To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

About Salesforce

Salesforce is the #1 AI CRM, where humans with agents drive customer success together. Here, ambition meets action. Tech meets trust. And innovation isn't a buzzword - it's a way of life. The world of work as we know it is changing and we're looking for Trailblazers who are passionate about bettering business and the world through AI, driving innovation, and keeping Salesforce's core values at the heart of it all.

Ready to level-up your career at the company leading workforce transformation in the agentic era? You're in the right place! Agentforce is the future of AI, and you are the future of Salesforce.

Job Title

Enterprise Security BISO - Director (IC)

Location

California - San Francisco; Indiana - Indianapolis; Virginia - McLean; Washington - Seattle; New York - New York; Texas - Dallas

About the Role

The Business Information Security Officer - Director role is part of our Enterprise Security Team. This role will act as a pivotal liaison between the Enterprise Security team and technology business units, ensuring alignment of security controls, policies, and strategies with organizational goals. As an individual contributor, the BISO will drive security initiatives, ensure foundational control compliance, influence strategic investment opportunities and policy changes, and provide strategic guidance to their assigned business units.

Responsibilities

• Strategic Security Alignment: Partner with business units to integrate cybersecurity strategies into business processes, ensuring alignment with organizational objectives and risk tolerance.
• Risk Management and Compliance: Conduct risk assessments, identify control gaps, and develop mitigation strategies in alignment with industry standards.
• Security Architecture Oversight: Provide technical guidance on secure development patterns. Basic understanding of firewalls, IDS/IPS, EDR, and SIEM systems.
• Policy Development and Governance: Refine, and enforce security policies, standards, and procedures, applicable to the enterprise environment, ensuring compliance with regulations and emerging risks.
• Strategic Security Risk Prioritization: Lead the coordination of security remediation efforts for business units, through a risk register to prioritize work (bugs, transformational initiatives, compliance findings, etc).
• Stakeholder Relationship Management: Build and maintain strong relationships with business leaders, IT teams, and external partners to foster security awareness and collaboration. Influence leadership when strategic investments are needed.
• Security Awareness and Training: Develop and deliver tailored security awareness programs for business units, promoting best practices in phishing prevention and secure data handling, when needed.
• Metrics and Reporting: Develop and present KPIs and KRIs to senior leadership, providing insights into the organization’s security posture.

Minimum Qualifications

• Education: Bachelor's degree in Computer Science, Information Security, or a related field.
• Experience: 10+ years in cybersecurity, with at least 5 years in a senior-level role focusing on business-aligned security strategy.
• Proven experience as an individual contributor in a high-impact, director-level role within a complex enterprise environment.
• Deep technical expertise in security across infrastructure, including cloud security (AWS, Azure, GCP), network security, encryption protocols (e.g., TLS, AES), and IAM solutions.
• Proven understanding of security and compliance frameworks (e.g. NIST CSF, ISO 27001/2).

Technical Skills

• Proficiency with security tools such as SIEM (e.g., Splunk, QRadar), EDR (e.g., CrowdStrike, SentinelOne), and vulnerability management platforms (e.g., Qualys, Tenable).
• Strong understanding of secure SDLC and DevSecOps practices.
• Experience with zero trust architecture and MFA implementations.

Process and Relationship Skills

• Exceptional ability to translate complex technical concepts into business-friendly language for non-technical stakeholders.
• Strong project management skills with experience leading cross-functional initiatives.
• Proven track record of building trusted relationships with C-suite executives, business unit leaders, and technical teams.
• Proven experience influencing stakeholders to invest in strategic security initiatives to reduce risk.
• Excellent communication and presentation skills with the ability to influence and drive consensus across diverse groups.

Industry Knowledge

Deep understanding of current cybersecurity trends, threat landscapes, and regulatory requirements specific to the technology industry.

Preferred Qualifications

• Certifications: CISSP, CISM, CRISC, CISA, or equivalent certifications are highly desirable.
• Strategic thinker with a proactive, risk-based approach to cybersecurity.
• Ability to work independently, prioritize tasks, and deliver results in a fast-paced environment.
• Strong problem-solving skills and a passion for staying ahead of evolving cyber threats.
• Experience in a regulated industry with a focus on compliance and governance.
• Experience managing risk across AI and SaaS ecosystems.

Unleash Your Potential

When you join Salesforce, you\'ll be limitless in all areas of your life. Our benefits and resources support you to find balance and be your best, and our AI agents accelerate your impact so you can do your best. Together, we\'ll bring the power of Agentforce to organizations of all sizes and deliver amazing experiences that customers love. Apply today to not only shape the future - but to redefine what\'s possible - for yourself, for AI, and the world.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

Salesforce is an equal opportunity employer and maintains a policy of non-discrimination with all employees and applicants for employment. What does that mean exactly? It means that at Salesforce, we believe in equality for all. We believe we can lead the path to equality by creating an inclusive, discrimination-free workplace. Know your rights: workplace discrimination is illegal. All hiring decisions are based on merit and qualifications.,

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits including time off, medical/dental/vision, mental health support, parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. Details at: https://www.salesforcebenefits.com. This text also covers Fair Chance considerations where applicable and salary ranges by location as noted in the job posting.