Description
We are seeking a highly skilled and strategic Director, Cyber Security & Compliance Strategist (APJC) who will be responsible for engaging with our external auditors and regulatory bodies throughout the APJC region and appropriate internal stakeholders. This role will report to the Vice President of Global Compliance and Certification. This strategic role will be instrumental in driving our cybersecurity compliance efforts across this region.
The successful candidate will play a pivotal role in our efforts to foster trust, ensure compliance, and shape the evolving cybersecurity landscape in Japan and throughout the APJC region by ensuring the Salesforce product certification roadmap is reviewed and updated, as necessary. This individual must be fluent in Japanese and English, with additional Asian languages being a plus.
The role requires a deep understanding of commercial and regulatory compliance, as well as cybersecurity concepts. Familiarity with ISMAP (Information System Security Management and Assessment Program) and the experience to handle ISMAP audits using a Common Controls Framework is essential. Knowledge about other regional & global certifications like AICPA SOC, ISO27001, Korean CSAP, MTCS (China), Saudi KSA, PCI, NIST, and others is an added advantage.
Key Responsibilities:
Partner with and enable the customer trust and security enablement teams’ ability to communicate our company's robust cybersecurity practices and commitment to trust and compliance to our customers.
Build and maintain strong relationships with customers via customer trust and security enablement to understand and address their cybersecurity concerns and ensure their satisfaction.
Represent the company with regulators and various cybersecurity and compliance policy working groups, and act as the voice of Salesforce in these settings to help shape the development of new cybersecurity regulations throughout the APJC region.
Provide timely advice to the company on compliance requirements by staying abreast of the evolving regulatory landscape.
Devise strategies to effectively meet and exceed regulatory expectations and advise business units.on how best to implement these strategies for optimal outcomes.
Enable compliance thought leadership: help build written and recorded collateral and speak at industry events to proactively build the company's security & compliance brand within Asia region and abroad.
Develop and implement comprehensive cybersecurity compliance programs and policies that align with global standards and local regulations.
Partner and advise the APJC Global Compliance Certification team and various engineering teams to drive the ISMAP and other regional audits in a streamlined and efficient manner
Support the development or refresh of required certification artifacts, including an effective ISMS, risk assessment strategy, and security policies and standards.
Liaison with external auditors and internal teams to support certification audits.
Monitor and report on compliance status to executive leadership.
Demonstrate a solid understanding of commercial compliance, regulatory compliance, and cybersecurity concepts.
Stay updated on emerging cybersecurity threats and best practices.
Required Qualifications:
At least 5-10 years of experience in security or compliance management roles
Track record of building and aligning teams to organizational compliance needs.
Fluent in Japanese and English is a must (additional Asian languages are a plus).
Bachelor's degree in Information Security, Computer Science, or a related field; advanced degrees or relevant certifications (e.g., CISSP, CISM) are preferred.
Deep understanding of commercial and regulatory compliance, cybersecurity concepts, and industry best practices.
Proven ability to develop and implement strategic initiatives that align with business objectives.
Experience in handling ISMAP audits and certification processes.
Hands on experience with AWS and other cloud environments
Experience with security policy, standards, and controls definition
Excellent communication and interpersonal skills, with the ability to engage effectively with customers, regulators, and internal teams.
Strong understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST Cybersecurity Framework).
Strong leadership and team management skills, with a track record of building and leading high-performing teams.