Security Compliance Senior Specialist ~ Senior Manager
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job CategoryEnterprise Technology & Infrastructure
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
Salesforce is looking to hire a Senior Specialist~Senior Manager in our Security GRC Security Compliance team located in our Tokyo Office.
The Security Compliance team is responsible for the execution, facilitation and management of Security GRC certification programs, issues and exception management, and GRC advisory across the company that our customers depend on.
The role will be heavily focused on evaluating technology controls, supporting audits for the companies certification programs and acting as a compliance subject matter expert to the business. The manager will locate in Tokyo, Japan and work remotely with global Security GRC Security Compliance team to support a variety of external audits and evaluations, mainly focused on Japan regional programs such as ISMAP audit.
A successful candidate for this role will be a strong communicator who excels at explaining complex technology to diverse audiences (across varying technical and business backgrounds) in a way that fosters understanding and ownership. Innovation, creativity and strategic thinking are key qualifications, as this role will assist business and technical partners in designing scalable, sustainable approaches to satisfying our regulatory requirements. The ability to build influence and evangelize for new initiatives among stakeholders in multiple organizations will be an essential driver for success, as will an unflappable demeanor and grace under pressure. This role will work with the business at all organizational layers, so it will be important to demonstrate flexibility in approach, communication style and depth of understanding.
As a result of the Company's on-demand application service technologies and "software-as-a-service" business model, the Security GRC team often confronts novel and challenging compliance issues. The team's goal is to support all aspects of the Company's operations while providing a superior compliance and process management experience. The successful candidate must be comfortable working in a very fast-paced and constantly changing environment. This position reports to the Director of Security GRC, Security Compliance APAC.
Plan, Coordinate and execute work assignments with process/control owners and external auditors
Direct and perform controls testing, document results, and provide updates to the Security management, and internal stakeholders
Manage the timely and high-quality execution of certification programs
Advise process/control owners with the preparation and on-going maintenance of controls and control documentation (e.g., policies, procedures, narratives, and matrices)
Proactively identify gaps or conflicts in existing processes and work to develop solutions with internal business partners
Assist with and drive remediation of control deficiencies and gaps identified internally and externally
Manage identified issues and exceptions working with internal business partners to mitigate security risks
Educate and train process/control owners so they better understand the security controls framework and their responsibilities
Evaluate and advise on new and evolving certification programs, technologies and regulatory requirements
Build strong relationships with business partners and facilitate continuous improvement aligned with operational processes.
Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to our business partners.
Partner with other leaders within Security to collaborate and support both process maturity and staff development.
Build and maintain relationships with regional stakeholders both internal and external and keep up to speed on regional business needs and regional market trends.
Qualifications and Experience:
5+ years of security experience or IT audit would be considered as Senior Specialist; 7~10+ years of experience will be considered as Manager or Senior Manager depending on the experience
Native to business-level Japanese and business-level English communication skill (in both written and verbal) to effectively communicate across all levels of the Company
Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
Ability to travel up to 20%
In-Depth technical background with a good understanding of security concepts and practical usage
Knowledge of, or experience working with, Cloud technologies/environments, including evaluating and implementing controls on Infrastructure as a Service (IaaS) services, is a plus
Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries and geographies such as ISO 27001, SOC, PCI, and other regional programs such as ISMAP, CS Mark, PrivacyMark is desired
Experience building compliance certification programs, such as ISO 27001, SOC, PCI and other regional programs such as ISMAP, CS Mark, PrivacyMark
Analytical thinker with strong organizational skills; attention to detail is a must
Ability to work efficiently with minimal oversight/direction remotely
Able not only to manage projects but also to perform hands-on detail tasks
Strong cross team collaboration skills
Experience managing a project with multiple team members and staff across the globe
Possess a “whatever it takes to get the job done” mentality (i.e., pick up the phone, stop by a desk, follow-up multiple times)
Flexibility in daily hours (i.e., eager to work longer hours during peak periods in audit cycles, have calls outside office hours with people in other regions)
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.
Salesforce welcomes all.