Security GRC Senior Manager
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job CategoryEnterprise Technology & Infrastructure
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
The Policy and Governance team is responsible for building and managing the Policy and Standards Management Life Cycle which sets clear security requirements and expectations, enabling Salesforce to make the best security decisions when delivering solutions to our customers. This includes delivering security requirements and specific implementation procedures to our technology, security, and engineering teams, in collaboration with those teams.
We also facilitate information security and data governance processes to ensure alignment and approval of Information Security Policy and Standards, our International Organization for Standardization (ISO) certifications, and governance of our Security GRC data.
Information Security Governance Owner (Security Steering Committee). Drive enterprise security governance strategy and activities ensuring alignment and synergy between the different governance groups across Salesforce. The Information Security Governance Owner’s primary responsibilities include the following:
Consult with other teams looking to create governance and other existing governance organizations
Create an annual plan for core meeting topics, meetings dates in alignment with the above mentioned security governance organizations, and regular and predictable communications
Drive recent recommendations from security governance assessments
Drive the principles, decisions, or direction from the council and committees into the rest of the Security and Engineering organizations
Provide an onboarding experience for all new members supported by documentation
Rigorously follow-up on all action items and provide regular updates to the members
Ensure clear communication of all council committee materials and meeting dates utilizing Salesforce communication channels and in-person meetings
Work with Security Leadership and Engineering to drive accountability, responsibility, and tracking of risk mitigation activities
Gain a deep understanding of the Salesforce security risk governing organizations and ensure alignment
Develop and report on metrics for risk governance and risk reduction activities and communication effectiveness
Engage with members and stakeholders to facilitate the creation of, or update to, agendas, action items, meeting minutes, and meeting follow-up
Drive the engagement of the security risk governance members ensuring we have the right members and they are engaged in impactful activities related to the council and committees
Ensure leadership is updated on key governance information and decisions being made across the enterprise
ISMS Program Owner / Manager. The ISMS Owner / Program Manager is the primary resource dedicated to the active management of the ISMS and its continual improvement. The ISMS Owner’s primary responsibilities include the following:
Manage the work queue for the ISMS GUS Product Tag
Update and maintain all core ISMS documentation, to include; the Statement of Applicability, ISMS Manual, Testing Templates, and Corrective Action Process, etc
Manage the scope of the ISO program and scope expansions, along with the ISO 27001 certification certificate
Assist with both internal and external audits
Provide consultation and advisory services to the Technology Compliance Team and other teams throughout Salesforce with regards to ISO 27001, ISO 27017, ISO 27018, and other related standards
Continually review the health and status of the ISMS with Security Compliance, specifically the main clause areas, and drive continual improvement for those areas with control owners and associated teams
Report on the status of continual improvement and issues for the ISMS to Salesforce Management
Work collaboratively with the Compliance team in updating and approving updates to all related Salesforce ISO documentation
Chair the quarterly ISMS Management Review and monthly ISO 27001 Joint Working Groups meetings
Controls and Compliance. Work with our Common Controls Framework ensuring:
Help install new areas of compliance and updates to certifications
Assist in the implementation of new features in the standards and controls areas of our eGRC tooling
Our ISO standards and ISO related standards controls and sources are kept up-to-date and mapped correctly
Knowledge of regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOC)
Relevant BA/BS degree
10+ years of related security governance experience or equivalent governance experience
Master degree preferred
Experience working in or exposure to large-scale/global organizations
Knowledge and experience of security governance, risk management, security in general
Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively
Knowledge of, or experience working with, Cloud technologies/environments is a plus
Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions
Knowledge of and experience with enterprise business practices and industry trends
Excellent interpersonal and relationship skills
Excellent presentation and communication skills
Excellent analytical and process development skills
Detail oriented with an eye for quality
Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc.
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.
Salesforce welcomes all.For Colorado-based roles, the base salary hiring range for this position is $156,800 to $215,600.Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.