Business Title: Intern, Security Compliance

Job Profile: Intern, Security Compliance

Location: Hyderabad
Top skills: HIPAA, SOC 2, PCI, ISO 27001/17/18 Experience, Cloud Compliance Work on Infrastructure
as a Service, Technical Security Understanding

Role Description:
Salesforce is looking to hire an intern in our Security GRC, Security Compliance team located in either
Hyderabad or Bangalore. The Security Compliance team is responsible for the execution, facilitation and
management of Security GRC certification programs, issues and exception management, Global GRC
advisory, evaluation of requests across the company to pursue new technical compliance certifications,
and execution of compliance readiness for new products such as HIPAA, SOC 2, ISO 27001/17/18, and
PCI certifications.

The role will be focused on evaluating technology controls, performing audit readiness, acting as a
compliance subject matter expert to the business, and supporting integration of additional products into
the Salesforce Security GRC programs as needed. This role will also work directly with our internal
engineering, security, and product teams on current and future capabilities that could affect the
compliance of our products.

A successful candidate for this role will be a strong communicator who excels at explaining complex
technology to diverse audiences (across varying technical and business backgrounds) in a way that
fosters understanding and ownership. Innovation, creativity and strategic thinking are key qualifications,
as this role will assist business and technical partners in designing scalable, sustainable approaches to
satisfying our regulatory requirements. The ability to build influence and evangelize for new initiatives
among stakeholders and engineering teams in multiple organizations will be an essential driver for
success, as will an unflappable demeanor and grace under pressure. This role will work with the business
at all organizational layers, so it will be important to demonstrate flexibility in approach, communication
style and depth of understanding.

As a result of the Company's on-demand application service technologies and "software-as-a-service"

business model, the Security GRC team often confronts novel and challenging compliance issues. The
successful candidate must be comfortable working in a very fast-paced and constantly changing
environment. This position reports to the Director, Security GRC, Security Compliance APAC.

Job Functions:

● Plan, Coordinate and execute work assignments with process/control owners and external
auditors
● Collect, evaluate, and upload evidence in support of external audits
● Perform compliance readiness testing, document results, and provide updates to the Security
management, and internal stakeholders (Engineering, Sales, Product Management, Legal, etc.)
● Manage the timely and high-quality execution of GRC milestones.
● Advise process & control owners with the preparation and on-going maintenance of controls and
control documentation (e.g., policies, procedures, narratives, and matrices)
● Proactively identify gaps or conflicts in existing policies and processes and work to develop
solutions with internal business partners.
● Investigate deviate root causes and generate root cause analysis documentation that can be
provided to internal and external audiences
 ● Assist with and drive remediation of process and control deficiencies and gaps identified internally
and externally
● Evaluate and advise on new and evolving certification programs and technology.
● Build strong relationships with business partners and facilitate continuous improvement aligned
with operational processes.
● Effectively communicate program execution status, key accomplishments, and risks to senior
management both within Security and to our business partners.

Preferred Qualifications and Experience:

● In-Depth technical background with a good understanding of security concepts and practical
usage (Access Management, Network Engineering, Network Security, Threat and Vulnerability
Management, Database, SDLC, and Release Management)
● Knowledge of, or experience working with, Cloud technologies/environments, including evaluating
and implementing controls on Infrastructure as a Service (IaaS), Platform as a Service (PaaS)
and/or Software as a Service (SaaS) environments
● Excellent written and verbal communication skills; ability to effectively communicate across all
levels of the Company
● Analytical thinker with strong organizational skills; attention to detail is a must
● Prior experience in a compliance and regulatory environment related to security and privacy
including security compliance standards across industries and geographies such as ISO 27001,
SOC, HIPAA, PCI, and/or HITRUST.
● Possess a “whatever it takes to get the job done” mentality (i.e., pick up the phone, stop by a
desk, follow-up multiple times)
● Highly motivated and thorough; willingness to track items to resolution
● Strong cross team collaboration skills
● Relevant BA/BS degree and/or industry relevant certifications (i.e. CRISC, CISSP, CCIE, CISM,
CISA, CCSK)

POTENTIAL PROJECTS:

● Semi-annual and annual security audits

● Metrics generation and tracking
● Data cleanup in the GRC platform system (security control data, evidence data, framework
requirement data, etc.)
● Support Security Compliance standardization workstreams
● Special projects related to cross-company security compliance themes (e.g., access or release
management)