Salesforce.Com, Inc. San Francisco , CA 94118
Job CategoryProducts and Technology
Title: BT Risk and Compliance Program Manager
Salesforce.com is looking to hire a Program Manager/Analyst to join the Business Technology(BT) team. A successful candidate will have excellent collaboration and communication skills. The role will manage the vulnerability management program within BT along with assisting BT teams in fulfilling compliance requirements. Accomplishment will be measured by improvement to BT's overall risk posture, compliance with various regulations, and providing management visibility to risk.
Because of the company's business model, we are often challenged with unique, cloud centric, interesting security and compliance requests. Our goal is to improve BT's overall compliance posture, by reducing security risk, surpassing any compliance requirements and challenges.
We are looking for relevant work experience, appropriate skill sets, and a mindset that matches that of our department and its culture. This resource will report to BT Risk & Compliance.
Conducts review of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures.
Creates policies and procedures to help scale the vulnerability management program to adapt to a dynamic environment
Manages vulnerability case queue for Business Technology and works with business partners to ensure timely remediation of vulnerabilities
Partners with Salesforce security team to ensure that Business Technology is actively meeting the security and compliance goals set for Salesforce.
Supports the documentation, and validation of processes necessary to assure that associates, business technology systems and business processes meet the organization's information assurance, security, privacy, and compliance requirements.
Ensures appropriate monitoring of compliance to applicable security policies and audit requirements are in place and functioning, report on their operational effectiveness.
Escalates non-compliance issues and risks to BT Risk & Compliance management; follows up on issues with management and IT leadership to ensure carry through of resolutions.
Evaluates new security and compliance requirements and determines the impact to existing Business Technology processes and policies
Serves as a role model and an effective partner with stakeholders within and outside of Business Technology.
Qualifications and Experiences:
4-6 years of security\risk experience or IT operations experience with supporting certifications (e.g., CISA, CRISC, CISSP).
Bachelor of Science degree in Management Information Systems, Computer Science, or a related technical field required.
Strong written and verbal communication skills; ability to effectively communicate across all levels of the Company; attention to detail.
Vulnerability Management experience preferred.
Past experience administering client and server level operating systems a plus (e.g., Windows, Mac OS, Linux)
Experience developing, championing, and managing internal compliance programs a plus.
Prior experience in a compliance and/or regulatory environment related to security and privacy including security compliance standards across industries and geographies such as FedRAMP, PCI, ISO 27001, HIPAA, SOC, SOX, a plus.
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay fees to any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.