Security GRC Senior Analyst

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category
Enterprise Technology & Infrastructure

Job Details

About Salesforce

We're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.

• Assess security risk and ensure that controls are designed to appropriately mitigate security risk.
• Assess control effectiveness to ensure ongoing compliance.
• Drive existing or newly identified initiatives between stakeholder organizations creating synergies and reducing risk of non-compliance with internal or external requirements
• Consult with business or security stakeholders on information security requirements and applicability to their business processes, products, or services
• Create and maintain relationships with key business, legal, Employee Success, Internal Audit, technical/engineering stakeholders, and other organizations throughout the company who provide expertise in security requirements and solution management
• Focus on continuous improvement of operational processes and designing innovative and automated functionality for added efficiency
• Identify and create metrics and dashboards to quantify and measure the impact of security processes that you drive
• Effectively communicate compliance positions and programs to applicable business stakeholders

• Minimum 3 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 3-5 years of total work experience
• Experience working with Government Cloud environments such as AWS, Azure, GCP (SaaS, IaaS, PaaS etc)
• Experience in security related analysis, creating metrics and dashboards and summarizing large data sets
• Ability to work with both business and technical areas and translate between the two areas
• Skilled at building rapport and establishing partnerships
• Excellent verbal and written communication skills and ability to communicate results to multiple levels of management
• Knowledge of multiple regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOX, SOC, HITRUST, HIPAA, FedRAMP, DOD SRG IL4/IL5, PCI, etc.)
• Operational process design, improvement, and implementation experience
• Demonstrated desire to learn new skills and innovate
• Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively
• Excellent interpersonal, relationship, and organizational skills
• Excellent analytical and process development skills
• Detail oriented with an eye for quality
• Drive improvements in existing processes and develop new innovative and efficient solutions
• Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc.

• Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders
• Experience working with the Authorizing Officials and DISA Cloud Assessment Division
• Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions

• Knowledge of, or experience working with, Cloud technologies/environments is a plus
• CISSP, CISA, CISM, AWS or similar certifications a plus