Enterprise Security BISO

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.
Job Category

Enterprise Technology & Infrastructure

Job Details

About Salesforce
Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword — it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place Agentforce is the future of AI, and you are the future of Salesforce.

Job Title: Enterprise Security BISO - Director (IC)
About The Role
The Business Information Security Officer - Director role is part of our Enterprise Security Team. This role will act as a pivotal liaison between the Enterprise Security team and technology business units, ensuring alignment of security controls, policies, and strategies with organizational goals. To drive reduction of risk throughout the enterprise, this role requires both a strategic lens, as well as an engineering mindset, including technical knowledge in secure development and architecture. As an individual contributor, the BISO will drive security initiatives, ensure foundational control compliance, influence strategic investment opportunities and policy changes, and provide strategic guidance to their assigned business units.

Your Impact - Responsibilities

• Strategic Security Alignment: Partner with business units to integrate cybersecurity strategies into business processes, ensuring alignment with organizational objectives and risk tolerance through secure-by-design integration. Embed security into business unit roadmaps by reviewing PRDs, architectural diagrams and CI/CD pipelines in real time; reject weak patterns (i.e. default-deny not enforced, secrets in code).
• Risk Management and Compliance: Conduct technology tier 3 risk assessments, identify security control gaps, and develop mitigation strategies in alignment with industry standards. Manage stakeholder expectations and cybersecurity risk for the Business units.
• Security Architecture Oversight: Provide technical guidance on secure development patterns. For example, basic guidance understanding of firewalls, intrusion detection/prevention systems (IDS/IPS), SDLC, threat modeling, secure authentication and authorization and endpoint detection and response (EDR), and security information and event management (SIEM) systems. . Embed security into business unit roadmaps by reviewing PRDs, architectural diagrams and CI/CD pipelines in real time, rejecting weak patterns (i.e. default-deny not enforced, secrets in code).
• Policy Development and Governance: Refine, and enforce security policies, standards, and procedures, which are applicable to the enterprise environment, ensuring compliance with regulations and emerging risks. Own risk evaluation of security policy exceptions within the assigned BUs.
• Strategic Security Remediation Risk Prioritization: Lead the coordination of security remediation efforts for business units, through a risk register which helps prioritize all work (bugs, transformational initiatives, compliance findings, etc) during sprint planning.
• Stakeholder Relationship Management: Build and maintain strong relationships with business leaders, IT teams, and external partners to foster a culture of security awareness and collaboration. Influence strategic security investment decision-making without direct authority and work effectively across different teams and at all levels.Influence leadership when strategic investments are needed.
• Security Awareness and Training: Develop and deliver tailored security awareness programs for business units as applicable, promoting best practices in areas such as phishing prevention and secure data handling, when needed.
• Security Posture Analytics: Create dashboards for KPIs and KRIs that highlight actionable insights (e.g., vulnerability trends triggering automated alerts), presenting to leadership to inform business unit wide security improvements.
• Metrics and Reporting: Develop and present key performance indicators (KPIs) and key risk indicators (KRIs) to senior leadership, providing insights into the organization's security posture.

Minimum Qualifications

• Education: Bachelor's degree in Computer Science, Information Security, or a related field;

• Experience:

• 10+ years in cybersecurity, including at least 5 years advising on technical security outcomes in business-aligned contexts with at least 5 years in a senior-level role focusing on business-aligned security strategy.

• Proven experience as an individual contributor in a high-impact, leadership role within a complex enterprise environment.
• Deep understanding of security principles across all tech layers, including cloud platforms (AWS, Azure, GCP), infrastructure security (network, endpoint, IAM), application security (SAST, DAST, secure coding), and third-party risk management frameworks.Deep technical expertise applying security principles across all tech layers, including cloud security (AWS, Azure, GCP), network security, encryption protocols (e.g., TLS, AES), and identity and access management (IAM) solutions through practical advisory engagements and understanding security principles across the corresponding infrastructure, including cloud security (AWS, Azure, GCP), network security, encryption protocols (e.g., TLS, AES), and identity and access management (IAM) solutions.

• Proven understanding of security and compliance frameworks (e.g. NIST CSF, ISO 270001/2, etc)

• Technical Skills:

• Hands on experience performing threat modeling and providing guidance around technical security controls such as authentication, RBAC, and data protection.

• Proficiency with security tools such as SIEM (e.g., Splunk, QRadar), EDR (e.g., CrowdStrike, SentinelOne), IAM Solutions (Okta, Sailpoint), and vulnerability management platforms (e.g., Qualys, Tenable).
• Strong understanding of secure software development lifecycle (SDLC) and DevSecOps practices to guide integration of SAST/DAST scans into pipelines, collaborating on remediation workflows .
• Experience with zero trust architecture and multi-factor authentication (MFA) implementations.

• Familiarity with advanced security technologies such as container security, microservices security, cryptography and AI/ML security applications to assess risks like prompt injection in models or encrypted data flows.

• Process and Relationship Skills:

• Exceptional ability to translate complex technical concepts into business-friendly language for non-technical stakeholders.

• Strong project management skills, with experience leading cross-functional initiatives.
• Proven track record of building trusted relationships with C-suite executives, business unit leaders, and technical teams through advisory support during high-stakes security incidents.
• Strong executive presence and the ability to articulate technical security concepts in a business/risk context.Proven experience influencing stakeholders to invest in strategic security initiatives to buy down risk.

• Excellent communication and presentation skills, with the ability to influence and drive consensus across diverse groups.

• Industry Knowledge: Deep understanding of current cybersecurity trends, threat landscapes, and regulatory requirements specific to the technology industry to inform proactive advisory on emerging risks like supply chain vulnerabilities.

Preferred Qualifications

• Certifications: CISSP, CCSP, CISM, CRISC, CISA, or equivalent certifications are highly desirable.
• Strategic thinker with a proactive, risk-based approach to cybersecurity.
• Ability to work independently, prioritize tasks, and deliver results in a fast-paced environment.
• Strong problem-solving skills and a passion for staying ahead of evolving cyber threats.
• Experience in a regulated industry with a focus on compliance and governance, mapping controls to technical advisory outputs.
• Experience managing risk across AI and SaaS ecosystems..

Unleash Your Potential

When you join Salesforce, you'll be limitless in all areas of your life. Our benefits and resources support you to find balance and
be your best
, and our AI agents accelerate your impact so you can
do your best
. Together, we'll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future — but to redefine what's possible — for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. And we believe we can lead the path to equality in part by creating a workplace that's inclusive, and free from discrimination. Know your rights: workplace discrimination is illegal. Any employee or potential employee will be assessed on the basis of merit, competence and qualifications – without regard to race, religion, color, national origin, sex, sexual orientation, gender expression or identity, transgender status, age, disability, veteran or marital status, political viewpoint, or other classifications protected by law. This policy applies to current and prospective employees, no matter where they are in their Salesforce employment journey. It also applies to recruiting, hiring, job assignment, compensation, promotion, benefits, training, assessment of job performance, discipline, termination, and everything in between. Recruiting, hiring, and promotion decisions at Salesforce are fair and based on merit. The same goes for compensation, benefits, promotions, transfers, reduction in workforce, recall, training, and education.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

For New York-based roles, the base salary hiring range for this position is $230,800 to $334,600.

For Washington-based roles, the base salary hiring range for this position is $211,500 to $306,600.

For California-based roles, the base salary hiring range for this position is $230,800 to $334,600.