Security GRC Senior Analyst

Salesforce is the #1 AI CRM, leading workforce transformation. This role involves accountability for GCC deliverables, working with Engineering stakeholders and partners to ensure quality, reduce risk, and maintain compliance for customers. The Senior Analyst will own their area with minimal guidance, innovate, challenge the status quo, embrace operational excellence, and use automation to enhance delivery. The position requires a U.S. citizen eligible for a federal government Minimum Background Investigation.

Must Have

• Assess security risk and ensure controls mitigate it.
• Assess control effectiveness for ongoing compliance.
• Drive initiatives between stakeholder organizations to reduce non-compliance risk.
• Consult with business or security stakeholders on information security requirements.
• Create and maintain relationships with key business, legal, Employee Success, Internal Audit, technical/engineering stakeholders.
• Focus on continuous improvement of operational processes and designing innovative and automated functionality.
• Identify and create metrics and dashboards to quantify and measure the impact of security processes.
• Effectively communicate compliance positions and programs to applicable business stakeholders.
• Minimum 3 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas.
• Minimum 3-5 years of total work experience.
• Experience working with Government Cloud environments such as AWS, Azure, GCP (SaaS, IaaS, PaaS etc).
• Experience in security related analysis, creating metrics and dashboards and summarizing large data sets.
• Knowledge of multiple regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOX, SOC, HITRUST, HIPAA, FedRAMP (including FedRAMP 20x), DOD SRG IL4/IL5, PCI, etc.).
• Operational process design, improvement, and implementation experience.
• Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders.
• Experience working with the Authorizing Officials and DISA Cloud Assessment Division.
• Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions.
• Must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship and agrees to complete a U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position.

Good to Have

• Knowledge of, or experience working with, Cloud technologies/environments.
• CISSP, CISA, CISM, AWS or similar certifications.

Perks & Benefits

• Time off programs
• Medical insurance
• Dental insurance
• Vision insurance
• Mental health support
• Paid parental leave
• Life and disability insurance
• 401(k)
• Employee stock purchasing program

Job Category

Enterprise Technology & Infrastructure

**About Salesforce**

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

**

*This candidate must be a U.S. citizen (U.S. born or naturalized) who does not hold dual citizenship and agrees to complete a U.S. federal government Minimum Background Investigation (MBI) for a Moderate Public Trust position.

In this role, you have accountability for a specific deliverable in GCC and are responsible for working with Engineering stakeholders, partners, and other members of GCC to deliver exceptional quality that reduces risk and ensures ongoing compliance for our customers. You are expected to own the area of responsibility with minimal guidance from senior team members. You should innovate, challenge the status quo, embrace operational excellence best practices and use automation and emerging technologies to enhance delivery of your work product.

Responsibilities:

• Assess security risk and ensure that controls are designed to appropriately mitigate security risk.
• Assess control effectiveness to ensure ongoing compliance.
• Drive existing or newly identified initiatives between stakeholder organizations creating synergies and reducing risk of non-compliance with internal or external requirements
• Consult with business or security stakeholders on information security requirements and applicability to their business processes, products, or services
• Create and maintain relationships with key business, legal, Employee Success, Internal Audit, technical/engineering stakeholders, and other organizations throughout the company who provide expertise in security requirements and solution management
• Focus on continuous improvement of operational processes and designing innovative and automated functionality for added efficiency
• Identify and create metrics and dashboards to quantify and measure the impact of security processes that you drive
• Effectively communicate compliance positions and programs to applicable business stakeholders

Minimum Qualification:

• Minimum 3 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 3-5 years of total work experience
• Experience working with Government Cloud environments such as AWS, Azure, GCP (SaaS, IaaS, PaaS etc)
• Experience in security related analysis, creating metrics and dashboards and summarizing large data sets
• Ability to work with both business and technical areas and translate between the two areas
• Skilled at building rapport and establishing partnerships
• Excellent verbal and written communication skills and ability to communicate results to multiple levels of management
• Knowledge of multiple regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOX, SOC, HITRUST, HIPAA, FedRAMP (including FedRAMP 20x), DOD SRG IL4/IL5, PCI, etc.)
• Operational process design, improvement, and implementation experience
• Demonstrated desire to learn new skills and innovate
• Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively
• Drive improvements in existing processes and develop new innovative and efficient solutions
• Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc.

Required Qualifications:

• Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders
• Experience working with the Authorizing Officials and DISA Cloud Assessment Division
• Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions

Preferred Qualifications:

• Knowledge of, or experience working with, Cloud technologies/environments is a plus
• CISSP, CISA, CISM, AWS or similar certifications a plus

Unleash Your Potential

When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we’ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future — but to redefine what’s possible — for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form

.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal.

Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.