Salesforce is looking to solve the problem of ensuring enterprise-wide compliance with global standards and regulatory requirements, and making strategic risk-based decisions.
Requirements
- 6+ years of experience in IT audit or internal controls, managing global compliance assessments in a complex environment with a strong focus on cloud/SaaS platforms.
- Prior experience in a compliance and regulatory environment related to security and privacy including security compliance standards across industries and geographies such as ISO 27001, SOC, HIPAA, PCI, HITRUST, SOX and FedRAMP, etc.
- Experience with compliance tooling, control testing automation, or audit workflow platforms and processes
- Technical knowledge and understanding of different hyperscaler environments such as AWS.
- Strong Analytical and problem solving skills with the ability to assess risks and recommend solutions.
- Detail oriented with strong organizational and documentation skills.
- Ability to solve unique, complex and often ambiguous problems with broad impact on the business
Responsibilities
- Develop and execute audit strategies to ensure compliance with global standards and regulatory requirements.
- Lead and execute the internal controls testing program focused on Salesforce environments, ensuring alignment with SOX, ISO 27001, SOC 1/2, and other regulatory frameworks.
- Partner directly with Salesforce compliance engineering and platform teams to understand technical processes and design effective control testing strategies across multiple domains.
- Collaborate with cross-functional partners to operationalize audit recommendations and enhance compliance posture.
- Develop and maintain robust playbooks and control documentation for critical Salesforce processes that serve as the foundation for assessments and audits.
- Identify opportunities to streamline and automate testing procedures, driving operational efficiency and continuous improvement.
- Provide timely and actionable reporting to leadership, highlighting testing results, emerging risks, control gaps, and trends across the Salesforce ecosystem.
Other
- Strong program and stakeholder management experience, including cross-functional leadership in a highly collaborative environment.
- Ability to work independently and collaboratively in a fast paced regulatory environment.
- Identify risk in processes and environments, and strategies to mitigate the risk.
- Conceptual and innovative thinking to develop and implement solutions
- Certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK) are a plus
