The Oracle Cloud Applications Business Unit seeks a privacy program manager to partner with the cloud operations, development and legal to embed privacy-by-design while creating policies and procedures to mitigate privacy risk and enhancing privacy compliance. You'll work across marketing, enterprise resource planning supply chain management, human capital management and other verticals to drive privacy initiatives, help create a privacy-focused culture, and educate stakeholders on why privacy matters.

This position is based in Canada and can be remote.

Responsibilities\:

• Provide guidance on the privacy implications of new products and procedures.
• Awareness of privacy legislation such as GDPR, CCPA and LGPD that may be impactful to Oracle Cloud Applications either in a processor or a controller role.
• Knowledge of international standards and frameworks such as ISO 27018, ISO 27701, the NIST Privacy Framework and SOC II Privacy
• Ability to manage and prioritize cross-functional projects.
• Help the team to identify and articulate the privacy impact of projects to include benefits, risks, and change management considerations.

Qualifications

• Bachelor's degree in Computer Science, IT or related field
• 6 years of Privacy (or other related) program experience
• CIPP (Certified Information Privacy Professional) CIPT (Certified Information Privacy Technologist)
• Familiar with developing and managing a Data Life Cycle program.
• Familiar with privacy program management tools such as OneTrust
• Proficiency with Microsoft Word and Excel
• Excellent writing skills
• Authorization to work in Canada without sponsorship

!|!Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies.

Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Support the creation of a comprehensive risk management and regulatory oversight program, including specifications for product and service design aligned with Oracle Software Security Assurance and Security Architecture. Review specifications. Develop training for GBU development, cloud services, services and operations teams on industry regulatory specifications applicable to their products and services. Execute risk assessments and evaluate risks to the business and develop risk mitigation strategies. Work with members of GBU development, cloud services, services and operations teams to incorporate applicable industry regulatory standards, Oracle security policies and customer-contractual obligations into GBU processes and standards. Coordinate industry and regulatory certifications, including managing certification vendors (e.g., PCI, HIPAA,HITECH, ISO, SOC2). Build security documentation and collateral for customers and internal users allowing security to be a differentiator in this GBUs. Build management level metrics and reporting for activities that are owned by the Risk Manager. Execute a vendor security program.

Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. . Ability to travel. 8 plus years experience. BA/BS or advanced degree preferred. 5-7 years work in governance and compliance for a large corporation. CISA, CISM, CISSP, CIPP desired. Strong knowledge of IT auditing and controls, preferable with SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002. Experience with 21 CFR Part 11 and HIPAA. Knowledge and understanding of the delivery process for validated systems; specifically Computer System Validation process or CSV. Have an understanding of security standards and risk management. Experience working in Information Technology, Cloud or managed hosting services. Excellent written and verbal communication skills. Ability to adjust and adapt to changing priorities in a dynamic environment. Technical acumen and the ability to understand and interpret technical specifications. Technical knowledge of Oracle Applications and Database and/or infrastructure components. Project Management skills.!|!