Sr. Risk & Compliance Specialist (GRC)

Salesforce•San Francisco, CA

About The Position

The Global Compliance and Certification (GCC) team is responsible for enterprise wide compliance processes, ensuring Salesforce leadership has the information needed to make strategic risk-based decisions. You will report directly to a Manager on our APEX team, a division within the Product Security Organization, and will play a pivotal role in driving and overseeing cloud security compliance that support Salesforce’s products. We’re seeking an experienced and driven Sr. Risk & Compliance Specialist to lead and mature our compliance programs. In this role, you’ll be responsible for managing audits, regulatory requirements, and internal control frameworks that support our security posture and ensure adherence to global standards. You’ll work cross-functionally with stakeholders in Security, Legal, IT, and Engineering to embed compliance into operational workflows and support certifications and attestations such as ISO 27001, SOC 2, PCI DSS, ISMAP, IRAP and others.

Requirements

6–8 years of relevant experience in information security compliance, risk management, or audit.
Deep knowledge of security standards and regulatory frameworks (e.g., ISO 27001, SOC 2,HIPAA, PCI, ISMAP, IRAP, etc.).
Experience managing compliance audits and interacting with external assessors or regulators.
Strong understanding of IT and security controls, particularly in cloud environments.
Good communication and stakeholder management skills.
Ability to translate regulatory requirements into actionable technical and process-oriented controls.

Nice To Haves

Relevant certifications (e.g., CISA, CISSP, CRISC, ISO Lead Auditor).
Prior experience working with GRC tools and automation platforms.
Strategic mindset with the technical ability to translate compliance goals into engineering solutions.
Passion for global compliance and finding the path of least resistance to get there.
Ability to operate autonomously and drive innovation in regulated environments.
Strong solutioning mindset, being able to break down complex problems with simple solutions that are communicated in a clear and concise manner.

Responsibilities

Work on compliance initiatives and assessments across various frameworks (e.g.SOC 2, ISO 27001, PCI, ISMAP, IRAP, etc.).
Manage and improve internal control environments, ensuring continuous alignment with applicable regulations and industry best practices.
Act as a senior liaison for external auditors, assessors, and internal stakeholders during audits and assessments.
Oversee the implementation and monitoring of corrective actions and risk mitigation efforts.
Develop and maintain compliance documentation, policies, and procedures.
Provide compliance training and awareness to relevant business units.
Track compliance metrics, drive remediation efforts, and communicate risks and progress to senior leadership.

Benefits

Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program.
More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume