Director - CCF Development and Governance

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Enterprise Technology & Infrastructure

Job Details

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM+Trust. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place!

About Our Team

In your capacity as the leader of Salesforce's Common Controls Framework (CCF) development and governance, you will report directly to the Vice President of Compliance Automation and Strategy, a division within the Product Security Organization. Your primary responsibilities will necessitate a comprehensive understanding of various security certification frameworks, including but not limited to AICPA SOC, ISO, PCI, NIST, ISMAP, EUCS, Spanish ENS, and Australian IRAP, as well as other global certifications. You will be tasked with leading a team responsible for aggregating these frameworks into a unified Common Controls Framework.

Your role will encompass the evolution, design, governance, and maintenance of this Common Controls Framework, along with coming up  with implementation and audit guidance.. This includes identifying common themes and risks associated with each framework, as well as developing and implementing a strategy for its continued maturity. This framework will serve as the core strategy for all certification and regulatory compliance work undertaken by Salesforce!
 

Impact - Responsibilities 

• Lead a team in designing, governing, and maintaining Common Controls and their implementation strategies for all Salesforce certifications

• Collaborate with the Product Security Global Compliance Certification and product engineering teams to support the adoption and onboarding of the common control framework, aiming to achieve various compliance certifications

• Own a Change Advisory Board (CAB) as part of the common controls framework development along with engineering, legal, HR, finance, and other key collaborator teams to encompass the changes and enhancements to the framework

• Develop a strategy to streamline assessments, timelines, and processes for compliance certification programs, enabling Salesforce to rapidly scale and adapt for new certifications and regulations

• Develop and implement a comprehensive Common Controls Framework Governance, Risk, and Compliance strategy that aligns with Salesforce’s objectives.

• Identify and implement strategies to reduce compliance toil on engineering by evolving the common control framework through automation of compliance controls

• Partner with the Compliance Automation and engineering teams to support automating compliance controls across product engineering teams and automate the collection of evidence and artifacts for internal and external audits

• Work with executive leadership, engineering, and other key partners to identify security risks and develop effective mitigation strategies through the Common Controls Framework.

• Stay informed about emerging threats, vulnerabilities, industry frameworks/regulatory changes, and trends to continually enhance the company’s security posture and compliance

• Provide regular updates and reports to executive leadership on the progress of CCF development and adoption, other information security initiatives, and compliance efforts

• Promote a culture of security awareness and accountability across the organization through training, communication, and public engagement with governing bodies

• Build, inspire, and mentor a high-performing team of security professionals, fostering their professional growth and skill development

• Actively participate in different regulatory bodies to help supply to Salesforce’s expanding involvement in shaping best industry standards

 

Minimum Qualifications

• BA or BS in Computer Science or equivalent experience, e.g. with a focus in Information Technology 

• Validated background in software engineering or development, with a focus on Application or Product Security

• 7-10 years of relevant experience in creating and implemeting unified compliance strategy for a large organization and playing a critical role in execution, planning, tracking, delivery of audit program

• In depth knowledge of Compliance frameworks is a must (e.g., SOC2, ISO27001, ENS, IRAP, PCI, FedRAMP, StateRAMP, CMMC, NIST 800-171, NIST 800-53, ISMAP, ENS, TISAX, etc.)

• Knowledge of Core IT processes / services such as SDLC, Identity/User Access management, Vulnerability Management, Backup and DR processes is a must

• Outstanding communication and interpersonal abilities, adept at influencing and collaborating with diverse partners

Required Qualifications

• Strong Understanding of application architectures, design principles, common security flaws, and mitigation techniques as outlined by OWASP and SANS

• Proficiency in authentication mechanisms like SAML and OAuth

• Capable of clearly conveying security and risk concepts to both technical and non-technical audiences

• Known to work in presenting to and engaging with senior executive leaders’ different risks and upcoming governance

• Confirmed capacity to remain calm and effective under fast paced and high-stress conditions. Strong critical thinking skills with hard-working analytical problem-solving capabilities

• Consistent record of maintaining a centralized framework and running different review boards

• Strong Project Management skills, being able to balance and track multiple projects going on at the same time to completion.

• Ability to partner with and lead others not reporting directly to you and being a standout colleague

• Experience providing clear instructions and details with technical and non-technical members. 

• Ability to prioritize in a constantly evolving environment

Preferred Qualifications

• Relevant certifications like CISA, CISSP, CCSK, others, will be a plus

• Experience with a big 4 is a plus

LI*-Y

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

For Washington D.C based roles, the base salary hiring range for this position is $204,400 to $296,400.

For California-based roles, the base salary hiring range for this position is $223,000 to $323,400.

Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.