Security GRC, Senior Analyst
Job Category Products and TechnologyJob Details Salesforce's Security, Governance, Risk, and Compliance (GRC) Team is responsible for enterprise wide GRC processes, ensuring Salesforce leadership has the information needed to make strategic risk-based decisions enabling the achievement of Salesforce business objectives. Our team builds and deploys common governance, risk, and compliance processes and this position will be accountable for governance processes and supporting content and tools. In this role, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC Governance team. You have knowledge of commonly used policy, standards, controls, risk and compliance concepts, practices, and procedures for security. You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas or projects with guidance and support from senior team members. You are expected to work independently while still asking for help in some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process.
Responsibilities:
Create and maintain security governance content and the document lifecycle management process for the enterprise information security policy, standards, and implementation solutions Analyze the impact of changes to our information security requirements and manage the change and any issues that may arise with the business units Consult with business or security stakeholders on information security requirements and applicability to their business processes, products, or services Review external certification requirements and compare with internal security requirements to determine if existing controls are sufficient Develop expertise with eGRC tools to create and update security content to be used across the enterprise Identify and create metrics and dashboards to quantify and measure the impact of information security governance processes, including user activity, business unit feedback and usability, and information security issues Execute security governance awareness operations and help develop and maintain awareness materials such as Trailheads, Concierge articles, Confluence pages, etc. and regularly post content in various communications channels Required Skills &
Experience:
Minimum three years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of five years of total work experience Experience in security related analysis, creating metrics and dashboards and summarizing large data sets Ability to work with both business and technical areas and translate between the two areas Excellent verbal and written communication skills and ability to communicate results to multiple levels of management Operational process design, improvement, and implementation experience Demonstrated desire to learn new skills and innovate Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively Excellent interpersonal and relationship skills Excellent analytical and process development skills Detail oriented with an eye for quality Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc. Preferred
Qualifications:
Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders. Familiarity with security frameworks such as FedRAMP, ISO 27001, SOC1/2, PCI, etc. Knowledge of, or experience working with, Cloud technologies/environments is a plus Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions CISSP, CISA, CISM or similar certifications a plus Posting Statement At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits. Salesforce welcomes all. Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Responsibilities:
Create and maintain security governance content and the document lifecycle management process for the enterprise information security policy, standards, and implementation solutions Analyze the impact of changes to our information security requirements and manage the change and any issues that may arise with the business units Consult with business or security stakeholders on information security requirements and applicability to their business processes, products, or services Review external certification requirements and compare with internal security requirements to determine if existing controls are sufficient Develop expertise with eGRC tools to create and update security content to be used across the enterprise Identify and create metrics and dashboards to quantify and measure the impact of information security governance processes, including user activity, business unit feedback and usability, and information security issues Execute security governance awareness operations and help develop and maintain awareness materials such as Trailheads, Concierge articles, Confluence pages, etc. and regularly post content in various communications channels Required Skills &
Experience:
Minimum three years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of five years of total work experience Experience in security related analysis, creating metrics and dashboards and summarizing large data sets Ability to work with both business and technical areas and translate between the two areas Excellent verbal and written communication skills and ability to communicate results to multiple levels of management Operational process design, improvement, and implementation experience Demonstrated desire to learn new skills and innovate Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively Excellent interpersonal and relationship skills Excellent analytical and process development skills Detail oriented with an eye for quality Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc. Preferred
Qualifications:
Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders. Familiarity with security frameworks such as FedRAMP, ISO 27001, SOC1/2, PCI, etc. Knowledge of, or experience working with, Cloud technologies/environments is a plus Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions CISSP, CISA, CISM or similar certifications a plus Posting Statement At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits. Salesforce welcomes all. Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
Salary Range:
$80K -- $100K
Minimum Qualification
IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
