Security GRC Senior Manager
Indianapolis, IN  / Denver, CO  / Atlanta, GA 
Posted 10 days ago
Job Description

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Enterprise Technology & Infrastructure

Job Details

About Salesforce

We're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.

The Policy and Governance team is responsible for building and managing the Policy and Standards Management Life Cycle which sets clear security requirements and expectations, enabling Salesforce to make the best security decisions when delivering solutions to our customers. This includes delivering security requirements and specific implementation procedures to our technology, security, and engineering teams, in collaboration with those teams.

We also facilitate information security and data governance processes to ensure alignment and approval of Information Security Policy and Standards, our International Organization for Standardization (ISO) certifications, and governance of our Security GRC data.


  • Information Security Governance Owner (Security Steering Committee). Drive enterprise security governance strategy and activities ensuring alignment and synergy between the different governance groups across Salesforce. The Information Security Governance Owner's primary responsibilities include the following:

    • Consult with other teams looking to create governance and other existing governance organizations

    • Create an annual plan for core meeting topics, meetings dates in alignment with the above mentioned security governance organizations, and regular and predictable communications

    • Drive recent recommendations from security governance assessments

    • Drive the principles, decisions, or direction from the council and committees into the rest of the Security and Engineering organizations

    • Provide an onboarding experience for all new members supported by documentation

    • Rigorously follow-up on all action items and provide regular updates to the members

    • Ensure clear communication of all council committee materials and meeting dates utilizing Salesforce communication channels and in-person meetings

    • Work with Security Leadership and Engineering to drive accountability, responsibility, and tracking of risk mitigation activities

    • Gain a deep understanding of the Salesforce security risk governing organizations and ensure alignment

    • Develop and report on metrics for risk governance and risk reduction activities and communication effectiveness

    • Engage with members and stakeholders to facilitate the creation of, or update to, agendas, action items, meeting minutes, and meeting follow-up

    • Drive the engagement of the security risk governance members ensuring we have the right members and they are engaged in impactful activities related to the council and committees

    • Ensure leadership is updated on key governance information and decisions being made across the enterprise

  • ISMS Program Owner / Manager. The ISMS Owner / Program Manager is the primary resource dedicated to the active management of the ISMS and its continual improvement. The ISMS Owner's primary responsibilities include the following:

    • Manage the work queue for the ISMS GUS Product Tag

    • Update and maintain all core ISMS documentation, to include; the Statement of Applicability, ISMS Manual, Testing Templates, and Corrective Action Process, etc

    • Manage the scope of the ISO program and scope expansions, along with the ISO 27001 certification certificate

    • Assist with both internal and external audits

    • Provide consultation and advisory services to the Technology Compliance Team and other teams throughout Salesforce with regards to ISO 27001, ISO 27017, ISO 27018, and other related standards

    • Continually review the health and status of the ISMS with Security Compliance, specifically the main clause areas, and drive continual improvement for those areas with control owners and associated teams

    • Report on the status of continual improvement and issues for the ISMS to Salesforce Management

    • Work collaboratively with the Compliance team in updating and approving updates to all related Salesforce ISO documentation

    • Chair the quarterly ISMS Management Review and monthly ISO 27001 Joint Working Groups meetings

  • Controls and Compliance. Work with our Common Controls Framework ensuring:

    • Help install new areas of compliance and updates to certifications

    • Assist in the implementation of new features in the standards and controls areas of our eGRC tooling

    • Our ISO standards and ISO related standards controls and sources are kept up-to-date and mapped correctly

Required Skills:

  • Knowledge of regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOC)

  • Relevant BA/BS degree

  • 10+ years of related security governance experience or equivalent governance experience

  • Master degree preferred

  • Experience working in or exposure to large-scale/global organizations

  • Knowledge and experience of security governance, risk management, security in general

  • Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively

  • Knowledge of, or experience working with, Cloud technologies/environments is a plus

  • Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions

  • Knowledge of and experience with enterprise business practices and industry trends

  • Excellent interpersonal and relationship skills

  • Excellent presentation and communication skills

  • Excellent analytical and process development skills

  • Detail oriented with an eye for quality

  • Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc.


If you require assistance due to a disability applying for open positions please submit a request via this .

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at and explore our company benefits at .

is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. does not accept unsolicited headhunter and agency resumes. will not pay any third-party agency or company that does not have a signed agreement with.

Salesforce welcomes all.

For Colorado-based roles, the base salary hiring range for this position is $156,800 to $215,600.

Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Headhunters and recruitment agencies may not submit resumes/CVs through this Web site or directly to managers. and do not accept unsolicited headhunter and agency resumes. and will not pay fees to any third-party agency or company that does not have a signed agreement with or


Job Summary
Start Date
As soon as possible
Employment Term and Type
Regular, Full Time
Required Education
Bachelor's Degree
Required Experience
10+ years
Email this Job to Yourself or a Friend
Indicates required fields