Product Compliance Engineering - Senior Analyst

Airkit
Airkit

Product, IT, Compliance / Regulatory

Bellevue, WA, USA

Posted on Jul 3, 2026

Description

The Experience

The Global Compliance and Certification (GCC) team is responsible for enterprise-wide compliance processes, ensuring Salesforce leadership has the information needed to make strategic, risk-based decisions. The GCC team is a division within the Product Security Organization, and you'll play a pivotal role in partnering with engineering to translate complex mandates into actionable controls — driving continuous risk mitigation and adherence to Salesforce security frameworks.

We're looking for a compliance professional who is energized by the challenge of making complex regulatory requirements clear and actionable. In this role, you'll get to work across engineering, security, and external auditors to shape how Salesforce maintains its global compliance posture — gaining deep experience in cloud security frameworks and audit execution at scale.

What You'll Actually Be Doing
  • Serve as a cloud compliance subject matter expert, supporting internal and external audits — including leading walkthroughs with external assessors — by ensuring effective control implementation across Salesforce environments aligned with ISO 27001, Service Organization Controls (SOC) 1/2, and other regulatory frameworks.
  • Partner with engineering teams to translate complex compliance frameworks and regulatory mandates into clear, actionable deliverables, ensuring timely remediation and clear leadership reporting on progress and residual risk.
  • Identify opportunities to streamline and automate evidence collection, document detailed process playbooks, and drive operational efficiency and continuous improvement.
  • Collaborate with cross-functional partners to operationalize audit recommendations and enhance overall compliance posture.
  • Automate evidence collection and compliance operations to drive operational efficiency and continuous improvement.


You're Our Person If...
  • You have 4+ years of experience in IT audit or internal controls, managing global compliance assessments in complex environments with a strong focus on cloud and software-as-a-service (SaaS) platforms.
  • You have prior experience with compliance and regulatory standards across industries and geographies, including ISO 27001, SOC, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), Health Information Trust Alliance (HITRUST), Sarbanes-Oxley (SOX), and Federal Risk and Authorization Management Program (FedRAMP).
  • You bring strong analytical and problem-solving skills with the ability to assess risks, recommend solutions, and work independently in a fast-paced regulatory environment.
  • You have strong program and stakeholder management experience, including cross-functional leadership, with excellent organizational and documentation skills.


Even Better If...
  • You have experience with compliance tooling, control testing automation, or audit workflow platforms.
  • You have technical knowledge of hyperscaler environments such as Amazon Web Services (AWS).
  • You hold one or more relevant certifications such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA).

*LI-Y

In the United States, compensation offered will be determined by factors such as location, job level, job-related knowledge, skills, and experience. Certain roles may be eligible for incentive compensation, equity, and benefits. Salesforce offers a variety of benefits to help you live well including: time off programs, medical, dental, vision, mental health support, paid parental leave, life and disability insurance, 401(k), and an employee stock purchasing program. More details about company benefits can be found at the following link: https://www.salesforcebenefits.com.