Come join the Security Governance, Risk, and Compliance (GRC) team at Salesforce! Grounded in Salesforce’s core values of Trust, Customer Success, Innovation, and Equality, this team works across Salesforce to deliver sustainable, world-class compliance solutions that protect the company and enable the success of our customers and Salesforce.
The Security GRC team is responsible for helping Salesforce achieve and maintain authorizations and certifications that enable Salesforce services to be used across the world. Specifically, this team is responsible for advisory, readiness, audit, and continuous monitoring programs for Salesforce business and activities across the globe. You will be directly involved in shaping compliance programs at Salesforce.
In this role, you will work with a team of subject matter experts from multiple disciplines and countries to help define and deliver on the compliance needs of the business. You will be helping Salesforce deliver and support new compliance offerings for our customers. This role is focused on cultivating relationships with certification accreditation bodies, developing a strong understanding of customer requirements and expectations, delivering expert guidance to Salesforce teams as they work to satisfy government expectations, and supporting ongoing activities required to achieve and maintain industry authorizations and certifications. This role requires a knowledge and understanding of compliance frameworks such as Spain ENS and ISO 27001/27017/27018. Knowledge of additional commercial compliance frameworks such as SOC, NIST Risk Management Framework, and NIST Special Publication 800-53 is a plus.
Success will be measured by your ability to assist with the execution of various stages of the audit cycle for international certifications including planning, readiness, evidence collection, testing, and reporting; assist with the completion of high-quality work products including project plans, work papers, evidence checklists, and audit reports; work collaboratively and establish strong connections with various members of the Security GRC organization, consulting partners, external auditors, regulators and business partners in various regions, and serve as an advisor to the business; demonstrate eagerness, and intellectual curiosity to learn more about Salesforce services, cybersecurity concepts, and compliance frameworks; stay flexible to change, be agile to deliver, and keep up with the latest trends in the market. You will also co-author and manage your annual work planning via an annual corporate-aligned planner.
Serve as a primary point of contact for Spanish compliance programs and cultivate strong working relations with European government regulators, accreditation bodies, and authorized auditing firms alongside other Security GRC Orchestration team members.
Manage the overall execution of compliance programs aimed at achieving and maintaining Spanish government accreditations and certifications.
Develop, maintain, and deliver Salesforce compliance accreditation materials in support of Spanish and other European government accreditations and certifications.
Proactively evaluate and advise the business on new and evolving certification programs, requirements, and technologies.
Maintain an in-depth understanding of key European public sector compliance requirements, standards, guidance, and interpretations.
Deliver accurate and actionable compliance guidance and direction to internal stakeholders.
Effectively communicate execution status, key accomplishments, and risks that impact Salesforce’s ability to achieve or maintain compliance accreditations or certifications to Salesforce leadership.
Build strong cross-functional relationships with business partners to facilitate the development of strong compliance programs that support continuous improvement and operational efficiency.
Collaborate with cross-functional team members to gather evidence in support of internal and external assessments and audits.
Work with external auditors.
Citizen of the European Union
Verbal and written fluency in English and Spanish
10+ years of related compliance and/or security experience
Strong working knowledge of risk management frameworks
Detailed working knowledge and prior experience in audit execution of ISO 27001/17/18 and Spain ENS requirements
Detailed working knowledge of European compliance frameworks and requirements
Experience working with European government regulators and accreditation bodies
Ability to operate autonomously and lead meetings and projects with minimal guidance
Analytical thinker, highly organized, detail-oriented, ability to multi-task
A proactive goal achiever who innovates to go above and beyond expectations to get the job done and is comfortable working in a fast-paced, dynamic environment incorporating constant change as we grow
An up-to-date functioning understanding of current Cyber Security trends
BS degree in Management Information Systems, Computer Science, or equivalent experience
Passion for the success of the Salesforce Ohana (colleagues, customers, and partners), Security GRC, and delivering innovative programs that reinforce Salesforce's focus on Trust.
Prior experience in audit execution of one or more of following compliance frameworks - SOX, SOC, PCI DSS, NIST, FedRAMP, and regional certifications such as Germany C5, Japan PrivacyMark, Japan CS Gold, Australia iRAP, UK Cyber Essentials, Netherlands NEN7510, France ASIP Sante HDS, etc.
Supporting certifications (e.g., CISA, CRISC, CISSP)
Experience working in large-scale, global organizations
Excellent interpersonal and negotiation skills
Very strong written and verbal communication and presentation skills
Ability to build relationships, motivate people, instill accountability, and drive results
Experience working with cloud computing companies and/or technologies
Agile, proactive, and comfortable working in ambiguous situations
Indica debajo en que area estas buscando una función similar y no olvides poner tu correo electrónico.