Program Manager, Business Technology Risk & Compliance

Salesforce.Com, Inc. San Francisco , CA 94118

Posted 2 weeks ago

Job CategoryProducts and Technology

Job Details

Title: BT Risk and Compliance Program Manager

Location: SF

Salesforce.com is looking to hire a Program Manager/Analyst to join the Business Technology(BT) team. A successful candidate will have excellent collaboration and communication skills. The role will manage the vulnerability management program within BT along with assisting BT teams in fulfilling compliance requirements. Accomplishment will be measured by improvement to BT's overall risk posture, compliance with various regulations, and providing management visibility to risk.

Because of the company's business model, we are often challenged with unique, cloud centric, interesting security and compliance requests. Our goal is to improve BT's overall compliance posture, by reducing security risk, surpassing any compliance requirements and challenges.

We are looking for relevant work experience, appropriate skill sets, and a mindset that matches that of our department and its culture. This resource will report to BT Risk & Compliance.

Role Responsibilities:

  • Conducts review of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures.

  • Creates policies and procedures to help scale the vulnerability management program to adapt to a dynamic environment

  • Manages vulnerability case queue for Business Technology and works with business partners to ensure timely remediation of vulnerabilities

  • Partners with Salesforce security team to ensure that Business Technology is actively meeting the security and compliance goals set for Salesforce.

  • Supports the documentation, and validation of processes necessary to assure that associates, business technology systems and business processes meet the organization's information assurance, security, privacy, and compliance requirements.

  • Ensures appropriate monitoring of compliance to applicable security policies and audit requirements are in place and functioning, report on their operational effectiveness.

  • Escalates non-compliance issues and risks to BT Risk & Compliance management; follows up on issues with management and IT leadership to ensure carry through of resolutions.

  • Evaluates new security and compliance requirements and determines the impact to existing Business Technology processes and policies

  • Serves as a role model and an effective partner with stakeholders within and outside of Business Technology.

Qualifications and Experiences:

  • 4-6 years of security\risk experience or IT operations experience with supporting certifications (e.g., CISA, CRISC, CISSP).

  • Bachelor of Science degree in Management Information Systems, Computer Science, or a related technical field required.

  • Strong written and verbal communication skills; ability to effectively communicate across all levels of the Company; attention to detail.

  • Vulnerability Management experience preferred.

  • Past experience administering client and server level operating systems a plus (e.g., Windows, Mac OS, Linux)

  • Experience developing, championing, and managing internal compliance programs a plus.

  • Prior experience in a compliance and/or regulatory environment related to security and privacy including security compliance standards across industries and geographies such as FedRAMP, PCI, ISO 27001, HIPAA, SOC, SOX, a plus.

Posting Statement

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Technical Program Manager Governance Risk & Compliance

Cruise Automation

Posted 5 days ago

VIEW JOBS 11/9/2018 12:00:00 AM 2019-02-07T00:00 We're the driverless car company. We believe in improving people's lives by making transportation safer, more accessible, and more convenient. We're building the world's most advanced software to fuel the driverless cars that safely connect people to the places, things, and experiences they care about. We seek and embrace diversity in all of its forms. We continuously push ourselves to think differently and take ownership wherever it's needed. This is a place for dreamers and doers to succeed. If you share our passion for achieving what some say is impossible, join us. About the role: Cruise is looking for an experienced Technical Program Manager to initiate, define and manage GRC projects and drive project issues to resolution. We're looking for an excellent communicator with a passion for security who has experience leading and managing ongoing initiatives across teams. Day-to-day responsibilities include: * Develop program roadmaps and delivery plans for various aspects of the GRC program * Work with product managers to ensure existing and new initiatives are prioritized and sized with acceptance criteria * Ensure engineering and TPM counterpart(s) always know the highest priority work to be working on in the short to medium term * Work proactively with the GRC Manager to align and reflect GRC initiatives * Communicate to program lead and cross-functional teams accomplishments, misses, and blockers to milestones * Ensure planned workload and hiring plan are in sync over time * Support the design and evaluation of technology solutions and implementation frameworks/systems to enable governance and overall compliance * Provide metrics on how data is being used and demonstrate how governance policies are achieving requirements and reducing enterprise security risk * Refine processes & tools used by your team and its cross-functional contributors * Advocate on behalf of security & appropriate access controls across the organization * Track and report on project progress, proactively drive corrective actions as needed * Create and organize project documentation You should apply for this role if you have the following qualifications: * 6+ years of experience managing technical projects in a fast-paced tech company and/or highly regulated industry * Experience managing cross-functional security compliance initiatives * Demonstrated knowledge of risk management, governance, security compliance initiatives including supporting systems, solution architectures and implementation methodologies * Highly collaborative, dynamic problem-solver - ability to lead, motivate and influence others even without direct reporting authority * Ability to understand complex technical systems * Ability to thrive in a fast-paced, ambiguous environment with minimal direction * Excellent written and verbal communication skills & ability to work across disciplines, interacting confidently with stakeholders at all levels, from executives to staff * Organized, excellent attention to detail, and results oriented * Bachelor's or Master's Degree in a related field or equivalent combination of education and experience Bonus points! * Experience managing a GRC (or related) program at a high-growth tech company * Experience managing cross-functional security compliance initiatives * Experience leading business continuity exercises and security tabletops * Professional certifications in security, compliance, or enterprise risk management Perks of being a Cruiser: While doing meaningful work is the best perk of all, we also offer the following programs and benefits to support the extraordinary humans who serve as the backbone in making our robot cars go: * The opportunity to solve difficult problems that have immediate and valuable real-world applications * Competitive salary and benefits including 401k Cruise matching program to help you meet your long-term financial goals * Medical / dental / vision, AD+D and Life * Paid parental leave so you can spend time with the newest addition(s) to your family's fleet * Health and Wellness reimbursement * Annual Learning and Development stipend * Company-sponsored tech talks, happy hours, off-sites, and volunteer programs * Flexible vacation and 10 paid company holidays * State of the art equipment for your work station * Healthy lunch, dinner, and snacks Take a glimpse through the lens of a Cruiser on our LinkedIn Page GM Cruise LLC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, gender identity or expression, veteran status, or genetics. In addition to federal law requirements, GM Cruise LLC complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Pursuant to applicable laws including the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Privacy Statement Cruise Automation San Francisco CA

Program Manager, Business Technology Risk & Compliance

Salesforce.Com, Inc.