Job functions

Salesforce security and compliance expert for customers and prospects

• Understand our business and the problems we are trying to solve, deeply, when it comes to our core security services

• Support the sales and pre-sales teams in responding to customer risk and security questionnaires and queries

• Build customer trust through managing and hosting in-person customer/prospect security meetings

• Be the Salesforce field expert for the Salesforce trust story covering security, architecture, reliability, performance, privacy and compliance conversations

• Interface with Product Management and various internal security teams to ensure all the latest security features and capabilities adequately  represented in customer responses

• Review the security findings in the customer-conducted penetration test reports and collaborate with internal teams to oversee their remediation. 

• Collaborate with the Salesforce Legal, Privacy and other teams on customer-specific contractual requirements

• Ensure field sales, services and partner teams are consistently enabled with the latest and best positioning around Salesforce security and compliance  

• Gather customer security/compliance requests, and liaison with Salesforce product managers as well as engineering teams to maintain a security product roadmap

• Provide input and assist in developing compliance-related documentation: white papers, standard questionnaires, security best practices, etc.

• Develop SME capabilities for selected Salesforce Services and work with the product teams and global SMEs within the team to stay updated on the latest developments. 

• Support drafting white papers and security collateral 

Desired skills and experience

• Bachelor's degree with 10+ years of experience in information security, security architecture, governance, risk and compliance

• Good understanding of the regulatory environment in India as it pertains to to public sector procurement practices, Government e-Marketplace (GeM), Ministry of Electronics and Information Technology (MeiTY) SaaS empanelment requirements

• Familiarity with public sector tendering process

• Experience interpreting the intent of specific customer questions, and mapping them to industry standard controls

• Experience in conducting penetration tests and vulnerability assessments across various platforms, including web applications, networks, and mobile devices

• Experience using industry-standard tools and frameworks such as Metasploit, Burp Suite, Nmap, and Wireshark, along with a strong understanding of common security protocols and attack vectors

Required skills and experience

• Excellent communication and presentation skills

• Good understanding of public cloud platforms like AWS, GCP, Azure. 

• Familiarity with one or more security and regulatory frameworks:  NIST 800-53, NIST Cybersecurity Framework, PCI-DSS, ISO 27001, ISO 27017, ISO 27018

• Strong understanding of Indian Security and Privacy Regulations including but not limited to India Digital Personal Data Protection Act (DPDPA), RBI IT Outsourcing Guidelines, SEBI CSCRF, etc.

• Extensive experience in designing and implementing security architectures for enterprise-level systems, including cloud and on-premises environments.

• Strong knowledge of security frameworks and standards such as NIST, ISO 27001, and CIS, along with hands-on experience with security tools and technologies like firewalls, intrusion detection/prevention systems, and encryption protocols.

• Managed one or more compliance certifications/audits, either as an auditor or responder  (PCI-DSS, ISO27001, SOC 1, SOC 2)

• Experience with supporting customer security/compliance questionnaires

• Familiarity with public cloud architectures, security practices and compliance documentation

• Experience supporting Public Sector customers across state and federal as well as the financial services industry 

• Supported responses to public sector tenders/RFPs/RFIs from a security architecture, risk and compliance perspective

• Strong team player