This job listing has expired and the position may no longer be open for hire.

Summer 2021 Intern - Security GRC Analyst at in San Francisco, California

Posted in Other 11 days ago.

Type: Full Time

Job Description:

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.





Governance Risk and Compliance (GRC) Team provides the full range of GRC services to the organization. These services include policy and standards creation and management, compliance readiness, risk assessments, vendor assessments and issues and exceptions management.

The intern on the team may work on a variety of different projects, depending on the team within GRC, including: conducting audit fieldwork, coordinating and following up on risk assessments with technical teams, managing issues and exceptions, and contributing to the improvement of our ISO program and GRC data automation processes. This requires technical background knowledge and the ability to learn new technical concepts and apply risk and control framework knowledge. This also requires exceptional analytical, verbal and written communications skills and an ability to create and foster strong relationships with cross-functional partners.


* Pursuing a BS/MS in Information Security or related degree

* Basic knowledge in security governance, risk and compliance frameworks and management

* Ability to communicate and work collaboratively with multiple levels in the technology organization

* Excellent interpersonal and relationship skills

* Excellent presentation, facilitation and communication skills

* Execution oriented and a self-motivator

* Excellent documentation skills for all tasks

* Ability to work alone, in a group, and with guidance to make decisions

* Ability to think critically and analyze problems

* Able to articulate situation, challenges, risks, and see intersection of compliance impacts


* Knowledge and exposure to Information Technology compliance and risk management frameworks (NIST 800-53, ISO Annex A controls, SOC 2 Control Criteria, etc.)

* Security knowledge (OWASP top 10, etc.)

* Exposure to Information Technology Auditing

* Exposure to enterprise GRC tools (Metricstream, Archer, etc.)

* Maintains an up-to-date understanding of industry best practices.

* Exposure to Agile practices and tooling (Jira, etc.)

* Demonstrate security interest and willingness to grow GRC focus areas (e.g. certifications)

For GRC Orchestration team:

* Participate in Security Risk Assessment workshops and interviews with technical teams, engineers and developers.

* Investigate, process Security Issues and Exceptions and provide visibility to leadership.

* Coordinate with Security Assurance, Control Owners, Business units/stakeholders on Corrective action plan, follow up, validation and resolution of issues, exceptions and extensions identified.

* Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.

* Review corrective action plans provided by the stakeholders.

* Collaborate with design team to improve the efficiency of IEM/RM work flow.

* Document risks and control gaps resulting from workshops and interviews with technical teams, engineers and developers or review of supporting documentation.

* Prepare and maintain reports, dashboards, process flows and presentations in a timely and accurate manner.

For GRC Compliance:

* Participate in compliance external audits with control owners and business units/stakeholders to support the timely and high-quality execution of certification programs.

* Obtain and analyze control process policies, standards and supporting documentation.

* Identify and documents areas of gaps or risks in existing control processes and work to develop solutions with internal business partners.

* Build strong relationships with business partners and help facilitate continuous improvement aligned with operational processes.

* Collaborate with team to effectively communicate program execution status, key accomplishments, and risks to management both within GRC and to our business partners.

For GRC Policy and Governance:

* Work with Engineering teams to figure out how to deliver security requirements within their tools in a usable and meaningful way

* Identify areas of improvement for how information security standards are structured and managed to increase usability and ease of use from end user feedback

* Create dashboard to help manage and provide visibility into the current state of the Salesforce ISMS program

* Determine areas for automation and process improvement in the Security Steering Committee Program

* Perform root cause analysis of security requirement failures and create action plans for improvement areas

For Controls Assurance:

* Participate in Third Party Vendor Assessments and coordinate with third party vendors, Control Owners and Business Units/stakeholders on control processes.

* Assess Third Party Vendors for compliance with contractual agreements and compliance requirements.

* Participate in Internal Controls Testing and interviews with Control Owners.

* Obtain and analyze control process policies, standards and supporting documentation.

* Help identify and track risks and control gaps resulting from assessments and interviews with Third Party Vendors, Control Owners and Business Unit stakeholders or review of supporting documentation.

* Prepare and maintain documentation, reports, process flows and presentations.

* Perform anomaly investigations to identify early warnings of control risk.

For Evaluation and Integration:

* Assist in scoping and planning readiness/external audit work.

* Status reporting and tracking of ongoing assessments.

* Review and assess gaps and gap remediations.

* Participate in readiness/external audit walkthroughs.

* Assist in program process improvements, metrics, and program planning as needed.

ACCOMMODATIONS - If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.


At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits. and are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. and do not accept unsolicited headhunter and agency resumes. and will not pay any third-party agency or company that does not have a signed agreement with or

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.