To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category
Enterprise Technology & Infrastructure
Job Details
About Salesforce
Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn’t a buzzword — it’s a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.
Ready to level-up your career at the company leading workforce transformation in the agentic era? You’re in the right place! Agentforce is the future of AI, and you are the future of Salesforce.
As the adoption of Salesforce for critical applications in the enterprise accelerates, so does the requirement for our prospects and customers to learn more about how we keep their data secure. The Senior Manager, Information Security will be the interface between Salesforce Security and our customers and prospects to ensure they are successful with their own internal compliance and vendor-management efforts related to Salesforce.
Salesforce Security and Compliance Expert for Customers and Prospects
- **Strategic Security Partnership: **Serve as a trusted security advisor by developing a deep understanding of customer business objectives, risk posture, and strategic challenges, ensuring alignment between customer requirements and Salesforce security capabilities.
- **Customer Assurance & Trust: **Act as the primary security representative for customers, prospects, and internal stakeholders, leading responses to security, risk, and compliance assessments, questionnaires, and due diligence requests.
- Executive Stakeholder Engagement: Build and strengthen customer trust through executive-level security discussions, briefings, and strategic engagements with customers, prospects, and key decision-makers.
- Security & Compliance Thought Leadership: Serve as a Subject Matter Expert (SME) on Salesforce's security, privacy, compliance, reliability, and architectural capabilities, effectively articulating and advocating Salesforce's trust posture in customer-facing interactions.
- **Cross-Functional Security Advocacy: **Partner closely with Product Management, Engineering, Legal, Privacy, and Security teams to ensure customer-facing security messaging, documentation, and responses accurately reflect current capabilities and best practices.
- Vulnerability & Risk Management: Review, analyze, and interpret customer-generated security findings, penetration test reports, and risk assessments, collaborating with internal teams to drive timely remediation and risk mitigation.
- **Incident Response Support: **Act as the customer-facing security escalation point during security incidents, partnering with Incident Response, Support, and Engineering teams to ensure effective communication and resolution.
- **Contractual & Compliance Advisory: **Collaborate with Legal, Privacy, and Compliance teams to address customer-specific contractual, regulatory, and compliance requirements.
- Field Enablement & Security Positioning: Develop and deliver security and compliance enablement programs for Sales, Services, and Partner teams, ensuring consistent messaging, positioning, and customer engagement best practices.
- **Product Roadmap Influence: **Consolidate customer security and compliance requirements and provide actionable insights to Product Management and Engineering teams to help shape the security product roadmap.
- **Security Content Development: **Contribute to the creation and maintenance of security and compliance collateral, including white papers, security questionnaires, customer assurance documentation, and best-practice guides.
- **Service Expertise Development: **Maintain deep expertise across Salesforce products and services by collaborating with product teams and global subject matter experts to stay current on emerging security capabilities and industry trends.
- Regulatory & Industry Engagement: Partner with Public Policy and Regulatory Affairs teams to support industry consultations, regulatory initiatives, and evolving compliance requirements relevant to customers and Salesforce.
Desired Skills and Experience
- Bachelor's degree with 10+ years of experience in information security, security architecture, governance, risk and compliance, with a meaningful portion spent in customer-facing or external-stakeholder roles.
- Good understanding of the regulatory environment in India as it pertains to public sector procurement practices, Government e-Marketplace (GeM), and Ministry of Electronics and Information Technology (MeitY) SaaS empanelment requirements.
- Familiarity with public sector tendering processes.
- Experience interpreting the intent of specific customer questions and mapping them to industry-standard controls.
- Experience conducting penetration tests and vulnerability assessments across various platforms, including web applications, networks, and mobile devices.
- Experience using industry-standard tools and frameworks such as Metasploit, Burp Suite, Nmap, and Wireshark, along with a strong understanding of common security protocols and attack vectors.
- Extensive background in providing specialized support to public sector entities at both state and federal levels, alongside significant experience within the Indian financial services industry.
- Comprehensive understanding of the Indian public sector procurement landscape, including Government e-Marketplace (GeM) protocols, MeitY SaaS empanelment criteria, and standard RFI/RFP frameworks.
- Proven track record in managing and facilitating technical responses for tenders, specifically focusing on security architecture, risk mitigation, and compliance standards.
- Active engagement in the broader security community, including presenting at industry conferences and partnering with policy teams to contribute to regulatory consultations.
Required Skills and Experience
Excellent communication and presentation skills.
Good understanding of public cloud platforms such as AWS, GCP, and Azure.
Familiarity with one or more security and regulatory frameworks:
- NIST 800-53
- NIST Cybersecurity Framework
- PCI-DSS
- ISO 27001
- ISO 27017
- ISO 27018
Strong understanding of Indian Security and Privacy Regulations, including but not limited to:
- Digital Personal Data Protection Act (DPDPA)
- RBI IT Outsourcing Guidelines
- SEBI Regulations
- CSCRF
Proven experience in supporting and managing security incident response activities, coupled with thorough hands-on knowledge of Security Information and Event Management (SIEM) tools such as Splunk, Google Chronicle, and New Relic, as well as cloud logging services such as AWS CloudTrail.
Ability to analyze and interpret complex audit logs to assist customers with incident assessments and provide expert support.
Demonstrated expertise in conducting and overseeing application security assessments, vulnerability scanning, and penetration tests.
Thorough understanding of secure coding guidelines and industry-standard risk frameworks, including:
- OWASP Top 10
- SANS Top 25 Common Weakness Enumerations
Experience managing one or more compliance certifications or audits, either as an auditor or responder:
- PCI-DSS
- ISO 27001
- SOC 1
- SOC 2
Familiarity with public cloud architectures, security practices, and compliance documentation.
Experience supporting Public Sector customers across state and federal agencies, as well as the financial services industry.
Experience supporting responses to public sector tenders, RFPs, and RFIs from a security architecture, risk, and compliance perspective.
Strong team player.
Unleash Your Potential
When you join Salesforce, you’ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we’ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future — but to redefine what’s possible — for yourself, for AI, and the world.
Accommodations
If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodations Request Form.
Please note that Salesforce uses artificial intelligence (AI) tools to help our recruiters assess and evaluate candidates’ resumes and qualifications throughout the recruiting process. Humans will always make any candidate selection and hiring decisions. Please see our Candidate Privacy Statement for more information about how we use your personal data and your rights, including with regard to use of AI tools and opt out options.
Posting Statement
Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that’s inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.