About Salesforce
We're Salesforce, the Customer Company, inspiring the future of business with AI + Data + CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you've come to the right place.
As the Vice President of the Global Compliance and Certification team, you will report to the SVP of Product Security within the Chief Trust Officer's Organization. You will spearhead the cloud compliance function for Salesforce's commercial and public sector SaaS products. Your role will be pivotal and multifaceted, driving the global compliance strategy and execution to ensure our compliance framework aligns with industry best practices, regulatory requirements, and organizational objectives, and also enable accelerated attainment of newer certifications and efficient maintenance of the existing ones.
What You'll Do:
Lead the team responsible for enhancing Salesforce's Policy Framework, including the review and update of policy management structure, operationalization of governance documents (Policies, Standards, and Procedures) and the Policy Lifecycle Management Process. Responsibilities include:
- Enhancing and Operationalizing the Policy Exception Management Process
- Preparing and presenting risk dashboards and program-level performance reports to executive leadership
- Conducting periodic reviews of policy structures to ensure alignment of governance documents with Enterprise Risk Management (ERM) and the evolving security landscape.
- Reviewing security policy exceptions and managing the policy exception lifecycle as per the defined Policy Exception Process.
- Completing the security exception intake process, including request validation, ensuring request completeness, conducting exception risk assessments, and assigning reviewers in line with the Policy Structure and Salesforce Common Controls Framework requirements.
- Managing the exception lifecycle, including regular follow-ups with requestors, reviewers, remediation owners, and risk owners.
Lead the Vendor Risk Management team, and operationalizing the Third-Party Risk Management Framework globally:
- Overseeing the execution of the TPRM framework by business and functional owners to ensure that third-party outsourced risks are identified, monitored, managed, and reported.
- Performing control evaluations to ensure the operational effectiveness of the framework in compliance with regulatory and management expectations.
- Providing subject matter expertise and support to TPRM stakeholders.
Liaising with Business Groups:
- Collaborating with various business groups, including but not limited to Finance, Legal, Engineering, IT, Product, Support, Marketing, and Sales, to implement new compliance solutions and processes.
- Documenting and tracking remediation of outstanding control findings.
Lead a team to drive Compliance Program for Global SaaS Offerings:
- Executing internal controls readiness checks and external audits with third-party auditors.
- Working across multiple frameworks and regulatory standards, including but not limited to NIST, ISO, EUCS, ISMAP, IRAP, AICPA SOC, FedRAMP, StateRAMP, and TxRAMP.
Maintaining updated Knowledge in Compliance and Risk Management:
- Staying current in the field of compliance and risk management to efficiently work on evolving frameworks.
- Mastering new compliance regimes that support the company's go-to-market strategy, enabling success in new geographies or market segments.
Required/Minimum Qualifications:
- 12+ years of relevant experience in implementing unified compliance strategies for large organizations, including leadership roles in the execution, planning, tracking, and delivery of audit programs.
- 12+ years of experience working in the complex Information Technology-related audit domain.
- Prior management experience in IT, Information Security, Application Development, and/or Cybersecurity Risk Management.
- Proven ability to lead and manage a geographically dispersed, highly talented, and fast-paced team.
- Strong understanding of qualitative vs. quantitative risk management and inherent vs. residual risk, enabling proper determination, evaluation, and reporting on technology risk levels at both the project and enterprise levels.
- In-depth knowledge of security functions, including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
- Exceptional ability to effectively communicate complex and esoteric principles to non-technical stakeholders.
- Demonstrated capability to influence, create a compelling vision, and drive alignment across complex stakeholders and functions to deliver results.
- Certified in security and compliance certifications such as CISSP, CISA, CEH, etc. is a plus.
- University degree or equivalent demonstrated education and/or work experience in fields such as Computer Information Systems, Software Engineering, Information Technology Management, Computer Science, Systems Engineering, or Information Systems/Application Security Architecture.
Accommodations:
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
Posting Statement:
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.
Salesforce welcomes all.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.
For Washington D.C based roles, the base salary hiring range for this position is $270,400 to $432,700.
For California-based roles, the base salary hiring range for this position is $295,600 to $472,900.
Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: Salesforce Benefits.
#J-18808-Ljbffr