Senior Analyst - Security GRC Operations
Salesforce is looking to hire a Sr. Analyst in our Security Governance, Risk and Compliance (GRC) Operations team located in Hyderabad, India.
The GRC Operations team is responsible for supporting security policy management, and the execution, facilitation & management of Security GRC certification programs across the company that our customers depend on.
The role will be heavily focused on evaluating policies and procedures, technology controls, compliance issues, supporting audits, improving processes, and innovating for the company’s Security GRC program.
The senior analyst / manager will be located in Hyderabad, India, and work remotely until the pandemic restrictions are lifted.
Flexibility to work US EST hours 3 days (Tuesday, Wednesday, Thursday - India Calendar Days) and local India hours 2 days (Monday and Friday - India Calendar Days) is required at the beginning of building the program, with the potential to decrease the amount of EST hours as the program matures.
A successful candidate for this role will be a strong communicator who excels at explaining complex technology to diverse audiences (across varying technical and business backgrounds) in a way that fosters understanding and ownership.
Innovation, creativity, and strategic thinking are key qualifications, as this role will assist business and technical partners in building scalable, sustainable approaches to satisfying our regulatory requirements.
You have knowledge of the latest security tools, coding languages, and engineering principles. You know and understand the software development lifecycle and how to work in an agile manner.
You will seek to constantly iterate, improve, and automate processes and tools. You have the ability to be an essential driver for success, as well as an unflappable demeanor and grace under pressure.
This role will work with the business at all organizational layers, so it will be important to demonstrate flexibility in approach, communication style, and depth of understanding.
As a result of the Company's on-demand application service technologies and "software-as-a-service" business model, the Security GRC team often confronts novel and challenging compliance issues.
The team's goal is to support all aspects of the Company's operations while providing a superior compliance and process management experience.
The successful candidate must be comfortable working in a very fast-paced and constantly changing environment and thrive in ambiguity.
Key Responsibilities :
Work in cross-collaborative Security team executing multiple operational activities including, but not limited to : Managing issues and exception requests to resolutionEnforcing Salesforce Security Standards and best practices for SecurityEvaluating Salesforce security requirements and best practices, providing input into Policy, Standards, and Procedures (including implementation solutions)Audit planning, execution, and reporting support, including coordination with engineering teams to collect evidenceTriaging and managing requests for GRC support from business stakeholdersSupporting the implementation of new technologies and process enhancements
Act as an advisor for technical teams who want to create relevant implementation solutions for their environment
Proactively identify areas of improvements in existing processes, and work to develop innovative solutions with internal business partners.
Assist with remediation of control deficiencies and security gaps identified both internally and externally
Educate and train process / control owners so they better understand the security requirements
Manage changes to information security requirements that would affect engineering code, processes, and procedures
Create metrics and dashboards to measure the business impact of the security documents you identify or create
Effectively communicate program execution status, key accomplishments, and risks to senior management both within Security and to our business partners.
Build and maintain relationships with regional stakeholders both internal and external and keep up to speed on regional business needs and regional market trends.
Required skills :
Fluency in English communication skills (in both written and verbal) is mandatory.
6+ years of Governance, Risk and Compliance (GRC), or equivalent security operations, security assessments, or security / technology audit experience
In-depth technical background with a good understanding of security concepts and practical usage
Knowledge of, or experience working with, Cloud technologies / environments, including evaluating and implementing controls on Infrastructure as a Service (IaaS) services, is a plus
Ability to develop strong relationships with business, technical engineering teams, and internal & external stakeholders
Prior experience in compliance certification programs and regulatory environment related to security and privacy including security compliance standards (policy and procedure development) across industries and geographies such as ISO 27001, SOC, PCI, and other regional programs such as CS Mark, PrivacyMark
Ability to work efficiently with minimal oversight / direction remotely, understand priorities and meet deadlines
Possess a whatever it takes to get the job done mentality (i.e., pick up the phone, stop by a desk, follow-up multiple times)
Flexibility to work US EST hours 3 days (Tuesday, Wednesday, Thursday - India Calendar Days) and local India hours 2 days (Monday and Friday - India Calendar Days)
Experience with Software development / coding concepts (scripting, object, logic programming, knowledge of RPA)
Relevant BE / B Tech degree and / or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
Desired skills for this role, but not required :
Prior understanding and experience using Agile / Scrum methodologies
Familiarity using and working with an enterprise GRC tool (MetricStream, Archer, etc.)
Salesforce Administrator or Developer certifications
If you require assistance due to a disability applying for open positions please submit a request via this