Skip to main content

Director - Cyber Security, and Compliance Strategist, APJC

a couple of women smiling

Description

We are seeking a highly skilled and strategic Director, Cyber Security & Compliance Strategist (APJC) who will be responsible for engaging with our external auditors and regulatory bodies throughout the APJC region and appropriate internal stakeholders. This role will report to the Vice President of Global Compliance and Certification. This strategic role will be instrumental in driving our cybersecurity compliance efforts across this region.

The successful candidate will play a pivotal role in our efforts to foster trust, ensure compliance, and shape the evolving cybersecurity landscape in Japan and throughout the APJC region by ensuring the Salesforce product certification roadmap is reviewed and updated, as necessary. This individual must be fluent in Japanese and English, with additional Asian languages being a plus.

The role requires a deep understanding of commercial and regulatory compliance, as well as cybersecurity concepts. Familiarity with ISMAP (Information System Security Management and Assessment Program) and the experience to handle ISMAP audits using a Common Controls Framework is essential. Knowledge about other regional & global certifications like AICPA SOC, ISO27001, Korean CSAP, MTCS (China), Saudi KSA, PCI, NIST, and others is an added advantage.

Key Responsibilities:

  • Partner with and enable the customer trust and security enablement teams’ ability to communicate our company's robust cybersecurity practices and commitment to trust and compliance to our customers.

  • Build and maintain strong relationships with customers via customer trust and security enablement to understand and address their cybersecurity concerns and ensure their satisfaction.

  • Represent the company with regulators and various cybersecurity and compliance policy working groups, and act as the voice of Salesforce in these settings to help shape the development of new cybersecurity regulations throughout the APJC region.

  • Provide timely advice to the company on compliance requirements by staying abreast of the evolving regulatory landscape.

  • Devise strategies to effectively meet and exceed regulatory expectations and advise business units.on how best to implement these strategies for optimal outcomes.

  • Enable compliance thought leadership: help build written and recorded collateral and speak at industry events to proactively build the company's security & compliance brand within Asia region and abroad.

  • Develop and implement comprehensive cybersecurity compliance programs and policies that align with global standards and local regulations.

  • Partner and advise the APJC Global Compliance Certification team and various engineering teams to drive the ISMAP and other regional audits in a streamlined and efficient manner

  • Support the development or refresh of required certification artifacts, including an effective ISMS, risk assessment strategy, and security policies and standards.

  • Liaison with external auditors and internal teams to support certification audits.

  • Monitor and report on compliance status to executive leadership.

  • Demonstrate a solid understanding of commercial compliance, regulatory compliance, and cybersecurity concepts.

  • Stay updated on emerging cybersecurity threats and best practices.


Required Qualifications:

  • At least 5-10 years of experience in security or compliance management roles

  • Track record of building and aligning teams to organizational compliance needs.

  • Fluent in Japanese and English is a must (additional Asian languages are a plus).

  • Bachelor's degree in Information Security, Computer Science, or a related field; advanced degrees or relevant certifications (e.g., CISSP, CISM) are preferred.

  • Deep understanding of commercial and regulatory compliance, cybersecurity concepts, and industry best practices.

  • Proven ability to develop and implement strategic initiatives that align with business objectives.

  • Experience in handling ISMAP audits and certification processes.

  • Hands on experience with AWS and other cloud environments

  • Experience with security policy, standards, and controls definition

  • Excellent communication and interpersonal skills, with the ability to engage effectively with customers, regulators, and internal teams.

  • Strong understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework).

  • Strong leadership and team management skills, with a track record of building and leading high-performing teams.

At Salesforce, we strive to create an accessible and inclusive experience for all candidates.

If you need a reasonable accommodation during the application or the recruiting process, please submit a request via this Accommodation Request Form.

Please note that Salesforce uses an automated employment decision tool to help our recruiters assess and evaluate candidates’ resumes. If you do not want Salesforce to use this tool with your application, please submit a request via this form.

Equal Opportunity Statement.

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at www.equality.com and explore our company benefits at www.salesforcebenefits.com.

Salesforce is an equal employment opportunity and affirmative action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Know your rights: workplace discrimination is illegal. Salesforce does not accept unsolicited headhunter and agency resumes. Salesforce will not pay any third-party agency or company that does not have a signed agreement with Salesforce.

Salesforce welcomes all.

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.

We can't wait to meet you!

Join our Talent Community and be the first to know about open roles, career tips, events happening near you, and much more.

Join our Talent Community
a group of cartoon characters