Summer 2021 Intern - Security GRC Analyst
Location: San Francisco
Posted on: October 19, 2020
To get the best candidate experience, please consider applying
for a maximum of 3 roles within 12 months to ensure you are not
SUMMER 2021 INTERN - SECURITY GRC ANALYST
Governance Risk and Compliance (GRC) Team provides the full range
of GRC services to the organization. These services include policy
and standards creation and management, compliance readiness, risk
assessments, vendor assessments and issues and exceptions
The intern on the team may work on a variety of different projects,
depending on the team within GRC, including: conducting audit
fieldwork, coordinating and following up on risk assessments with
technical teams, managing issues and exceptions, and contributing
to the improvement of our ISO program and GRC data automation
processes. This requires technical background knowledge and the
ability to learn new technical concepts and apply risk and control
framework knowledge. This also requires exceptional analytical,
verbal and written communications skills and an ability to create
and foster strong relationships with cross-functional partners.
* Pursuing a BS/MS in Information Security or related degree
* Basic knowledge in security governance, risk and compliance
frameworks and management
* Ability to communicate and work collaboratively with multiple
levels in the technology organization
* Excellent interpersonal and relationship skills
* Excellent presentation, facilitation and communication skills
* Execution oriented and a self-motivator
* Excellent documentation skills for all tasks
* Ability to work alone, in a group, and with guidance to make
* Ability to think critically and analyze problems
* Able to articulate situation, challenges, risks, and see
intersection of compliance impacts
* Knowledge and exposure to Information Technology compliance and
risk management frameworks (NIST 800-53, ISO Annex A controls, SOC
2 Control Criteria, etc.)
* Security knowledge (OWASP top 10, etc.)
* Exposure to Information Technology Auditing
* Exposure to enterprise GRC tools (Metricstream, Archer, etc.)
* Maintains an up-to-date understanding of industry best
* Exposure to Agile practices and tooling (Jira, etc.)
* Demonstrate security interest and willingness to grow GRC focus
areas (e.g. certifications)
For GRC Orchestration team:
* Participate in Security Risk Assessment workshops and interviews
with technical teams, engineers and developers.
* Investigate, process Security Issues and Exceptions and provide
visibility to leadership.
* Coordinate with Security Assurance, Control Owners, Business
units/stakeholders on Corrective action plan, follow up, validation
and resolution of issues, exceptions and extensions identified.
* Supports service-level agreements (SLAs) to ensure that security
controls are managed and maintained.
* Review corrective action plans provided by the stakeholders.
* Collaborate with design team to improve the efficiency of IEM/RM
* Document risks and control gaps resulting from workshops and
interviews with technical teams, engineers and developers or review
of supporting documentation.
* Prepare and maintain reports, dashboards, process flows and
presentations in a timely and accurate manner.
For GRC Compliance:
* Participate in compliance external audits with control owners and
business units/stakeholders to support the timely and high-quality
execution of certification programs.
* Obtain and analyze control process policies, standards and
* Identify and documents areas of gaps or risks in existing control
processes and work to develop solutions with internal business
* Build strong relationships with business partners and help
facilitate continuous improvement aligned with operational
* Collaborate with team to effectively communicate program
execution status, key accomplishments, and risks to management both
within GRC and to our business partners.
For GRC Policy and Governance:
* Work with Engineering teams to figure out how to deliver security
requirements within their tools in a usable and meaningful way
* Identify areas of improvement for how information security
standards are structured and managed to increase usability and ease
of use from end user feedback
* Create dashboard to help manage and provide visibility into the
current state of the Salesforce ISMS program
* Determine areas for automation and process improvement in the
Security Steering Committee Program
* Perform root cause analysis of security requirement failures and
create action plans for improvement areas
For Controls Assurance:
* Participate in Third Party Vendor Assessments and coordinate with
third party vendors, Control Owners and Business Units/stakeholders
on control processes.
* Assess Third Party Vendors for compliance with contractual
agreements and compliance requirements.
* Participate in Internal Controls Testing and interviews with
* Obtain and analyze control process policies, standards and
* Help identify and track risks and control gaps resulting from
assessments and interviews with Third Party Vendors, Control Owners
and Business Unit stakeholders or review of supporting
* Prepare and maintain documentation, reports, process flows and
* Perform anomaly investigations to identify early warnings of
For Evaluation and Integration:
* Assist in scoping and planning readiness/external audit work.
* Status reporting and tracking of ongoing assessments.
* Review and assess gaps and gap remediations.
* Participate in readiness/external audit walkthroughs.
* Assist in program process improvements, metrics, and program
planning as needed.
ACCOMMODATIONS - If you require assistance due to a disability
applying for open positions please submit a request via this
Accommodations Request Form.
At Salesforce we believe that the business of business is to
improve the state of our world. Each of us has a responsibility to
drive Equality in our communities and workplaces. We are committed
to creating a workforce that reflects society through inclusive
programs and initiatives such as equal pay, employee resource
groups, inclusive benefits, and more. Learn more about Equality at
Salesforce and explore our benefits.
Salesforce.com and Salesforce.org are Equal Employment Opportunity
and Affirmative Action Employers. Qualified applicants will receive
consideration for employment without regard to race, color,
religion, sex, sexual orientation, gender perception or identity,
national origin, age, marital status, protected veteran status, or
disability status. Salesforce.com and Salesforce.org do not accept
unsolicited headhunter and agency resumes. Salesforce.com and
Salesforce.org will not pay any third-party agency or company that
does not have a signed agreement with Salesfore.com or
Salesforce welcomes all.
Pursuant to the San Francisco Fair Chance Ordinance and the Los
Angeles Fair Chance Initiative for Hiring, Salesforce will consider
for employment qualified applicants with arrest and conviction
Keywords: Salesforce.com, San Francisco , Summer 2021 Intern - Security GRC Analyst, Professions , San Francisco, California
Didn't find what you're looking for? Search again!