IT Security Analyst 4
Employment Type: Full-Time
Principal Security and Compliance Analyst (IC4)
Oracle SaaS Compliance
This is a new position as a SaaS Compliance Program Lead as part of our Americas Commercial Audit Program Management.
The Oracle SaaS Compliance team ensures the security and compliance of Oracle Cloud Services by verifying teams follow regulations, policy, standards, and best practices. The Compliance team assist Service teams through assessment, audit or certification. We also support compliance operations and continuous monitoring of cloud-based security infrastructure, and support customer compliance inquiries.
Successful candidates for this role must be very comfortable taking a leadership role with regulatory compliance in a fast-paced organization. Candidates will be expected to successfully manage an audit program portfolio for SOC, Healthcare (HIPAA, HITRUST), Finance (PCI), or SaaS@Customer to support and maintain existing audit compliance efforts and regulatory compliance obligations, and to support program improvements and opportunities.
Primary responsibilities of this role will include: Leads and manages SOC, Financial, Healthcare, SaaS@Customer and potentially other audit assessments/certifications, documentation, conducts analysis of control weaknesses and reports results on a continuous basis; Plans, leads, and executes audit engagements with third-party auditors Evaluates the effectiveness of the internal controls, business processes, and corresponding evidence, in alignment with industry and regulatory requirements and expectations Creates and complete projects to assist in improving organizational efficiency and effectiveness, and minimize organizational impact and risk Provides high quality, professional day-to-day execution of audit engagements Conduct business process reviews to both assess the efficiency and effectiveness of operations as well as evaluate the design and operating effectiveness of internal controls Conduct interactions with third party auditors that exhibits control understanding and confidence Develop audit programs, working papers, and reports Effectively communicate audit status to executive leadership Communicates within the team autonomously and drives the communications across partner teams Drives clearly defined intra-team issues to resolution Drives project scheduling, tracking, and communications independently Learns actively and quickly; empowered to update and enhance current audit processes, tooling, and documentation Significantly contributes to the tooling and processes that are being built to scale compliance for an entire global cloud Coordinates and facilitates audit preparation and “in audit” activities. Evaluates regulatory compliance requirements and engages with a variety of cross functional teams; Consults with internal teams on engineering designs and development of cloud-based systems; Evaluates and provides reasonable assurance that risk management, control requirements, and governance systems are functioning as intended and will enable the organization’s objectives and goals to be met; Reports risks of internal control deficiencies and provides recommendations for improving the organization’s operations, in terms of both efficient and effective performance; Evaluates information security and associated risk exposures; Evaluates regulatory compliance program with consultation from legal counsel; Evaluates the Service’s audit readiness; Maintains open communication with management and teams across Oracle Cloud Operations; Engages with other internal and external strategic resources as appropriate; Evaluates applicable global standards & compliance frameworks to establish internal standards, guidelines, policies, processes, and procedures; Designs, develops and publishes internal program frameworks, checklists, and procedures using creative publishing and editing software tools; Systematically and comprehensively documents the Cloud Service’s compliance program; Other duties as assigned;
The ideal candidate will have the following skills: Significant experience in control assessment and audit for financial and operational controls In-depth knowledge of industry and regulatory compliance standards Proven ability to combine business acumen, technical acumen, and process expertise to assess requirements and alignment Possesses ability to explain complex topics to audiences with no auditing experience Demonstrated ability to use multiple avenues of communication (verbal, written, ticketing, messaging, etc.) Ability to prioritize, manage, and deliver on multiple tasks simultaneously and ability to partner with management in support of key initiatives and projects Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, agile, and fast-paced environment Motivated to accomplish goals and objectives to ensure organizational and customer success Attention to detail, proven analytical and problem-solving skills
Qualifications: Prefer JD, Information Systems or Engineering degree CISSP, CISA, CISM, CCSK, or PMP certifications desired Prefer 3-5 years relevant experience working on SOC, HIPAA (or other Healthcare), PCI (or other Finance) Prior Cloud Service Provider experience a plus Experience with either a 'Big 4' accounting firm, a mid-level accounting firm, and/or a large IT corporation's internal audit department is preferred
Oracle employee benefits programs are designed individually for each region to ensure they best meets the needs of employees and their eligible dependents. See how ORACLEflex and other benefits help employees thrive at Oracle. http://www.oracle.com/us/corporate/careers/index.html
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other
Loading some great jobs for you...