Security GRC Senior Analyst/Manager, Controls Monitoring
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job CategoryEnterprise Technology & Infrastructure
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
The GRC Automation & Tooling team is responsible for establishing a centralized security control monitoring program, while also building automation capabilities for our Security Compliance portfolio. The role will be heavily focused on evaluating various technology solutions that implement security controls and acting as a product manager to drive engineering deliverables to the business. You will be working with public cloud-based platforms such as AWS, Azure, and GCP as well as monitoring tools such as CSPM, Vulnerability Scanning, and Log Ingestion/SIEM.
A successful candidate for this role will be a strong communicator who excels at explaining complex technology to diverse audiences (across varying technical and business backgrounds) in a way that fosters understanding and ownership. Innovation, creativity, and strategic thinking are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirements. The ability to build influence and evangelize for new initiatives among stakeholders in multiple organizations will be an essential driver for success, as will an unflappable demeanor and grace under pressure. This role will work with the business at all organizational layers, so it will be important to demonstrate flexibility in approach, communication style, and depth of understanding.
Establish capabilities for continuously collecting and testing data that demonstrates the implementation and operating effectiveness of security controls
Drive integration and alignment between Security GRC processes and systems, particularly for those processes and systems that rely upon controls efficacy
Support architecture design and implementation to support controls monitoring
Partner with Engineering and Business stakeholders to facilitate the automation of monitoring for their respective controls (as 1st line control owners and performers)
Collet control requirements and data attributes, prioritize controls for monitoring, and report the monitoring results
Prepare reports and presentations for multiple audiences with varying business objectives
Continuously identify improvement opportunities and provide feedback to senior team members and management
4+ years of related security controls monitoring experience
Agile, proactive, comfortable with ambiguous specifications, and able to prioritize quickly and effectively
Enthusiasm for problem-solving and developing new methods to solve challenges
Detailed understanding of critical security controls and associated tools, including infrastructure configuration management, access and authorization management, threat and vulnerability management, etc.
Ability to work effectively with a wide range of individuals including engineers, systems administrators, executives, customers, regulators, auditors, etc.
Excellent interpersonal and relationship skills, analytical skills, and process development skills
Thrives in a fast-paced, collaborative environment, using research and analysis to support recommendations and opinions
Familiar with relational database languages (SQL or SOQL)
Familiar with common monitoring tools (CSPM, Vulnerability Scanning, Log Ingestion/SIEM, IAM, etc.)
Transform undefined processes into clear, actionable engineering requirements
Liaise with developers for technical solutions based on business needs
Collet control requirements and data attributes, prioritize controls for monitoring, coordinate the development of the technical solution, and report the monitoring results
Experience working with python
Experience with GRC platforms and tools
Experience with data and analytics dashboards and visualization tools (Einstein Analytics, Tableau, etc.)
Experience working with the Salesforce platform
Industry certifications in security, technology, and/or business management are a plus (e.g., CISSP, CCIE, CISM, CISA, AWS/GCP/Azure Certifications)
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.
Salesforce welcomes all.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.For California-based roles, the base salary hiring range for this position is $137,100 to $227,700.Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.