Vacancy expired!
Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies.Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Support the creation of a comprehensive risk management and regulatory oversight program, including specifications for product and service design aligned with Oracle Software Security Assurance and Security Architecture. Review specifications. Develop training for GBU development, cloud services, services and operations teams on industry regulatory specifications applicable to their products and services. Execute risk assessments and evaluate risks to the business and develop risk mitigation strategies. Work with members of GBU development, cloud services, services and operations teams to incorporate applicable industry regulatory standards, Oracle security policies and customer-contractual obligations into GBU processes and standards. Coordinate industry and regulatory certifications, including managing certification vendors (e.g., PCI, HIPAA,HITECH, ISO, SOC2). Build security documentation and collateral for customers and internal users allowing security to be a differentiator in this GBUs. Build management level metrics and reporting for activities that are owned by the Risk Manager. Execute a vendor security program.Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. . Ability to travel. 8 plus years experience. BA/BS or advanced degree preferred. 5-7 years work in governance and compliance for a large corporation. CISA, CISM, CISSP, CIPP desired. Strong knowledge of IT auditing and controls, preferable with SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002. Experience with 21 CFR Part 11 and HIPAA. Knowledge and understanding of the delivery process for validated systems; specifically Computer System Validation process or CSV. Have an understanding of security standards and risk management. Experience working in Information Technology, Cloud or managed hosting services. Excellent written and verbal communication skills. Ability to adjust and adapt to changing priorities in a dynamic environment. Technical acumen and the ability to understand and interpret technical specifications. Technical knowledge of Oracle Applications and Database and/or infrastructure components. Project Management skills.Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.Senior Regulatory Compliance EngineerLocation: United States with a preference for Morrisville, NC (must be willing to travel 25% to Morrisville, NC if NOT local)NOTE: We are unable to provide visa sponsorship for this role at this time. No candidates requiring visa sponsorship will be considered.CFS DescriptionCloud Foundation Services (CFS) is a strategic component for providing critical cloud services to multiple Oracle Global Business Unit applications. Oracle Cloud Infrastructure (OCI), Oracle s second generation Infrastructure as a Service (IaaS), provides improved performance and reliability. CFS provides a microservice-driven platform, software delivery tool chain, and a continuous integration/continuous delivery operations model to support high margin, highly elastic, and highly available Software as a Service (SaaS) applications.Team descriptionThe CFS Compliance Engineering is part of the larger CFS Security and Compliance Engineering organization dedicated to the ongoing security of Oracle SaaS applications running in the GBU Cloud Native Environments. Applying expertise and leadership in security compliance, risk management and best practices the CFS Compliance Engineering team collaborates with a variety of other teams within the organization to ensure the CFS Cloud Native environment maintains a sustainable and high-quality approach to managing security compliance.Roles & ResponsibilitiesAs a member of the CFS Compliance Engineering team, you will be responsible for the development, deployment, monitoring and governance of one or more security compliance programs for the Cloud Foundation Services organization. In this security role, you will work closely with other corporate and business stakeholders to apply industry-standard best practices while formalizing programs that support strategic, tactical and operational security objectives of CFS in support of all GBU SaaS applications. As a technically competent self-starter with strong communication and project management skills, you will report to the Director of CFS Compliance Engineering.
Main Responsibilities
Routinely acts as a subject matter expert in one or more compliance frameworks within CFS
Provides technical guidance and leadership to the technical engineers within the organization.
Develop risk management framework information assurance documentation
Help in evaluating relevant global standards, compliance frameworks and regulations to analyze existing controls; identify areas for improvement; and design control growth
Help support internal/external audits and evidence collection
Participate in defining, collecting and tracking various Security Metrics
Write knowledge base documents to improve operations, SOP and overall compliance goals
General Qualifications
5-7 years cyber security, information security or information assurance experience
3-5 years of hands-on experience with, and a strong understanding of, several regulatory compliance frameworks such as GDPR, ISO, SOC1/2, PCI-DSS, HIPAA and FedRAMP
Experience securing cloud-based systems and solutions
Strong understanding of security best practices related to Network, Deployments, Systems and applications
Strong understanding of authentication and security protocols, cryptography, and application security
Knowledge of security tools and solutions such as Firewalls, IPS, Encryption and security monitoring, etc.
Experience in developing, reviewing, updating system documentation in support of compliance efforts
Strong understanding of software development lifecycles and modern cloud environments
Ability to multitask and handle changing priorities
Ability to work well under pressure and to meet tight deadlines
High level of motivation, confidence, integrity and responsibility
Strong analytical and critical thinking skills.
Strong organizational, written and verbal communication skills; ability to present analysis and conclusions with clarity and professionalism with all levels of management
Ability to work closely with cross-functional stakeholders
BS or MS in either Information Security, Computer Science, Information Management Systems, or related field or equivalent work experience
Preferred Qualifications
Knowledge of modern microservices architectures and technology (like Docker, Kubernetes, etc.)
Knowledge of network protocols (e.g., TCP/IP, UDP, DHCP, DNS, HTTP, HTTPS)
Experience working with Agile teams and DevOps models
Experience with secure coding standards
Experience working with at least two of the following languages (Python, Golang, Perl or Java)
Job: Business OperationsOrganization: OracleTitle: Senior Regulatory Compliance SpecialistLocation: United StatesRequisition ID: 19001COF
