Heroku’s Trust organization is responsible for the confidentiality, integrity, and availability of Heroku’s platform and infrastructure. We need someone with a strong security architecture and program management background to drive our vision of a security-first compliance strategy into an operational reality.
Reporting to Heroku’s Head of Trust, the primary focus of this role is program ownership over our compliance journey. Our security program is both strategic and cross-functional, validating compliance requirements will require engagement and evidence from across the organization.
- Have a proven track record of designing security control strategies, compensating controls, and explaining public cloud responses to traditional datacenter-centric audit requests.
- Be equally comfortable in program or project management experience and some familiarity with security, compliance and privacy frameworks such as HIPAA, PCI-DSS, SOX ITGC, ISO 27001. Experience in the audit process, especially executing first time audits on these is a strong plus.
- Have confidence running large scale cross cutting projects, requiring parallel efforts from dozens of teams.
- Have the uncanny ability to see dependencies, blockers, gotchas and curveballs before others do, and your detailed project planning will account for them.
- Work closely engineering and product management teams
- Be responsible for timely delivery of all compliance projects.
- Actively invest in relationships with other teams across the Salesforce family.
Our Program Manager will be comfortable interpreting and applying the spirit and intent of compliance control objectives, providing a level of technical direction and support. Working closely across partner teams in Security and SRE, you will have the ability to capture and articulate their technical perspectives, bringing clarity and eliminating confusion.
The successful candidate has a communicative and collaborative approach to program management. You know how to assess cost and risks, and you’re adept at guiding individual teams in striking a healthy balance between their needs and the needs of the larger program. You will partner with engineering to foster a deep understanding of the meaningful security work driving compliance requirements. You set a high standard in your own work, and also enjoy helping others with their project challenges.
- Balancing security priorities with compliance needs.
- Explaining cloud architecture and security strategies to auditors and business partners experienced in classical datacenter system structures.
- Designing security strategy phases needed to achieve compliance objectives against a deadline, with our ideal state on a collaborative timeline.
- Program ownership: project management, status tracking, and issue resolution.
- Taking on in-flight programs including HIPAA and PCI efforts underway, SSAE, SOC and others as they come online.
- Relationship management and leadership of cross-cutting security development projects.
- Guide vision for evidence creation, validation, and assessment workflows.
- Host customer security and compliance audits.
- Program/project management experience on large cross-functional projects
- Public cloud security, distributed systems, and partnership with agile development organizations.
- A comfort level with n-tier web (application|service) models, IP networking, logging, *nix systems, hardening and incident response.
- Software industry knowledge of technical security certifications, such as PCI, HIPAA, SSAE/SOC, etc.
- Able to work collaboratively across diverse engineering teams and products to meet organizational security goals.
- Able to effectively communicate compliance and security requirements to diverse teams with differing priorities and experience levels.
- Able to tailor program status information for the needs of various stakeholders by understanding how they’ll be able to most efficiently consume the information.
- Strong written and verbal communication skills across multiple levels and functions.
Apply for Senior Compliance Program Manager- Heroku You will be taken to careers.force.com