Vice President, Global Compliance and Certification
California - San Francisco
Applications have closed
Salesforce
Bieten Sie die beste Customer Experience mit einem einzigen CRM-Tool für Sales, Kundenservice, Marketing, Commerce & IT. Jetzt 30 Tage testen!To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category
ProductJob Details
About Salesforce
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
As the Vice President of the Global Compliance and Certification team, you will report to the SVP of Product Security within the Chief Trust Officer's Organization. You will spearhead the cloud compliance function for Salesforce's commercial and public sector SaaS products. Your role will be pivotal and multifaceted, driving the global compliance strategy and execution to ensure our compliance framework aligns with industry best practices, regulatory requirements, and organizational objectives, and also enable accelerated attainment of newer certifications and efficient maintenance of the existing ones.
What You’ll Do:
In this role, you will lead the team responsible for enhancing Salesforce’s Policy Framework, including the review and update of policy management structure, operationalization of governance documents (Policies, Standards, and Procedures) and the Policy Lifecycle Management Process. Additionally, your responsibilities will include:
Enhancing and Operationalizing the Policy Exception Management Process
Preparing and presenting risk dashboards and program-level performance reports to executive leadership
Conducting periodic reviews of policy structures to ensure alignment of governance documents (Policies, Standards, Procedures, and Security Baselines) with Enterprise Risk Management (ERM) and the evolving security landscape.
Reviewing security policy exceptions and managing the policy exception lifecycle as per the defined Policy Exception Process.
Completing the security exception intake process, which includes request validation, ensuring request completeness, conducting exception risk assessments, and assigning reviewers in line with the Policy Structure and Salesforce Common Controls Framework requirements.
Managing the exception lifecycle, including regular follow-ups with requestors, reviewers, remediation owners, and risk owners.
Lead the Vendor Risk Management team, and operationalizing the Third-Party Risk Management Framework globally:
Overseeing the execution of the TPRM framework by business and functional owners to ensure that third-party outsourced risks are identified, monitored, managed, and reported.
Performing control evaluations to ensure the operational effectiveness of the framework in compliance with regulatory and management expectations.
Providing subject matter expertise and support to TPRM stakeholders.
Liaising with Business Groups:
Collaborating with various business groups, including but not limited to Finance, Legal, Engineering, IT, Product, Support, Marketing, and Sales, as well as other stakeholders globally, to implement new compliance solutions and processes.
Documenting and track remediation of outstanding control findings.
Lead a team to drive Compliance Program for Global SaaS Offerings:
Executing internal controls readiness checks and external audits with third-party auditors.
Working across multiple frameworks and regulatory standards, including but not limited to NIST, ISO, EUCS, ISMAP, IRAP, AICPA SOC, FedRAMP, StateRAMP, and TxRAMP.
Maintaining updated Knowledge in Compliance and Risk Management:
Staying current in the field of compliance and risk management to efficiently work on evolving frameworks.
Mastering new compliance regimes that support the company's go-to-market strategy, enabling success in new geographies or market segments.
Required/Minimum Qualifications:
12 + years of relevant experience in implementing unified compliance strategies for large organizations, including leadership roles in the execution, planning, tracking, and delivery of audit programs.
12+ years of experience working in the complex Information Technology-related audit domain.
Prior management experience in IT, Information Security, Application Development, and/or Cybersecurity Risk Management.
Proven ability to lead and manage a geographically dispersed, highly talented, and fast-paced team.
Strong understanding of qualitative vs. quantitative risk management and inherent vs. residual risk, enabling proper determination, evaluation, and reporting on technology risk levels at both the project and enterprise levels.
In-depth knowledge of security functions, including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.
Exceptional ability to effectively communicate complex and esoteric principles to non-technical stakeholders.
Demonstrated capability to influence, create a compelling vision, and drive alignment across complex stakeholders and functions to deliver results.
Certified in security and compliance certifications such as CISSP, CISA, CEH, etc is a plus
University degree or equivalent demonstrated education and/or work experience in fields such as Computer Information Systems, Software Engineering, Information Technology Management, Computer Science, Systems Engineering, or Information Systems/Application Security Architecture.
Accommodations
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
Posting Statement
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.
Salesforce welcomes all.
Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.For Washington D.C based roles, the base salary hiring range for this position is $270,400 to $432,700.For California-based roles, the base salary hiring range for this position is $295,600 to $472,900.Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.Tags: Application security Audits C CEH CISA CISSP Cloud Compliance Computer Science FedRAMP Finance Governance IAM NIST Product security Risk assessment Risk management RMF SaaS SOC Strategy
Perks/benefits: Career development Equity / stock options
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.