Salesforce brings companies and customers together in the number one Customer Relationship Management platform.
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Products and Technology
Salesforce is looking to hire a Manager in our Security Governance, Risk Management & Compliance (GRC) Orchestration team in Australia. The Orchestration team is responsible for the execution, facilitation and management of Security GRC certification programs, issues and exception management, and GRC advisory across the company that our customers depend on. The role will be heavily focused on evaluating technology controls, supporting audits for the companies certification programs and acting as a compliance domain expert to the business.
In this role, the successful candidate would be responsible for end-to-end ownership of our DTA Hosting Certification Framework (HCF) compliance program including regular reporting, management of stakeholders, auditors, regulators and internal service teams across the portfolio of Salesforce companies including Mulesoft and Slack.
To be successful in this role, you will be a strong communicator who excels at explaining complex technologies to a diverse variety of audiences with varying technical and business backgrounds in a way that fosters understanding and ownership.
Innovation, creativity and strategic thinking are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirements. The ability to build influence and evangelise for new initiatives among stakeholders in multiple organisations will be an essential driver for success, as will an unflappable demeanour and grace under pressure. This role will work with the business at all organisational layers, so it will be important to demonstrate flexibility in approach, communication style and depth of understanding.
As a result of the Company’s on-demand application service technologies and “software-as-a-service” business model, the Security GRC team often confronts novel and challenging compliance issues. The team’s goal is to support all aspects of the Company’s operations while providing a superior compliance and process management experience. You must be comfortable working in a very fast-paced and constantly evolving environment.
– Plan, Coordinate and implement work assignments with process/control owners and external auditors;
– Direct and perform controls testing, document results, and provide updates to the Security management, and internal customers;
– Manage the timely and high-quality execution of the DTA’s HCF in Australia;
– Manage the ongoing reporting requirements of the HCF including gathering relevant changes to Salesforce and it’s portfolio of companies and reporting these to the Government;
– Assist the Trust and Security Advisors and Security Customer Success teams in responding to HCF requirements;
– Advise Salesforce process/control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices);
– Proactively identify gaps in existing Salesforce processes and work to develop solutions with internal business partners;
– Assist with and drive remediation of control deficiencies and gaps identified internally and externally;
– Educate and train process/control owners, so they better understand the security controls framework and their responsibilities;
– Evaluate and advise on new and evolving certification programs and technology;
– Build positive relationships with business partners and facilitate continuous improvement aligned with operational processes;
– Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to our business partners;
– Partner with other leaders within Security to collaborate and support both process maturity and staff development; and
– Build and maintain relationships with regional partners both internal and external and keep up to speed on regional business needs and regional market trends.
Qualifications and Expertise:
– Have worked on security engagement with Australian Public Sector, both at Federal and State level;
– Strong understanding of local and global information security standards;
– Strong understanding of the ACSC’s Information Security Manual (ISM);
– Familiarity with the DTA’s HCF;
– Detailed understanding of AGD’s Protective Security Policy Framework (PSPF) and information classification schemes;
-Abreast with the Government’s plans for the Hosting Certification Framework;
– Able to produce and write configuration guidance and documentation when required;
– Assisting agencies with security assessment, certification and authorisation;
– Work in an autonomous remote manner using your skills and abilities to make decisions without specific guidance;
– Industry engagement with organisations such as the ACSC, AISA, AIIA etc; and
– Willing to not only manage projects, but get involved in hands-on detailed tasks when required.
– Flexibility in daily hours (i.e., willingness to work longer hours during peak periods in audit cycles, have calls outside office hours with people in other regions)
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.
Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org.
Salesforce welcomes all.