Security GRC Senior Analyst
India - Hyderabad
Salesforce
Bieten Sie die beste Customer Experience mit einem einzigen CRM-Tool für Sales, Kundenservice, Marketing, Commerce & IT. Jetzt 30 Tage testen!To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category
Enterprise Technology & InfrastructureJob Details
About Salesforce
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
Security GRC India Senior Analyst Job DescriptionJob Title: Security GRC Senior Analyst
About Salesforce
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM+Trust. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
About Our Team
Salesforce is looking to hire for a Senior Analyst on our Security GRC Senior Analyst for our Security Compliance team in India. This role has a global reach and directly supports sales growth as well as our #1 core value of Trust. The role will be focused on evaluating technology controls, performing audit readiness, and acting as a compliance subject matter expert to the business. In addition, this role will support the onboarding and migration of new engineering services to our standardized public cloud deployment model, called Hyperforce. This role will also work directly with our internal engineering, security, and product teams on current and future capabilities that could affect the compliance of our products.
A successful candidate for this role will be a strong communicator who excels at explaining complex technology to diverse audiences (across varying technical and business backgrounds) in a way that fosters understanding and ownership. Innovation, creativity and strategic thinking are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirements. The ability to build influence and evangelize for new initiatives among stakeholders and engineering teams in multiple organizations will be an essential driver for success, as will an unflappable demeanor and grace under pressure. This role will work with the business at all organizational layers, so it will be important to demonstrate flexibility in approach, communication style and depth of understanding.
As a result of the Company's on-demand application service technologies and "software-as-a-service" business model, the Security GRC team often confronts novel and challenging compliance issues. The successful candidate must be comfortable working in a very fast-paced and constantly changing environment.
This role is in Hyderabad, India, but will be working closely with global GRC Security Compliance team, primarily the members in EMEA for ISO 27001/17/18 audits.
Responsibilities
- Establish capabilities for continuously collecting and testing data that demonstrates the implementation and operating effectiveness of security controls
- Drive integration and alignment between Security GRC processes and systems, particularly for those processes and systems that rely upon controls efficacy
- Support architecture design and implementation to support controls monitoring
- Partner with Engineering and Business stakeholders to facilitate the automation of monitoring for their respective controls (as 1st line control owners and performers)
- Collet control requirements and data attributes, prioritize controls for monitoring, and report the monitoring results
- Prepare reports and presentations for multiple audiences with varying business objectives
- Continuously identify improvement opportunities and provide feedback to senior team members and management
The GRC Security Compliance team is responsible for the execution, facilitation and management of Security Compliance certification programs across the company that our customers depend on. The role will be heavily focused on evaluating technology controls, supporting audits for the security compliance certification programs, and acting as a compliance subject matter expert on multiple first-party and public cloud-hosted business units. The variety of external audits and evaluations include: ISO 27001/17/18, SOC1/2/3, HIPAA, PCI, HITRUST, C5, etc. This role will also work directly with our internal engineering teams on current and future capabilities that could affect the compliance of our products.
Impact - Responsibilities:
- Plan, coordinate and execute work assignments with process/control owners and external auditors
- Perform compliance readiness testing, document results, and provide updates to the Security management, and internal stakeholders (Engineering, Sales, Product Management, Legal, etc.), primarily for the ISO 27001/17/18 audits
- Manage the timely and high-quality execution of GRC milestones.
- Advise process & control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
- Proactively identify gaps or conflicts in existing policies and processes and work to develop solutions with internal business partners.
- Assist with and drive remediation of process and control deficiencies and gaps identified internally and externally
- Educate and train process/control owners so they better understand the security controls framework and their responsibilities
- Evaluate and advise on new and evolving certification programs and technology.
- Build strong relationships with business partners and facilitate continuous improvement aligned with operational processes.
- Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to our business partners.
Minimum Qualifications:
- In-Depth technical background with 5+ years experience and a good understanding of security concepts and practical usage (Network Engineering, Network Security, Threat and Vulnerability Management, Database, SDLC, and Release Management)
- Knowledge of, or experience working with, Cloud technologies/environments, including evaluating and implementing controls on Infrastructure as a Service (IaaS) environments
- Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries and geographies such as ISO 27001, SOC, HIPAA, PCI, HITRUST, and FedRAMP
- Prior experience with certification frameworks such as Protected B, K-ISMS, C5 is a plus
- Possess a “whatever it takes to get the job done” mentality (i.e., pick up the phone, stop by a desk, follow-up multiple times)
- Proven security experience in IT audit or advisory
Required Qualifications:
- Analytical thinker with strong organizational skills; attention to detail is a must
- Ability to work efficiently with minimal oversight/direction
- Excellent written and verbal communication skills; ability to effectively communicate across all levels of the Company
- Strong cross team collaboration skills
- Ability to travel up to 10%
Preferred Qualifications:
- certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK) are a plus
Accommodations
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
Posting Statement
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.
Salesforce welcomes all.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Automation CCIE CCSK CISA CISM CISSP Cloud Compliance CRISC FedRAMP HIPAA HITRUST IaaS ISMS ISO 27001 Monitoring Network security Privacy SDLC SOC SOC 1 Travel Vulnerability management
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cloud Security Architect jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Architect jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open TS/SCI-related jobs