To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category
Enterprise Technology & Infrastructure
Job Details
The Experience
The Global Compliance and Certification (GCC) team is responsible for enterprise-wide compliance processes, ensuring Salesforce leadership has the information needed to make strategic, risk-based decisions. The GCC team is a division within the Product Security Organization, and you'll play a pivotal role in partnering with engineering to translate complex mandates into actionable controls - driving continuous risk mitigation and adherence to Salesforce security frameworks.
We're looking for a compliance professional who is energized by the challenge of making complex regulatory requirements clear and actionable. In this role, you'll get to work across engineering, security, and external auditors to shape how Salesforce maintains its global compliance posture - gaining deep experience in cloud security frameworks and audit execution at scale.
What You'll Actually Be Doing
- Serve as a cloud compliance subject matter expert, supporting internal and external audits - including leading walkthroughs with external assessors - by ensuring effective control implementation across Salesforce environments aligned with ISO 27001, Service Organization Controls (SOC) 1/2, and other regulatory frameworks.
- Partner with engineering teams to translate complex compliance frameworks and regulatory mandates into clear, actionable deliverables, ensuring timely remediation and clear leadership reporting on progress and residual risk.
- Identify opportunities to streamline and automate evidence collection, document detailed process playbooks, and drive operational efficiency and continuous improvement.
- Collaborate with cross-functional partners to operationalize audit recommendations and enhance overall compliance posture.
- Automate evidence collection and compliance operations to drive operational efficiency and continuous improvement.
You're Our Person If...
- You have 4+ years of experience in IT audit or internal controls, managing global compliance assessments in complex environments with a strong focus on cloud and software-as-a-service (SaaS) platforms.
- You have prior experience with compliance and regulatory standards across industries and geographies, including ISO 27001, SOC, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Health Information Trust Alliance (HITRUST), Sarbanes-Oxley (SOX), and Federal Risk and Authorization Management Program (FedRAMP).
- You bring strong analytical and problem-solving skills with the ability to assess risks, recommend solutions, and work independently in a fast-paced regulatory environment.
- You have strong program and stakeholder management experience, including cross-functional leadership, with excellent organizational and documentation skills.
Even Better If...
- You have experience with compliance tooling, control testing automation, or audit workflow platforms.
- You have technical knowledge of hyperscaler environments such as Amazon Web Services (AWS).
- You hold one or more relevant certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).
*LI-Y
Unleash Your Potential
When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what's possible - for yourself, for AI, and the world.