readiness programs;
Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies;
Engage with cross-functional teams to provide regular updates to executive leadership;
Lead a team of Salesforce employees and contractors, providing coaching and mentoring to the team to enable their success and continued development;
Maintain an in-depth understanding of key U.S. public sector compliance requirements, standards, guidance, and interpretations;
Maintain an operational working understanding of key international public sector compliance requirements, standards, guidance, and interpretations;
Support the delivery of accurate and actionable compliance guidance and direction to internal stakeholders from across the company;
Effectively communicate vision, strategy, status, accomplishments, and risks that impact Salesforce’s ability to achieve or maintain compliance accreditations or certifications to Salesforce leadership;
Build strong cross-functional relationships with business partners to facilitate the development and execution of strong compliance programs that support continuous improvement and operational efficiency;
Strategic Thinker : Ability to translate details into bigger picture implications driving the business forward, challenging the status quo. Understands industry, market, and organizational dynamics with the intellectual horse-power to handle growing complexity and ambiguity. Aligns the right resources to the task at hand; foresees and plans around obstacles.
Innovate for Growth : Always thinking about how to make improvements. Able to implement changes that map to business strategy. Stays abreast of cutting-edge technology, security and compliance trends.
Builds Trust and Credibility : Makes decisions based on the organization’s values - actions are consistent with the company’s core values. Ability to set clear vision - role models a growth mindset and shares mistakes widely for others to benefit and embraces a learning mentality.
Lead & Adapt to Change : Thrives in a changing, dynamic environment and can drive operational efficiencies that map to changing needs. Relishes leading even when times are tough and models the attributes of a GREAT leader. Salesforce Great Leader characteristics include being Salesforce Smart, ability to Get it Done, Win as a Team, Motivate and Champion, and being a Courageous Communicator.
Courageous Communication : Be able to take an unpopular stand if necessary for the betterment of our business. Must encourage a transparent and healthy debate while seeking the best alternative. This leader is looked to for direction in a crisis, faces adversity head on, and is energized by tough challenges.
Talent Management : Has a passion for building great teams. Proven ability to develop others who have significantly contributed to company success with a history of making good hiring decisions and developing a strong bench of successors. Champions talent beyond their own organization.
10+ years of related compliance and/or security experience
7+ years of public sector compliance experience
Strong working knowledge of risk management frameworks
Detailed working knowledge of NIST RMF and FedRAMP
Detailed working knowledge of U.S. public sector compliance requirements
Functional working knowledge of international public sector compliance requirements
Ability to operate autonomously as well as lead teams and programs with minimal oversight
Analytical yet flexible thinker, highly organized, detail-oriented, ability to adapt and multi-task
A proactive goal achiever who innovates to go above and beyond expectations to get the job done and is comfortable working in a fast-paced, dynamic environment incorporating constant change as we grow
BS degree in Management Information Systems, Computer Science, or equivalent experience
Drive for Salesforce success (colleagues, customers, and partners), Security GRC, and delivering innovative programs that reinforce Salesforce's focus on Trust.
Detailed working knowledge and prior experience in execution of U.S. public sector compliance requirements, including FedRAMP, CMS, DoD, DHS, IRS, etc.
Experience setting organizational vision and strategy
Experience working in large-scale, global organizations
Excellent interpersonal and negotiation skills
Very strong written and verbal communication and presentation skills
Ability to build relationships, motivate people, instill accountability, and drive results
Supporting certifications (e.g., CISA, CRISC, CISSP)
Experience working with cloud computing companies and/or technologies
Agile, proactive, and comfortable working in ambiguous situations
*LI-YThis candidate must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship and agrees to complete a U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position.
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org .
Salesforce welcomes all.