salesforce
Vice President, Global Compliance and Certification
salesforce, San Francisco, California, United States, 94199
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job Category:
ProductAbout Salesforce:We’re Salesforce, the Customer Company, inspiring the future of business with AI + Data + CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.As the Vice President of the Global Compliance and Certification team, you will report to the SVP of Product Security within the Chief Trust Officer's Organization. You will spearhead the cloud compliance function for Salesforce's commercial and public sector SaaS products. Your role will be pivotal and multifaceted, driving the global compliance strategy and execution to ensure our compliance framework aligns with industry best practices, regulatory requirements, and organizational objectives, and also enable accelerated attainment of newer certifications and efficient maintenance of the existing ones.What You’ll Do:Lead the team responsible for enhancing Salesforce’s Policy Framework, including the review and update of policy management structure, operationalization of governance documents (Policies, Standards, and Procedures) and the Policy Lifecycle Management Process. Responsibilities include:Enhancing and Operationalizing the Policy Exception Management ProcessPreparing and presenting risk dashboards and program-level performance reports to executive leadershipConducting periodic reviews of policy structures to ensure alignment of governance documents with Enterprise Risk Management and the evolving security landscape.Reviewing security policy exceptions and managing the policy exception lifecycle as per the defined Policy Exception Process.Completing the security exception intake process, which includes request validation, ensuring request completeness, conducting exception risk assessments, and assigning reviewers in line with the Policy Structure and Salesforce Common Controls Framework requirements.Managing the exception lifecycle, including regular follow-ups with requestors, reviewers, remediation owners, and risk owners.
Lead the Vendor Risk Management team, operationalizing the Third-Party Risk Management Framework globally:Overseeing the execution of the TPRM framework by business and functional owners to ensure that third-party outsourced risks are identified, monitored, managed, and reported.Performing control evaluations to ensure the operational effectiveness of the framework in compliance with regulatory and management expectations.Providing subject matter expertise and support to TPRM stakeholders.
Liaise with Business Groups:Collaborate with various business groups, including but not limited to Finance, Legal, Engineering, IT, Product, Support, Marketing, and Sales, to implement new compliance solutions and processes.Document and track remediation of outstanding control findings.
Lead a team to drive Compliance Program for Global SaaS Offerings:Execute internal controls readiness checks and external audits with third-party auditors.Work across multiple frameworks and regulatory standards, including but not limited to NIST, ISO, EUCS, ISMAP, IRAP, AICPA SOC, FedRAMP, StateRAMP, and TxRAMP.
Maintain updated Knowledge in Compliance and Risk Management:Stay current in the field of compliance and risk management to efficiently work on evolving frameworks.Master new compliance regimes that support the company's go-to-market strategy, enabling success in new geographies or market segments.
Required/Minimum Qualifications:12+ years of relevant experience in implementing unified compliance strategies for large organizations, including leadership roles in the execution, planning, tracking, and delivery of audit programs.12+ years of experience working in the complex Information Technology-related audit domain.Prior management experience in IT, Information Security, Application Development, and/or Cybersecurity Risk Management.Proven ability to lead and manage a geographically dispersed, highly talented, and fast-paced team.Strong understanding of qualitative vs. quantitative risk management and inherent vs. residual risk.In-depth knowledge of security functions, including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.Exceptional ability to effectively communicate complex and esoteric principles to non-technical stakeholders.Demonstrated capability to influence, create a compelling vision, and drive alignment across complex stakeholders and functions to deliver results.Certified in security and compliance certifications such as CISSP, CISA, CEH, etc. is a plus.University degree or equivalent demonstrated education and/or work experience in fields such as Computer Information Systems, Software Engineering, Information Technology Management, Computer Science, Systems Engineering, or Information Systems/Application Security Architecture.
#J-18808-Ljbffr
ProductAbout Salesforce:We’re Salesforce, the Customer Company, inspiring the future of business with AI + Data + CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.As the Vice President of the Global Compliance and Certification team, you will report to the SVP of Product Security within the Chief Trust Officer's Organization. You will spearhead the cloud compliance function for Salesforce's commercial and public sector SaaS products. Your role will be pivotal and multifaceted, driving the global compliance strategy and execution to ensure our compliance framework aligns with industry best practices, regulatory requirements, and organizational objectives, and also enable accelerated attainment of newer certifications and efficient maintenance of the existing ones.What You’ll Do:Lead the team responsible for enhancing Salesforce’s Policy Framework, including the review and update of policy management structure, operationalization of governance documents (Policies, Standards, and Procedures) and the Policy Lifecycle Management Process. Responsibilities include:Enhancing and Operationalizing the Policy Exception Management ProcessPreparing and presenting risk dashboards and program-level performance reports to executive leadershipConducting periodic reviews of policy structures to ensure alignment of governance documents with Enterprise Risk Management and the evolving security landscape.Reviewing security policy exceptions and managing the policy exception lifecycle as per the defined Policy Exception Process.Completing the security exception intake process, which includes request validation, ensuring request completeness, conducting exception risk assessments, and assigning reviewers in line with the Policy Structure and Salesforce Common Controls Framework requirements.Managing the exception lifecycle, including regular follow-ups with requestors, reviewers, remediation owners, and risk owners.
Lead the Vendor Risk Management team, operationalizing the Third-Party Risk Management Framework globally:Overseeing the execution of the TPRM framework by business and functional owners to ensure that third-party outsourced risks are identified, monitored, managed, and reported.Performing control evaluations to ensure the operational effectiveness of the framework in compliance with regulatory and management expectations.Providing subject matter expertise and support to TPRM stakeholders.
Liaise with Business Groups:Collaborate with various business groups, including but not limited to Finance, Legal, Engineering, IT, Product, Support, Marketing, and Sales, to implement new compliance solutions and processes.Document and track remediation of outstanding control findings.
Lead a team to drive Compliance Program for Global SaaS Offerings:Execute internal controls readiness checks and external audits with third-party auditors.Work across multiple frameworks and regulatory standards, including but not limited to NIST, ISO, EUCS, ISMAP, IRAP, AICPA SOC, FedRAMP, StateRAMP, and TxRAMP.
Maintain updated Knowledge in Compliance and Risk Management:Stay current in the field of compliance and risk management to efficiently work on evolving frameworks.Master new compliance regimes that support the company's go-to-market strategy, enabling success in new geographies or market segments.
Required/Minimum Qualifications:12+ years of relevant experience in implementing unified compliance strategies for large organizations, including leadership roles in the execution, planning, tracking, and delivery of audit programs.12+ years of experience working in the complex Information Technology-related audit domain.Prior management experience in IT, Information Security, Application Development, and/or Cybersecurity Risk Management.Proven ability to lead and manage a geographically dispersed, highly talented, and fast-paced team.Strong understanding of qualitative vs. quantitative risk management and inherent vs. residual risk.In-depth knowledge of security functions, including Incident Management, Change Management, Identity and Access Management, and Vendor Security Risk Management.Exceptional ability to effectively communicate complex and esoteric principles to non-technical stakeholders.Demonstrated capability to influence, create a compelling vision, and drive alignment across complex stakeholders and functions to deliver results.Certified in security and compliance certifications such as CISSP, CISA, CEH, etc. is a plus.University degree or equivalent demonstrated education and/or work experience in fields such as Computer Information Systems, Software Engineering, Information Technology Management, Computer Science, Systems Engineering, or Information Systems/Application Security Architecture.
#J-18808-Ljbffr