Manager/Senior Manager -Global Cloud Compliance (FedRAMP)

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

We're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.

Manager/Senior Manager -Global Cloud Compliance (FedRAMP)

About Salesforce

We're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM+Trust. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place!

About Our Team

The Global Compliance and Certification (GCC) team is responsible for enterprise wide compliance processes, ensuring Salesforce leadership has the information needed to make strategic risk-based decisions. You will report directly to the Vice President of GCC, a division within the Product Security Organization and you will play a pivotal role in driving and overseeing cloud security compliance that support Salesforce's federal and government customers, including U.S. Federal agencies.

• Compliance Oversight: Establish and govern a common controls strategy to ensure security and compliance across Salesforce's environments.

• Risk & Audit Management: Oversee internal security audits, risk assessments, and mitigation plans, ensuring timely remediation of high-risk systems. This includes reviewing the strategy and monthly con-mon submissions and identifying dependencies, areas of improvement, and efficiencies.

• Stakeholder Collaboration: Partner with cross-functional teams, including product security, engineering, legal, and external regulatory bodies, to align compliance initiatives with business objectives.

• Build and Maintain External Partnerships: Maintain and lead partnerships with various agencies (DoD, VA, etc.) and the FedRAMP PMO, staying atop of all industry updates and changes to the program.
  Process Optimization: Drive efficiencies in compliance assessments, including the implementation of innovative approaches to meet and exceed security requirements.
  Incident Response & Threat Management: Provide executive-level guidance on incident response and security forensics, ensuring alignment with compliance frameworks.
  Policy & Governance: Lead the development of security policies, procedures, and reporting mechanisms to meet global regulatory and customer requirements.

• Strong Established Partnerships and connections with key federal agencies and the FedRAMP PMO governing body.

• 7- 10 years of experience in cybersecurity, cloud compliance, or risk management, with a focus on regulatory frameworks.

• Experience working with Government Cloud environments such as AWS, Azure, GCP (SaaS, IaaS, PaaS etc)

• Knowledge of multiple regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRAMP, DOD SRG IL4/IL5, PCI, etc.)

• Proven leadership experience in driving enterprise-wide compliance strategies and cross-functional initiatives.

• Exceptional ability to communicate and influence stakeholders at all levels, including senior executives.

• Industry certifications such as CISA, CISSP, CCSK, or equivalent are highly desirable.

Required Qualifications

• Experience working with the FedRAMP PMO, FedRAMP JAB, and DISA Cloud Assessment Division

• Strong Understanding of application architectures, design principles, common security flaws, and mitigation techniques as outlined by OWASP and SANS

• Proficiency in authentication mechanisms like SAML and OAuth

• Capable of clearly conveying security and risk concepts to both technical and non-technical audiences

• Known to work in presenting to and engaging with senior executive leaders' different risks and upcoming governance

• Confirmed capacity to remain calm and effective under fast paced and high-stress conditions. Strong critical thinking skills with hard-working analytical problem-solving capabilities

• Strong Project Management skills, being able to balance and track multiple projects going on at the same time to completion.

• Ability to partner with and lead others not reporting directly to you and being a standout colleague

• Experience providing clear instructions and details with technical and non-technical members.

• Ability to prioritize in a constantly evolving environment

Due to the criteria and security levels for Salesforce's FedRAMP program, the position will require the following as well:

• US Citizenship

• Residence within the contiguous United States

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications - without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.