Security GRC Senior Analyst

About The Position

Requirements

• Minimum 3 years of experience in security governance, risk management, compliance, audit, internal controls, or other security related areas and a minimum of 3-5 years of total work experience
• Experience working with Government Cloud environments such as AWS, Azure, GCP (SaaS, IaaS, PaaS etc)
• Experience in security related analysis, creating metrics and dashboards and summarizing large data sets
• Ability to work with both business and technical areas and translate between the two areas
• Skilled at building rapport and establishing partnerships
• Excellent verbal and written communication skills and ability to communicate results to multiple levels of management
• Knowledge of multiple regulatory compliance frameworks (NIST CSF & 800-53, ISO27001, SOX, SOC, HITRUST, HIPAA, FedRAMP (including FedRAMP 20x), DOD SRG IL4/IL5, PCI, etc.)
• Operational process design, improvement, and implementation experience
• Demonstrated desire to learn new skills and innovate
• Agile, proactive, comfortable working with ambiguous specifications and can prioritize quickly and effectively
• Drive improvements in existing processes and develop new innovative and efficient solutions
• Ability to work effectively with a wide range of individuals including developers, systems administrators, executives, customers, regulators, auditors, etc.
• Experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance, Engineering, and other stakeholders
• Experience working with the Authorizing Officials and DISA Cloud Assessment Division
• Experience working with Information Security, GRC, ERM, Technology, Business, and Legal/Privacy functions

Nice To Haves

• Knowledge of, or experience working with, Cloud technologies/environments is a plus
• CISSP, CISA, CISM, AWS or similar certifications a plus

Responsibilities

• Assess security risk and ensure that controls are designed to appropriately mitigate security risk.
• Assess control effectiveness to ensure ongoing compliance.
• Drive existing or newly identified initiatives between stakeholder organizations creating synergies and reducing risk of non-compliance with internal or external requirements
• Consult with business or security stakeholders on information security requirements and applicability to their business processes, products, or services
• Create and maintain relationships with key business, legal, Employee Success, Internal Audit, technical/engineering stakeholders, and other organizations throughout the company who provide expertise in security requirements and solution management
• Focus on continuous improvement of operational processes and designing innovative and automated functionality for added efficiency
• Identify and create metrics and dashboards to quantify and measure the impact of security processes that you drive
• Effectively communicate compliance positions and programs to applicable business stakeholders

Benefits

• Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program.
• More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.