Security GRC Manager

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Enterprise Technology & Infrastructure

Job Details

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

About Salesforce
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM+Trust. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

About Our Team
Salesforce is looking to hire for a Manager on our Security GRC team to grow and mature our Canada Public Sector Compliance offerings at Salesforce. This role is responsible for building the strategy for Salesforce’s Cloud Service Provider (CSP) Information Technology Security (ITS) assessment program under the directive of the Canadian Centre for Cyber Security (CCCS) . This role has a global reach and directly supports sales growth as well as our #1 core value of Trust, focused on evaluating technology controls, performing audit readiness/execution, and acting as a compliance subject matter expert to the business, and engaging directly with the Government of Canada in the ITS assessment program. In addition, this role will support the onboarding and migration of new engineering services to our standardized public cloud deployment model, called Hyperforce. This role will also work directly with our internal engineering, security, and product teams on current and future capabilities that could affect the compliance of our products.

A successful candidate for this role will be a good communicator who excels at explaining complex technology to diverse audiences (across varying technical and business backgrounds) in a way that fosters understanding and ownership. Innovation, creativity and critical thinking are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirements. The ability to build influence and evangelize for new initiatives among scollaboratorsand engineering teams in multiple organizations will be an essential driver for success, as will an unflappable demeanor and grace under pressure. This role will work with the business at all organizational layers, so it will be important to demonstrate flexibility in approach, communication style and depth of understanding!

As a result of the Company’s on-demand application service technologies and "software-as-a-service" business model, the Security GRC team often confronts novel and challenging compliance issues. The successful candidate must be comfortable working in a very fast-paced and constantly changing environment and collaborating across multiple GRC teams including Compliance Onboarding & Design and GRC Security Compliance!

Team - GRC Compliance Onboarding & Design (CO&D)
The CO&D team is responsible for evaluation, prioritization and commitment decisions for net-new requests to pursue new security compliance certifications. Additionally, the CO&D team is responsible for the execution of compliance readiness for new products looking to achieve certifications. In capacity as Canada Public Sector Compliance lead, this role will be expected to lead Salesforce’s Cloud Service Provider (CSP) Information Technology Security (ITS) assessment program strategy to address anticipated changes to the CSP ITS program. This role will drive strategy to onboarding new products to Salesforce’s CSP ITS assessment program and lead audit readiness aligned to Salesforce’s sales growth strategy. While focused on Canadian Public Sector compliance, this role will also support other compliance frameworks such as NIST 800-53, SOC 2, ISO 27001/17/18, HIPAA, HITRUST and/or PCI.



Impact - Responsibilities:

• Lead Salesforce’s Canadian Public Sector Compliance program aligned to CCCS CSP ITS program.

• Run engagement with the Government of Canada for the CSP ITS program.

• Partner across GRC teams to build and implement the CSP ITS Program strategy

• Lead compliance onboarding strategy including product prioritization, readiness testing, document results, and provide updates to the Security management, and internal partners (Public Sector, Engineering, Sales, Product Management, Legal, etc.)

• Plan, coordinate and implement work assignments with process/control owners and external auditors

• Lead the timely and high-quality execution of GRC landmarks

• Advise process & control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)

• Proactively identify gaps or conflicts in existing policies and processes and work to develop solutions with internal business partners.

• Assist with and drive remediation of process and control deficiencies and gaps identified internally and externally

• Educate and train process/control owners to better understand the security controls framework and their responsibilities

• Evaluate and advise on new and evolving certification programs and technology.

• Build strong relationships with business partners and facilitate continuous improvement aligned with operational processes.

• Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to our business partners.
  

Minimum Qualifications:

• BA or BS in Computer Science or any related subject area, or 5+ years of experience in Canadian Public Sector security requirements at Protected B security level

• Prior experience leading a program to maintain compliance with Government of Canada Security requirements

• Demonstrable experience engaging with the CCCS on the CSP ITS program

• Experience advising and presenting to internal partners (Public Sector, Engineering, Sales, Product Management, Legal, etc.)

• In-Depth technical background with a good understanding of security concepts and practical usage (Network Engineering, Network Security, Threat and Vulnerability Management, Database, SDLC, and Release Management)

• Demonstrable experience working with Cloud technologies/environments, including evaluating and implementing controls on Infrastructure as a Service (IaaS) environments

• Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries and geographies such as NIST 800-53, ISO 27001, SOC, HIPAA, PCI, HITRUST, and/or FedRAMP

• Proven security experience in IT audit or advisory
  

Required Qualifications:

• Analytical problem solver with strong organizational skills and attention to detail

• Ability to work efficiently with minimal oversight/direction

• Excellent written and verbal communication skills

• Strong cross team collaboration skills

• Ability to travel up to 10%
  

Preferred Qualifications:

• Relevant Security certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK) are a plus

• Canadian Secret Level Security Clearance
  

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form .

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com .

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce .

Salesforce welcomes all.

For British Columbia-based roles, the base salary hiring range for this position is CAD 124,700 to CAD 171,500.