Apply on Employer Site

Salesforce · 18 hours ago

Security GRC Senior Analyst

Virginia - Mclean

Full-time

Hybrid

Mid, Senior Level

3+ years exp

Salesforce is the #1 AI CRM, driving customer success through innovation and technology. The Security GRC Senior Analyst is responsible for assessing security risks, ensuring compliance, and collaborating with various stakeholders to enhance security processes and operational excellence.

Agentic AIArtificial Intelligence (AI)Cloud ComputingCRMSaaSSales EnablementSoftware

Comp. & Benefits

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Assess security risk and ensure that controls are designed to appropriately mitigate security risk

Assess control effectiveness to ensure ongoing compliance

Drive existing or newly identified initiatives between stakeholder organizations creating synergies and reducing risk of non-compliance with internal or external requirements

Consult with business or security stakeholders on information security requirements and applicability to their business processes, products, or services

Create and maintain relationships with key business, legal, Employee Success, Internal Audit, technical/engineering stakeholders, and other organizations throughout the company who provide expertise in security requirements and solution management

Focus on continuous improvement of operational processes and designing innovative and automated functionality for added efficiency

Identify and create metrics and dashboards to quantify and measure the impact of security processes that you drive

Effectively communicate compliance positions and programs to applicable business stakeholders

Qualification

Security governanceRisk managementCompliance frameworksCloud environmentsOperational process designBuilding rapportDesire to learnAgileProactiveCommunication

Required

Minimum 3 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 3-5 years of total work experience

Experience working with Government Cloud environments such as AWS, Azure, GCP (SaaS, IaaS, PaaS etc)

Experience in security related analysis, creating metrics and dashboards and summarizing large data sets

Ability to work with both business and technical areas and translate between the two areas

Skilled at building rapport and establishing partnerships

Excellent verbal and written communication skills and ability to communicate results to multiple levels of management

Knowledge of multiple regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOX, SOC, HITRUST, HIPAA, FedRAMP (including FedRAMP 20x), DOD SRG IL4/IL5, PCI, etc.)

Operational process design, improvement, and implementation experience

Demonstrated desire to learn new skills and innovate

Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively

Drive improvements in existing processes and develop new innovative and efficient solutions

Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc

Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders

Experience working with the Authorizing Officials and DISA Cloud Assessment Division

Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions