Senior Manager, Information Security & Compliance

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category
Enterprise Technology & Infrastructure

Job Details

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

As the adoption of Salesforce for critical applications in the enterprise accelerates, so does the requirement for our prospects and customers to learn more about how we keep their data secure. The Senior Manager, Information Security will be the interface between Salesforce Security and our customers and prospects to ensure they are successful with their own internal compliance and vendor-management efforts related to Salesforce.

Salesforce Security and Compliance Expert for Customers and Prospects

• Strategic Security Partnership: Serve as a trusted security advisor by developing a deep understanding of customer business objectives, risk posture, and strategic challenges, ensuring alignment between customer requirements and Salesforce security capabilities.
• Customer Assurance & Trust: Act as the primary security representative for customers, prospects, and internal stakeholders, leading responses to security, risk, and compliance assessments, questionnaires, and due diligence requests.
• Executive Stakeholder Engagement: Build and strengthen customer trust through executive-level security discussions, briefings, and strategic engagements with customers, prospects, and key decision-makers.
• Security & Compliance Thought Leadership: Serve as a Subject Matter Expert (SME) on Salesforce's security, privacy, compliance, reliability, and architectural capabilities, effectively articulating and advocating Salesforce's trust posture in customer-facing interactions.
• Cross-Functional Security Advocacy: Partner closely with Product Management, Engineering, Legal, Privacy, and Security teams to ensure customer-facing security messaging, documentation, and responses accurately reflect current capabilities and best practices.
• Vulnerability & Risk Management: Review, analyze, and interpret customer-generated security findings, penetration test reports, and risk assessments, collaborating with internal teams to drive timely remediation and risk mitigation.
• Incident Response Support: Act as the customer-facing security escalation point during security incidents, partnering with Incident Response, Support, and Engineering teams to ensure effective communication and resolution.
• Contractual & Compliance Advisory: Collaborate with Legal, Privacy, and Compliance teams to address customer-specific contractual, regulatory, and compliance requirements.
• Field Enablement & Security Positioning: Develop and deliver security and compliance enablement programs for Sales, Services, and Partner teams, ensuring consistent messaging, positioning, and customer engagement best practices.
• Product Roadmap Influence: Consolidate customer security and compliance requirements and provide actionable insights to Product Management and Engineering teams to help shape the security product roadmap.
• Security Content Development: Contribute to the creation and maintenance of security and compliance collateral, including white papers, security questionnaires, customer assurance documentation, and best-practice guides.
• Service Expertise Development: Maintain deep expertise across Salesforce products and services by collaborating with product teams and global subject matter experts to stay current on emerging security capabilities and industry trends.
• Regulatory & Industry Engagement: Partner with Public Policy and Regulatory Affairs teams to support industry consultations, regulatory initiatives, and evolving compliance requirements relevant to customers and Salesforce.

• Bachelor's degree with 10+ years of experience in information security, security architecture, governance, risk and compliance, with a meaningful portion spent in customer-facing or external-stakeholder roles.
• Good understanding of the regulatory environment in India as it pertains to public sector procurement practices, Government e-Marketplace (GeM), and Ministry of Electronics and Information Technology (MeitY) SaaS empanelment requirements.
• Familiarity with public sector tendering processes.
• Experience interpreting the intent of specific customer questions and mapping them to industry-standard controls.
• Experience conducting penetration tests and vulnerability assessments across various platforms, including web applications, networks, and mobile devices.
• Experience using industry-standard tools and frameworks such as Metasploit, Burp Suite, Nmap, and Wireshark, along with a strong understanding of common security protocols and attack vectors.
• Extensive background in providing specialized support to public sector entities at both state and federal levels, alongside significant experience within the Indian financial services industry.
• Comprehensive understanding of the Indian public sector procurement landscape, including Government e-Marketplace (GeM) protocols, MeitY SaaS empanelment criteria, and standard RFI/RFP frameworks.
• Proven track record in managing and facilitating technical responses for tenders, specifically focusing on security architecture, risk mitigation, and compliance standards.
• Active engagement in the broader security community, including presenting at industry conferences and partnering with policy teams to contribute to regulatory consultations.

• Excellent communication and presentation skills.
• Good understanding of public cloud platforms such as AWS, GCP, and Azure.
• Familiarity with one or more security and regulatory frameworks:
  
  
  • NIST 800-53
  • NIST Cybersecurity Framework
  • PCI-DSS
  • ISO 27001
  • ISO 27017
  • ISO 27018
• Strong understanding of Indian Security and Privacy Regulations, including but not limited to:
  
  
  • Digital Personal Data Protection Act (DPDPA)
  • RBI IT Outsourcing Guidelines
  • SEBI Regulations
  • CSCRF
• Proven experience in supporting and managing security incident response activities, coupled with thorough hands-on knowledge of Security Information and Event Management (SIEM) tools such as Splunk, Google Chronicle, and New Relic, as well as cloud logging services such as AWS CloudTrail.
• Ability to analyze and interpret complex audit logs to assist customers with incident assessments and provide expert support.
• Demonstrated expertise in conducting and overseeing application security assessments, vulnerability scanning, and penetration tests.
• Thorough understanding of secure coding guidelines and industry-standard risk frameworks, including:
  
  
  • OWASP Top 10
  • SANS Top 25 Common Weakness Enumerations
• Experience managing one or more compliance certifications or audits, either as an auditor or responder:
  
  
  • PCI-DSS
  • ISO 27001
  • SOC 1
  • SOC 2
• Familiarity with public cloud architectures, security practices, and compliance documentation.
• Experience supporting Public Sector customers across state and federal agencies, as well as the financial services industry.
• Experience supporting responses to public sector tenders, RFPs, and RFIs from a security architecture, risk, and compliance perspective.
• Strong team player.