Principal Security Analyst Security, Risk and Regulatory Compliance - Oracle Global Business Units Position Description
This senior position in the Security, Risk Management and Regulatory Compliance team will have responsibility for assuring that the GBUs' Development, Cloud Operations and Services teams properly manage regulatory requirements related to the design, development, deployment and post-deployment of products and services.
The position will drive the development and implement a comprehensive risk management and regulatory compliance strategy across the GBUs to optimize and continuously improve the information security of the GBU products and services. The role requires coordination between the GBUs' Development, Cloud Services, Services, and Operations teams and Oracle's centralized Corporate Security Group and Oracle Legal organizations.
This team will ensure that the IT environment implements, demonstrates and continuously monitors the controls required to meet key security frameworks and regulatory requirements including ISO 2700x, PCI DSS, HIPAA and SSAE 16 as required by the GBUs. Responsibilities
- Build a world class security and compliance program to support a heterogeneous group of businesses
- Collaborate with LoB security leaders to ensure awareness and consistency in approach and delivery
- Facilitate third party attestations, audits and certification efforts for the GBUs
- Develop customer facing documentation that describe the security and compliance across the GBUs including Oracle Cloud for Industry
- Assess the Cloud compliance and security landscape to keep OCI controls current with industry standards
- Interface with corporate groups including Corporate, Privacy and Security legal and Internal audit to ensure compliance with policy
- Lead project team members and formalize risks and key controls associated with significant Oracle Cloud for Industry and GBU processes
- Manage the vendor security program for the GBUs, facilitate vendor security assessments as required
- Coordinate audit testing, documentation, self-assessment testing and remediation activities.
- Make recommendations to correct deficiencies identified during the various audits.
- Perform the role of compliance consultant and subject matter expert for the Oracle GBUs to help them improve their control environment as necessary
- Manage project functions including project scheduling, tracking, communications, and controlling to ensure project meets its' aim on schedule
- Respond to security related requests and RFPs
- Bachelor Degree or equivalent
- CISA, CISM, CISSP, CIPP desired
- 10 years related experience
- Formal training in project management
- Fluency & extensive experience IT auditing and controls, preferable with SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002
- Strong working knowledge of IT processes and IT infrastructure
- Proven ability to combine business acumen, technical acumen and process expertise to define control requirements for SSAE 16 SOC 1 & SOC 2, PCI, ISO 27002 •Demonstrated success in leading, controlling, & completing IT projects
- Proven ability to influence & gain buy-in at multiple levels, across divisions, functions and cultures; comfort working with executive level management
- Demonstrated ability to achieve results through cross-functional, virtual teams
- Ability to prioritize, manage, and deliver on multiple projects simultaneously; highly motivated and able to work against aggressive schedules
- Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, fast-pace environment
- Superior communication skills (interpersonal, verbal, presentation written, email)
- Positive attitude, team player, self-starter; takes initiative, ability to work independently
- Discretion in handling confidential information
Strongly prefer candidates based in DC / MD / VA areas, or Orlando FL area, or Boston, MA. Open to considering candidates based in any US location. Travel Component:
Minimal (0 - 10%)
As part of Oracle's employment process candidates will be required to complete a pre-employment screening process, prior to an offer being made. This will involve identity and employment verification, salary verification, professional references, education verification and professional qualifications and memberships (if applicable).
Oracle Supports Workforce DiversityQualifications:
Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.
Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems. Maintains the company's firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Prefer 8 years relevant experience and BA/BS degree.Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.