BT Risk Management and Compliance - Information Security Senior Analyst
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job CategoryEnterprise Technology & Infrastructure
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
About the Role
Within the Salesforce BT Risk Management Team, we hold the keys to strategic, risk-based decision-making. Our mission is to craft the risk and compliance processes that ensure our internal technologies are fortified for data protection and regulatory alignment.
Salesforce is on the hunt for a dynamic and dedicated Senior Analyst to join our Business Technology Risk Management and Information Security team.
The ideal candidate is not just someone who demonstrates initiative, ownership, and passion, but also possesses exceptional skills in project management, communication, collaboration, and problem-solving. As a Senior Analyst, you will play a pivotal role in steering the company's growth towards compliance, efficiency, and scalability. You'll be at the forefront of refining existing processes, integrating newly acquired entities, and pioneering novel processes to adapt to the ever-evolving landscape of a high-growth enterprise.
Success in this role hinges on your ability to chart a course from ambiguity to clarity and triumph. It requires superb organizational skills and thrives in the stimulating, unconventional, and fast-paced environment that we offer.
This role involves:
Crafting a risk and control matrix for all internal IT controls.
Rigorously testing more than 500 internal IT controls annually, showcasing your grasp of control design and operational effectiveness in both SOX and security domains.
Methodically supervising work items and results in our systems to ensure progress visibility and clear reporting to leadership.
Providing profound thought leadership on control gaps in areas of Security, Availability, Privacy, Processing Integrity, Confidentiality, and core IT General Controls (ITGCs).
Assiduously supervising SOC1 and SOC2 reports for vendors, devising a reliance strategy, and working hand-in-hand with key BT collaborators to ensure comprehensive Complementary User Entity Control (CUEC) coverage.
Maintaining regular, clear communication with project teams, key partners, and management regarding the status of internal IT Controls testing, identified deficiencies, and remediation progress.
Swiftly identifying and proactively addressing program obstacles, including resolving overdue IT controls testing requests and strategizing testing solutions.
Spearheading the management of recurring, formal reports on the status of IT Controls testing for executive consumption.
Supervising post-testing activities for IT Controls, including root cause analysis and remediation tracking.
Providing guidance and oversight on both internal and external resources, including contractors, for the execution of pivotal IT compliance initiatives.
Engaging in ad-hoc projects as required.
Over 3 years of experience in public accounting and/or within a large corporate environment with a sophisticated IT landscape.
Proficiency with various data and reporting tools, such as Tableau, Microsoft Office Suite, G Suite, and/or Visio.
A solid grasp of audit, security, financial, and operational internal control methodologies and terminology (e.g., COSO), along with familiarity with the Sarbanes-Oxley (SOX) Act of 2002 and Audit Standard 5, encompassing documentation and testing.
The ability to identify and articulate key security and financial risks and develop controls to mitigate these identified risks.
Experience in implementing and testing Security controls based on the NIST SP 800-53 standard in response to identified risks.
Competence in developing test plans for Information Technology General Controls (ITGCs), Information Technology Application Controls (ITACs), and Security controls.
The capability to work optimally under tight deadlines and adapt to evolving business and technical environments.
A deep understanding of technically complex topics, particularly in emerging areas like cloud environments and artificial intelligence.
Proficiency in managing results and achievements, even when faced with ambiguity or competing approaches regarding the best path to success.
Confidence and willingness to ask questions, raise issues, and concerns in a timely manner.
Demonstrated ownership of tasks and effective time management, both for yourself and others.
Exceptional written and verbal communication skills that enable you to actively engage in relevant conversations.
The ability to build trust-based relationships, establish credibility, and wield influence to collaborate successfully with team members, ultimately enhancing decision-making and outcomes.
Outstanding teamwork skills that enable you to seamlessly work with team members, fostering partnerships with remote and multi-functional teams.
CISSP, CPA, CISA, PMP, CISM certification(s)
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.
Salesforce welcomes all.