BT Risk Management and Information Security, Senior Analyst
To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job CategoryEnterprise Technology & Infrastructure
We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.
About the Role
The Salesforce BT Risk Management Team is responsible for ensuring Salesforce internal systems have the information needed to make strategic risk-based decisions. Our team builds risk and compliance processes to ensure internal technologies are structured and configured for data protection and compliance.
Salesforce is looking for a dedicated and dynamic Senior Analyst to work on the Business Technology Risk Management and Information Security team.
The ideal candidate must demonstrate strong initiative, ownership and passion as well as excellent project management, communication, collaboration, and problem-solving skills. The Senior Analyst will support the Company’s growth with compliant, efficient and scalable business processes. The position will assist in improving existing processes, integrating acquired entities and building new processes associated with change events that regularly occur at a high growth company.
A successful candidate will enjoy defining a path to clarity and success where ambiguity currently exists, has excellent organization skills and enjoys working in a challenging, non-traditional, and fast-paced environment.
This includes completing the following example responsibilities:
Develop and maintain risk and control matrix for all internal IT controls.
Implement all phases within a system readiness lifecycle, ensuring timely delivery and quality work.
Regularly enter and supervise work items / deliverables in our systems to ensure progress and clear status reporting for leadership.
Independently perform IT control assessments to identify areas of opportunities for BT to enhance control environment in pre- and post-production environments.
Provide thought leadership on control gaps in the areas of Security, Availability, Privacy, Processing Integrity, Confidentiality, and core ITGCs.
Advise on process improvement through a compliance and information security lens as a strategic advisor to the Business Technology organization, and beyond.
Partner with current functional teams within the organization to review current processes and identify risk areas and areas for improvement and design controls around these to reduce risk and exposure to avoid operation surprises.
Monitor functional teams for compliance to outlined processes and ensure that all key controls are being performed satisfactorily.
Communicate regularly to project teams, including key partners and management, regarding the status of system readiness projects.
Identify / anticipate and resolve program obstacles, including escalation of off-track readiness workstreams and project blockers.
Provide guidance, and oversight on internal and external resources (contractors) for the delivery of key IT compliance initiatives.
Ad-hoc projects as necessary.
4+ years of experience in public accounting and / or large corporate environment with a sophisticated IT environment.
Experience with various data and reporting tools, i.e. Tableau, Microsoft Office Suite, G Suite, and/or Visio.
Solid understanding of audit, security, & financial and operational internal control methodologies and terminology (e.g. COSO), as well as the Sarbanes Oxley (SOX) Act of 2002 and Audit Standard 5, including documentation and testing.
Ability to identify and articulate key security and financial risks and develop controls to mitigate the identified risks.
Experience implementing and testing Security controls based on the NIST SP 800-53 standard in response to identified risks.
Experience designing, implementing, and testing internal controls in response to identified risks.
Ability to influence, interact and partner effectively with multi-functional and remote teams.
Ability to work under tight deadlines and respond to changing business and technical environments.
Understanding of technically sophisticated topics, particularly in emerging areas including cloud environments and artificial intelligence.
Experience managing deliverables and milestones where there is ambiguity or competing approaches with respect to the best path to success.
Takes ownership of tasks and effectively manages time of self and others.
Excellent written and verbal communication skills to “engage in the conversation”.
Ability to build trusting relationships, credibility and influence to partner effectively with stakeholders and improve decision-making and outcomes.
Outstanding collaboration skills with team members, ability to partner with remote and cross-functional teams.
CISSP, CPA, CISA, PMP, CISM certification(s)
If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.
At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.
Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.
Salesforce welcomes all.