Director - Cyber Security, and Compliance Strategist, APJC

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Job Details

About Salesforce

We’re Salesforce, the Customer Company, inspiring the future of business with AI+ Data +CRM. Leading with our core values, we help companies across every industry blaze new trails and connect with customers in a whole new way. And, we empower you to be a Trailblazer, too — driving your performance and career growth, charting new paths, and improving the state of the world. If you believe in business as the greatest platform for change and in companies doing well and doing good – you’ve come to the right place.

We are seeking a highly skilled and strategic Director, Cyber Security & Compliance Strategist (APJC) who will be responsible for engaging with our external auditors and regulatory bodies throughout the APJC region and appropriate internal stakeholders. This role will report to the Vice President of Global Compliance and Certification. This strategic role will be instrumental in driving our cybersecurity compliance efforts across this region.

The successful candidate will play a pivotal role in our efforts to  foster trust, ensure compliance, and shape the evolving cybersecurity landscape in Japan and throughout the APJC region by ensuring the Salesforce product certification roadmap is reviewed and updated, as necessary.  This individual must be fluent in Japanese and English, with additional Asian languages being a plus.

The role requires a deep understanding of commercial and regulatory compliance, as well as cybersecurity concepts. Familiarity with ISMAP (Information System Security Management and Assessment Program) and the experience to handle ISMAP audits using a Common Controls Framework is essential. Knowledge about other regional & global certifications like AICPA SOC, ISO27001, Korean CSAP, MTCS (China), Saudi KSA, PCI, NIST, and others is an added advantage.

Key Responsibilities: 

• Partner with and enable the customer trust and security enablement teams’ ability to communicate our company's robust cybersecurity practices and commitment to trust and compliance to our customers.

• Build and maintain strong relationships with customers via customer trust and security enablement to understand and address their cybersecurity concerns and ensure their satisfaction.

• Represent the company with regulators and various cybersecurity and compliance policy working groups, and act as the voice of Salesforce in these settings to help shape the development of new cybersecurity regulations throughout the APJC region.

• Provide timely advice to the company on compliance requirements by staying abreast of the evolving regulatory landscape.

• Devise strategies to effectively meet and exceed regulatory expectations and advise business units.on how best to implement these strategies for optimal outcomes.

• Enable compliance thought leadership: help build written and recorded collateral and speak at industry events to proactively build the company's security & compliance brand within Asia region and abroad.

• Develop and implement comprehensive cybersecurity compliance programs and policies that align with global standards and local regulations.

• Partner and advise the APJC Global Compliance Certification team and various engineering teams to drive the ISMAP and other regional audits in a streamlined and efficient manner 

• Support the development or refresh of required certification artifacts, including an effective ISMS, risk assessment strategy, and security policies and standards. 

• Liaison with external auditors and internal teams to support certification audits. 

• Monitor and report on compliance status to executive leadership.

• Demonstrate a solid understanding of commercial compliance, regulatory compliance, and cybersecurity concepts.

• Stay updated on emerging cybersecurity threats and best practices.

Required Qualifications:

• At least 5-10 years of experience in security or compliance management roles

• Track record of building and aligning teams to organizational compliance needs.

• Fluent in Japanese and English is a must (additional Asian languages are a plus).

• Bachelor's degree in Information Security, Computer Science, or a related field; advanced degrees or relevant certifications (e.g., CISSP, CISM) are preferred.

• Deep understanding of commercial and regulatory compliance, cybersecurity concepts, and industry best practices.

• Proven ability to develop and implement strategic initiatives that align with business objectives.

• Experience in handling ISMAP audits and certification processes.

• Hands on experience with AWS and other cloud environments

• Experience with security policy, standards, and controls definition

• Excellent communication and interpersonal skills, with the ability to engage effectively with customers, regulators, and internal teams.

• Strong understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework).

• Strong leadership and team management skills, with a track record of building and leading high-performing teams.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form.

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.

Salesforce is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.