Business Information Security Officer, Public Sector

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

We're Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too - driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good - you've come to the right place.

Salesforce is actively seeking a highly motivated and strategic Business Information Security Officer, Public Sector, to join the Business Information Security Officer (BISO) + Product Security Strategy and Advisory Team (PSSAT), within the Product Security organization. This pivotal role requires a blend of real-world experience and theoretical knowledge in software security, including application security, cloud security, secure coding practices, compliance certifications (with an emphasis on NIST Risk Management Framework (RMF) and US FedRAMP) and security architecture. The ideal candidate will have a proven track record of excellence in security delivery, experience working on public sector-focused products/services and the ability to influence security and engineering partners to effectively manage risk. This role is responsible for managing stakeholder expectations and business risk for Sales, Service, AI, Data Cloud and Field Service business units, as well as Mulesoft and Tableau, as they integrate into our GovCloud environment. This role will contribute to, and stay highly aligned with, the product security team, a pragmatic security risk management organization that prioritizes, optimizes, and tracks the execution of the security backlog via a single work stream for product engineering, using deep technical understanding and business risk impact.

• Representation: Serve as the face of the Security organization to engineering partners, prioritizing and tracking security requests from various sources into actionable risk signals for product engineering and operations.

• Collaboration: Partner with security and cloud engineering teams, the GovCloud team and extended groups, providing feedback on process and technical changes needed to convert outputs into actionable risk signals.

• Security Implementation: Build strong relationships within the cloud engineering, GovCloud and operations teams to implement appropriate security controls to protect applications, infrastructure, and data.

• Stakeholder Communication: Communicate effectively with stakeholders at all levels regarding the security posture of GovCloud products and the importance of security.

• Program Metrics: Utilize business-relevant metrics to report on program efficiency and effectiveness, facilitate resource allocation, and collaborate with stakeholders to increase the security program's maturity.

• Risk Management: Stay abreast of changes to technologies, practices, compliance requirements/changes, and business activities that could impact the organization's Information Security or risk profile.

• Compliance: Partner with the Compliance team to support continued compliance with various market access certifications and regulatory requirements (with an emphasis on FedRamp in particular)

• Security Evangelism: Advocate for security-by-design, partnering with executive leadership to ensure that applications and platforms are developed with security in mind.

• Program Development: Align and enable consistent delivery for the Product Security organization. Identify opportunities for improvement and guiding the team to unlock potential.

• Strategy Implementation: Collaborate with peers within the Product Security organization to implement the product security org mission consistently and effectively.

• Industry:

  • 7+ years of cloud computing and cybersecurity experience

  • 5+ years of U.S. federal public sector experience

• Skills:

  • Product and/or program management experience and/or certifications

  • Working familiarity with the NIST RMF and public sector compliance requirements

  • Excellent oral and written communication, prioritization, negotiation, conflict resolution, and interpersonal skills

*LI-Y

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.