Security GRC Manager

The Global Compliance and Certification (GCC) team is seeking an experienced and driven Security GRC Manager to lead and mature compliance programs. This role involves managing audits, regulatory requirements, and internal control frameworks to support the company's security posture and ensure adherence to global standards. The manager will work cross-functionally with Security, Legal, IT, and Engineering to embed compliance into operational workflows and support certifications such as ISO 27001, SOC 2, PCI DSS, ISMAP, and IRAP.

Must Have

• Work cross-functionally with stakeholders in Security, Legal, IT, and Engineering
• Embed compliance into operational workflows
• Support certifications and attestations such as ISO 27001, SOC 2, PCI DSS, ISMAP, IRAP
• Manage and improve internal control environments
• Act as a senior liaison for external auditors, assessors, and internal stakeholders
• Oversee the implementation and monitoring of corrective actions and risk mitigation efforts
• Develop and maintain compliance documentation, policies, and procedures
• Provide compliance training and awareness to relevant business units
• Track compliance metrics, drive remediation efforts, and communicate risks and progress to senior leadership

Good to Have

• Relevant certifications (e.g., CISA, CISSP, CRISC, ISO Lead Auditor)
• Prior experience working with GRC tools and automation platforms
• Strategic mindset with the technical ability to translate compliance goals into engineering solutions
• Passion for global compliance and finding the path of least resistance to get there
• Ability to operate autonomously and drive innovation in regulated environments
• Strong solutioning mindset, being able to break down complex problems with simple solutions

Perks & Benefits

• Time off programs
• Medical, dental, vision insurance
• Mental health support
• Paid parental leave
• Life and disability insurance
• 401(k)
• Employee stock purchasing program

Job Category

Enterprise Technology & Infrastructure

**About Salesforce**

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

About Our Team

The Global Compliance and Certification (GCC) team is responsible for enterprise wide compliance processes, ensuring leadership has the information needed to make strategic risk-based decisions. You will report directly to the Sr. Manager on our APEX team, a division within the Product Security Organization, and will play a pivotal role in driving and overseeing cloud security compliance that support our products.

About the Role

We’re seeking an experienced and driven professional to lead and mature our compliance programs. In this role, you’ll be responsible for managing audits, regulatory requirements, and internal control frameworks that support our security posture and ensure adherence to global standards.

What you will be doing:

• You’ll work cross-functionally with stakeholders in Security, Legal, IT, and Engineering to embed compliance into operational workflows and support certifications and attestations such as ISO 27001, SOC 2, PCI DSS, ISMAP, IRAP and others.
• Work on compliance initiatives and assessments across various frameworks (e.g.SOC 2, ISO 27001, PCI, ISMAP, IRAP, etc.).
• Manage and improve internal control environments, ensuring continuous alignment with applicable regulations and industry best practices.
• Act as a senior liaison for external auditors, assessors, and internal stakeholders during audits and assessments.
• Oversee the implementation and monitoring of corrective actions and risk mitigation efforts.
• Develop and maintain compliance documentation, policies, and procedures.
• Provide compliance training and awareness to relevant business units.
• Track compliance metrics, drive remediation efforts, and communicate risks and progress to senior leadership.

What you should have:

• 6–8 years of relevant experience in information security compliance, risk management, or audit.
• Deep knowledge of security standards and regulatory frameworks (e.g., ISO 27001, SOC 2,HIPAA, PCI, ISMAP, IRAP, etc.).
• Experience managing compliance audits and interacting with external assessors or regulators.
• Strong understanding of IT and security controls, particularly in cloud environments.
• Good communication and stakeholder management skills.
• Ability to translate regulatory requirements into actionable technical and process-oriented controls.

Nice to have:

• Relevant certifications (e.g., CISA, CISSP, CRISC, ISO Lead Auditor).
• Prior experience working with GRC tools and automation platforms.
• Strategic mindset with the technical ability to translate compliance goals into engineering solutions.
• Passion for global compliance and finding the path of least resistance to get there.
• Ability to operate autonomously and drive innovation in regulated environments.
• Strong solutioning mindset, being able to break down complex problems with simple solutions that are communicated in a clear and concise manner.

Unleash Your Potential

When you join, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we’ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future — but to redefine what’s possible — for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.