Senior Manager - Security and Compliance

Salesforce is seeking a Senior Manager for Security and Compliance to act as a Trust & Security Advisor for customers and prospects. This role involves being the primary security expert, supporting sales teams, managing customer inquiries, and building executive trust through in-person meetings. The manager will articulate Salesforce's security posture, liaise with internal teams, oversee vulnerability remediation, consult on contractual requirements, and influence the security product roadmap. The position requires deep expertise in information security, governance, risk, and compliance, with a focus on customer assurance and advocacy.

Must Have

• Deeply understand business context and strategic challenges related to core security services.
• Serve as primary security expert for the field, supporting sales and pre-sales teams.
• Manage and provide expert responses to customer risk and security questionnaires and inquiries.
• Build and maintain critical customer trust by managing and hosting in-person security meetings.
• Act as Subject Matter Expert (SME) for Salesforce Trust story, articulating posture across security, architecture, reliability, performance, privacy, and compliance.
• Liaise with Product Management and internal security teams for accurate feature representation.
• Review, analyze, and interpret security findings from customer penetration test reports.
• Collaborate with internal teams to oversee and track timely remediation efforts.
• Collaborate with Legal, Privacy, and other teams to advise on contractual security and compliance requirements.
• Develop and drive consistent security and compliance enablement for field sales, services, and partner teams.
• Gather and consolidate strategic customer security and compliance requests to influence product roadmap.
• Provide input and assist in the development of high-quality compliance documentation and security collateral.
• Develop and maintain SME capabilities for selected Salesforce services.
• 10+ years of experience in information security, security architecture, governance, risk and compliance.
• Good understanding of public cloud platforms like AWS, GCP, Azure.
• Familiarity with NIST 800-53, NIST Cybersecurity Framework, PCI-DSS, ISO 27001, ISO 27017, ISO 27018.
• Strong understanding of Indian Security and Privacy Regulations (DPDPA, RBI IT Outsourcing Guidelines, SEBI CSCRF).
• Proven experience in supporting and managing security incident response activities.
• Hands-on knowledge of SIEM tools (Splunk, Google Chronicle, New Relic) and cloud logging services (AWS CloudTrail).
• Expertise in conducting and overseeing application security assessments, vulnerability scanning, and penetration tests.
• Thorough understanding of secure coding guidelines and industry-standard risk frameworks (OWASP Top 10, SANS Top 25).
• Managed one or more compliance certifications/audits (PCI-DSS, ISO27001, SOC 1, SOC 2).
• Familiarity with public cloud architectures, security practices and compliance documentation.
• Experience supporting Public Sector customers and financial services industry.
• Supported responses to public sector tenders/RFPs/RFIs.

Good to Have

• Good understanding of the regulatory environment in India (public sector procurement, GeM, MeiTY SaaS empanelment).
• Familiarity with public sector tendering process.
• Experience interpreting customer questions and mapping them to industry standard controls.
• Experience in conducting penetration tests and vulnerability assessments across various platforms.
• Experience using industry-standard tools and frameworks (Metasploit, Burp Suite, Nmap, Wireshark).

Job Category

Enterprise Technology & Infrastructure

Job Details

Background

As the adoption of Salesforce for critical applications in the enterprise accelerates, so does the requirement for our prospects and customers to learn more about how we keep their data secure. The Trust & Security Advisor will be the interface between Salesforce Security and our customers and prospects to ensure they are successful with their own internal compliance and vendor-management efforts related to Salesforce.

Job functions

Salesforce security and compliance expert for customers and prospects

• Strategic Security Partnership: Deeply understand the business context and strategic challenges related to our core security services to ensure alignment and effective problem-solving.
• Customer Assurance and Trust: Serve as a primary security expert for the field, actively supporting sales and pre-sales teams by managing and providing expert responses to customer risk and security questionnaires and inquiries.
• Executive Trust Building: Build and maintain critical customer trust by managing and hosting in-person security meetings and discussions with customers and prospects, often at an executive level.
• Salesforce Security Story Leadership: Act as the Subject Matter Expert (SME) for the Salesforce Trust story, proficiently articulating and defending our posture across security, architecture, reliability, performance, privacy, and compliance in customer-facing conversations.
• Cross-Functional Security Advocacy: Liaise with Product Management and internal security teams to ensure the latest security features and capabilities are accurately and compellingly represented in all customer-facing documentation and responses.
• Vulnerability Management Oversight: Review, analyze, and interpret security findings from customer-conducted penetration test reports, collaborating with internal teams to oversee and track timely remediation efforts.
• Contractual & Compliance Consultation: Collaborate closely with Legal, Privacy, and other teams to advise on and address customer-specific contractual security and compliance requirements.
• Field Enablement & Positioning: Develop and drive consistent security and compliance enablement for field sales, services, and partner teams, ensuring they are equipped with the latest positioning, messaging, and best practices.
• Product Roadmap Influence: Gather and consolidate strategic customer security and compliance requests, acting as a key liaison to influence the security product roadmap by communicating requirements to Product Management and Engineering teams.
• Security Content Development: Provide input and assist in the development of high-quality compliance documentation and security collateral, including white papers, standard questionnaires, and security best practice guides.
• Service Expertise Development: Develop and maintain SME capabilities for selected Salesforce services, actively collaborating with product teams and global experts to stay updated on the latest security developments and features.

Desired skills and experience

• Bachelor's degree with 10+ years of experience in information security, security architecture, governance, risk and compliance
• Good understanding of the regulatory environment in India as it pertains to to public sector procurement practices, Government e-Marketplace (GeM), Ministry of Electronics and Information Technology (MeiTY) SaaS empanelment requirements
• Familiarity with public sector tendering process
• Experience interpreting the intent of specific customer questions, and mapping them to industry standard controls
• Experience in conducting penetration tests and vulnerability assessments across various platforms, including web applications, networks, and mobile devices
• Experience using industry-standard tools and frameworks such as Metasploit, Burp Suite, Nmap, and Wireshark, along with a strong understanding of common security protocols and attack vectors

Required skills and experience

• Excellent communication and presentation skills
• Good understanding of public cloud platforms like AWS, GCP, Azure.
• Familiarity with one or more security and regulatory frameworks: NIST 800-53, NIST Cybersecurity Framework, PCI-DSS, ISO 27001, ISO 27017, ISO 27018
• Strong understanding of Indian Security and Privacy Regulations including but not limited to India Digital Personal Data Protection Act (DPDPA), RBI IT Outsourcing Guidelines, SEBI CSCRF, etc.
• Proven experience in supporting and managing security incident response activities, coupled with thorough, hands-on knowledge of Security Information and Event Management (SIEM) tools (e.g., Splunk, Google Chronicle, New Relic) and cloud logging services (e.g., AWS CloudTrail). Ability to analyze and interpret complex audit logs to effectively assist customers with their incident assessment and provide expert support.
• Demonstrated expertise in conducting and overseeing application security assessments, vulnerability scanning, and penetration tests. Requires a thorough understanding of secure coding guidelines and deep familiarity with industry-standard risk frameworks, including the OWASP Top 10 and the SANS Top 25 Common Weakness Enumerations.
• Managed one or more compliance certifications/audits, either as an auditor or responder (PCI-DSS, ISO27001, SOC 1, SOC 2)
• Familiarity with public cloud architectures, security practices and compliance documentation
• Experience supporting Public Sector customers across state and federal as well as the financial services industry
• Supported responses to public sector tenders/RFPs/RFIs from a security architecture, risk and compliance perspective
• Strong team player