Manager, Technology Risk and Controls

Salesforce•San Francisco, CA

3d•Hybrid

About The Position

Salesforce is seeking a Manager, Technology Risk and Controls to join the Digital Enterprise Technology (DET) team. This individual contributor role will operate as a part of the second line of defense within our Governance pillar, dedicated to managing and maturing our SOX IT control environment. The Manager will be responsible for ensuring the ongoing execution, effectiveness, and readiness of DET’s SOX IT controls. You will serve as the primary liaison between internal control owners, our external audit partners, and internal audit teams, translating complex audit requirements into clear, executable compliance activities to ensure timely completion of SOX activities.

Requirements

6+ years of experience in IT audit, risk and control, risk management, or a related field, preferably within a large, global technology organization.
Strong expertise with SOX IT control requirements and assessments, either in an external audit capacity or in an internal second line function.
Proven ability to manage audit execution tasks, walkthrough facilitation, control testing support, and deficiency remediation.
Solid communication skills, with the ability to clearly articulate complex audit and compliance issues to both technical and non-technical audiences.
Demonstrated ability to work effectively as an individual contributor, managing multiple projects and deadlines autonomously.
A related technical degree required.

Nice To Haves

Relevant certifications such as CISA, CISSP, CRISC, or similar.
Experience partnering directly with external and internal audit teams.
Previous experience assessing or implementing IT controls around Salesforce products is a plus.
Familiarity with GRC tools and platforms (e.g., ServiceNow GRC, AuditBoard).

Responsibilities

Play a key role in ensuring the execution of annual SOX audit activities, working closely with internal and external audit partners for SOX IT controls within DET to ensure requested support and follow up questions are addressed timely.
Act as a central point of contact for DET control owners for SOX IT controls, ensuring stakeholders are clear on their responsibilities as it pertains to control execution, audit walkthrough preparation, and required audit evidence.
Partner with DET control owners to track, manage, and facilitate the timely remediation of any SOX audit findings or control deficiencies.
Build and maintain strong, collaborative relationships with cross-functional partners (e.g., Internal Audit, Finance, Security, and DET Engineering teams) to ensure alignment on system scoping and controls approach within DET.
Identify opportunities for control optimization and standardization across the DET control landscape to enhance efficiency, reduce manual effort, and improve the overall control posture.