Risk and Compliance Engineer



Multiple locations
Posted on Saturday, November 18, 2023

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Software Engineering

Job Details

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

Our Security teams support the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most meaningfully, our customers’ data. We take a systemic approach to security and strive to ensure we provide low friction high-impact security across everything we do!

As a key member of the Risk & Compliance Team, you understand that building user trust is essential to Slack’s success. You are passionate about information security, risk management, Sarbanes-Oxley IT General Controls (SOX ITGC), privacy and maintaining customer confidence. You have the focus and organization to champion the adoption of sound security and SOX ITGC practices across all of Slack’s business and engineering teams. You are passionate about learning, building, and sustaining processes to address new regulatory and compliance requirements. In this role, your work will directly impact the way millions of users, teams and businesses get things done. We are seeking a motivated individual that is not only focused on delivering results but does so in a collaborative and courteous manner.


  • Act as the compliance domain expert for Engineering systems to provide leadership in leading ITGC auditing activities, requests and developing responses to audit findings, leading remediation of audit findings.

  • Provide quality assurance of ITGC controls for Engineering to ensure operational effectiveness of those security controls in Engineering.

    • Identify risks and gaps and facilitate remediation

    • Conduct and participate in walkthroughs with engineering collaborators and auditors.

    • Facilitate tests of design and operational effectiveness for key information technology controls.

    • Assist control owners with root cause analysis and supervise risk management action plan progress.

    • Implement issue tracking and resolution process.

    • Deliver risk metrics to management regarding audit performance and findings

  • Assist the performance of security risk assessments to maintain compliance with AICPA Trusted Service Principles and ISO security standards.

  • Assist in the design and implementation of information security compliance controls to address current risks, emerging threats and compliance standards.


  • BA or MA in Computer Science, Information Technology, or equivalent educational or professional experience and/or qualifications

  • 2+ years of experience in auditing and assessing Sarbanes-Oxley (ITGC) controls.

  • Sound understanding of cloud security and control principles including logical access controls, change control, privileged access, segregation of duties, computer operations, network security, vulnerability management, and secure coding.

  • Experience implementing, participating in, or conducting security assessments of compliance programs (e.g. SOC 2, FedRAMP, NIST, ISO 27001/27017/27018, HIPAA, HITRUST, Sarbanes-Oxley ITGC, etc.)

  • Experience leading compliance efforts for Identity and Access Management solutions (E.g. Sailpoint IdentityNow)

  • Ability to work independently

  • Ability to work with multi-functional partners to reach desired outcomes

  • Effective communication with phenomenal interpersonal and presentation skills; ability to translate complex technical issues into simple language that people who are not experts can understand

Bonus Points

  • Hands on information security experience

  • Excellent time management and related organizational skills

  • Understanding of infrastructure technologies including AWS, Chef, Github, Jenkins, etc.

  • CISSP, CISA, or other industry certification


If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at and explore our company benefits at

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.

Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

For Colorado-based roles, the base salary hiring range for this position is $111,400 to $153,300.

For California-based roles, the base salary hiring range for this position is $122,600 to $183,900.Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, benefits. More details about our company benefits can be found at the following link: