salesforce.com, inc.
Director - CCF Development and Governance
salesforce.com, inc., Washington, District of Columbia, us, 20022
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryEnterprise Technology & Infrastructure
Job DetailsAbout SalesforceWe're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.About SalesforceWe're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM+Trust. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place!About Our TeamIn your capacity as the leader of Salesforce's Common Controls Framework (CCF) development and governance, you will report directly to the Vice President of Compliance Automation and Strategy, a division within the Product Security Organization. Your primary responsibilities will necessitate a comprehensive understanding of various security certification frameworks, including but not limited to AICPA SOC, ISO, PCI, NIST, ISMAP, EUCS, Spanish ENS, and Australian IRAP, as well as other global certifications. You will be tasked with leading a team responsible for aggregating these frameworks into a unified Common Controls Framework.Your role will encompass the evolution, design, governance, and maintenance of this Common Controls Framework, along with coming up with implementation and audit guidance.. This includes identifying common themes and risks associated with each framework, as well as developing and implementing a strategy for its continued maturity. This framework will serve as the core strategy for all certification and regulatory compliance work undertaken by Salesforce!
Impact - ResponsibilitiesLead a team in designing, governing, and maintaining Common Controls and their implementation strategies for all Salesforce certifications
Collaborate with the Product Security Global Compliance Certification and product engineering teams to support the adoption and onboarding of the common control framework, aiming to achieve various compliance certifications
Own a Change Advisory Board (CAB) as part of the common controls framework development along with engineering, legal, HR, finance, and other key collaborator teams to encompass the changes and enhancements to the framework
Develop a strategy to streamline assessments, timelines, and processes for compliance certification programs, enabling Salesforce to rapidly scale and adapt for new certifications and regulations
Develop and implement a comprehensive Common Controls Framework Governance, Risk, and Compliance strategy that aligns with Salesforce's objectives.
Identify and implement strategies to reduce compliance toil on engineering by evolving the common control framework through automation of compliance controls
Partner with the Compliance Automation and engineering teams to support automating compliance controls across product engineering teams and automate the collection of evidence and artifacts for internal and external audits
Work with executive leadership, engineering, and other key partners to identify security risks and develop effective mitigation strategies through the Common Controls Framework.
Stay informed about emerging threats, vulnerabilities, industry frameworks/regulatory changes, and trends to continually enhance the company's security posture and compliance
Provide regular updates and reports to executive leadership on the progress of CCF development and adoption, other information security initiatives, and compliance efforts
Promote a culture of security awareness and accountability across the organization through training, communication, and public engagement with governing bodies
Build, inspire, and mentor a high-performing team of security professionals, fostering their professional growth and skill development
Actively participate in different regulatory bodies to help supply to Salesforce's expanding involvement in shaping best industry standards
Minimum QualificationsBA or BS in Computer Science or equivalent experience, e.g. with a focus in Information Technology
Validated background in software engineering or development, with a focus on Application or Product Security
7-10 years of relevant experience in creating and implemeting unified compliance strategy for a large organization and playing a critical role in execution, planning, tracking, delivery of audit program
In depth knowledge of Compliance frameworks is a must (e.g., SOC2, ISO27001, ENS, IRAP, PCI, FedRAMP, StateRAMP, CMMC, NIST 800-171, NIST 800-53, ISMAP, ENS, TISAX, etc.)
Knowledge of Core IT processes / services such as SDLC, Identity/User Access management, Vulnerability Management, Backup and DR processes is a must
Outstanding communication and interpersonal abilities, adept at influencing and collaborating with diverse partners
Required QualificationsStrong Understanding of application architectures, design principles, common security flaws, and mitigation techniques as outlined by OWASP and SANS
Proficiency in authentication mechanisms like SAML and OAuth
Capable of clearly conveying security and risk concepts to both technical and non-technical audiences
Known to work in presenting to and engaging with senior executive leaders' different risks and upcoming governance
Confirmed capacity to remain calm and effective under fast paced and high-stress conditions. Strong critical thinking skills with hard-working analytical problem-solving capabilities
Consistent record of maintaining a centralized framework and running different review boards
Strong Project Management skills, being able to balance and track multiple projects going on at the same time to completion.
Ability to partner with and lead others not reporting directly to you and being a standout colleague
Experience providing clear instructions and details with technical and non-technical members.
Ability to prioritize in a constantly evolving environment
Preferred QualificationsRelevant certifications like CISA, CISSP, CCSK, others, will be a plus
Experience with a big 4 is a plus
LI*-YAccommodationsIf you require assistance due to a disability applying for open positions please submit a request via this
Accommodations Request Form.Posting StatementAt Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at
www.equality.com
and explore our company benefits at
www.salesforcebenefits.com
.Salesforce
is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.
Salesforce
does not accept unsolicited headhunter and agency resumes.
Salesforce
will not pay any third-party agency or company that does not have a signed agreement with
Salesforce
.Salesforce welcomes all.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.For Washington D.C based roles, the base salary hiring range for this position is $204,400 to $296,400.For California-based roles, the base salary hiring range for this position is $223,000 to $323,400.Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.#J-18808-Ljbffr
Job DetailsAbout SalesforceWe're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.About SalesforceWe're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM+Trust. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place!About Our TeamIn your capacity as the leader of Salesforce's Common Controls Framework (CCF) development and governance, you will report directly to the Vice President of Compliance Automation and Strategy, a division within the Product Security Organization. Your primary responsibilities will necessitate a comprehensive understanding of various security certification frameworks, including but not limited to AICPA SOC, ISO, PCI, NIST, ISMAP, EUCS, Spanish ENS, and Australian IRAP, as well as other global certifications. You will be tasked with leading a team responsible for aggregating these frameworks into a unified Common Controls Framework.Your role will encompass the evolution, design, governance, and maintenance of this Common Controls Framework, along with coming up with implementation and audit guidance.. This includes identifying common themes and risks associated with each framework, as well as developing and implementing a strategy for its continued maturity. This framework will serve as the core strategy for all certification and regulatory compliance work undertaken by Salesforce!
Impact - ResponsibilitiesLead a team in designing, governing, and maintaining Common Controls and their implementation strategies for all Salesforce certifications
Collaborate with the Product Security Global Compliance Certification and product engineering teams to support the adoption and onboarding of the common control framework, aiming to achieve various compliance certifications
Own a Change Advisory Board (CAB) as part of the common controls framework development along with engineering, legal, HR, finance, and other key collaborator teams to encompass the changes and enhancements to the framework
Develop a strategy to streamline assessments, timelines, and processes for compliance certification programs, enabling Salesforce to rapidly scale and adapt for new certifications and regulations
Develop and implement a comprehensive Common Controls Framework Governance, Risk, and Compliance strategy that aligns with Salesforce's objectives.
Identify and implement strategies to reduce compliance toil on engineering by evolving the common control framework through automation of compliance controls
Partner with the Compliance Automation and engineering teams to support automating compliance controls across product engineering teams and automate the collection of evidence and artifacts for internal and external audits
Work with executive leadership, engineering, and other key partners to identify security risks and develop effective mitigation strategies through the Common Controls Framework.
Stay informed about emerging threats, vulnerabilities, industry frameworks/regulatory changes, and trends to continually enhance the company's security posture and compliance
Provide regular updates and reports to executive leadership on the progress of CCF development and adoption, other information security initiatives, and compliance efforts
Promote a culture of security awareness and accountability across the organization through training, communication, and public engagement with governing bodies
Build, inspire, and mentor a high-performing team of security professionals, fostering their professional growth and skill development
Actively participate in different regulatory bodies to help supply to Salesforce's expanding involvement in shaping best industry standards
Minimum QualificationsBA or BS in Computer Science or equivalent experience, e.g. with a focus in Information Technology
Validated background in software engineering or development, with a focus on Application or Product Security
7-10 years of relevant experience in creating and implemeting unified compliance strategy for a large organization and playing a critical role in execution, planning, tracking, delivery of audit program
In depth knowledge of Compliance frameworks is a must (e.g., SOC2, ISO27001, ENS, IRAP, PCI, FedRAMP, StateRAMP, CMMC, NIST 800-171, NIST 800-53, ISMAP, ENS, TISAX, etc.)
Knowledge of Core IT processes / services such as SDLC, Identity/User Access management, Vulnerability Management, Backup and DR processes is a must
Outstanding communication and interpersonal abilities, adept at influencing and collaborating with diverse partners
Required QualificationsStrong Understanding of application architectures, design principles, common security flaws, and mitigation techniques as outlined by OWASP and SANS
Proficiency in authentication mechanisms like SAML and OAuth
Capable of clearly conveying security and risk concepts to both technical and non-technical audiences
Known to work in presenting to and engaging with senior executive leaders' different risks and upcoming governance
Confirmed capacity to remain calm and effective under fast paced and high-stress conditions. Strong critical thinking skills with hard-working analytical problem-solving capabilities
Consistent record of maintaining a centralized framework and running different review boards
Strong Project Management skills, being able to balance and track multiple projects going on at the same time to completion.
Ability to partner with and lead others not reporting directly to you and being a standout colleague
Experience providing clear instructions and details with technical and non-technical members.
Ability to prioritize in a constantly evolving environment
Preferred QualificationsRelevant certifications like CISA, CISSP, CCSK, others, will be a plus
Experience with a big 4 is a plus
LI*-YAccommodationsIf you require assistance due to a disability applying for open positions please submit a request via this
Accommodations Request Form.Posting StatementAt Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at
www.equality.com
and explore our company benefits at
www.salesforcebenefits.com
.Salesforce
is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.
Salesforce
does not accept unsolicited headhunter and agency resumes.
Salesforce
will not pay any third-party agency or company that does not have a signed agreement with
Salesforce
.Salesforce welcomes all.Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.For Washington D.C based roles, the base salary hiring range for this position is $204,400 to $296,400.For California-based roles, the base salary hiring range for this position is $223,000 to $323,400.Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.#J-18808-Ljbffr