Oracle provides the world’s most complete, open, and integrated business software and hardware systems, with more than 370,000 customers—including 100 of the Fortune 100—representing a variety of sizes and industries in more than 145 countries around the globe. Oracle's product strategy provides flexibility and choice to our customers across their IT infrastructure. Now, with Sun server, storage, operating-system, and virtualization technology, Oracle is the only vendor able to offer a complete technology stack in which every layer is integrated to work together as a single system. In addition, Oracle's open architecture and multiple operating-system options gives our customers unmatched benefits from industry-leading products, including excellent system availability, scalability, energy efficiency, powerful performance, and low total cost of ownership.

Oracle is committed to helping customers operate globally in a fast-changing business environment and address the challenges of an ever more complex regulatory environment.  The SaaS Compliance team supports this commitment through the management of the third-party attestations or certifications of SaaS Cloud services internationally. Compliance efforts have gained additional attention in recent years and Oracle is meeting the demands by improving and expanding current efforts. Our team is growing as a reflection of Oracles commitment to regulatory requirements.

Oracle SaaS Compliance is seeking a Risk Program Specialist to manage the SaaS Cloud Risk Program and ensure it meets requirements to maintain certification for ISO and other international frameworks.  This role will provide leadership and expertise in the development and maturity of the risk management process for the SaaS ISO and other international certifications.  This candidate will work closely with other organizational leads within SaaS Cloud to formulate an overall risk evaluation for the operational areas covered by the SaaS compliance certifications.  This is a mission critical role with the qualified candidate interacting with organizational leads across SaaS Cloud (HR, Facilities, Security, etc.) and incorporating risk assessment data elements into a holistic view of risk for SaaS.  The candidate will require extensive knowledge and experience in ISO certification and Risk Management with practical knowledge of ISO 31000.

This role requires a self-starter able to prioritize given responsibilities, ability to work independently and ability to work with and leverage current organizational systems and tools. Strong communication and presentation skills will be needed. 

Essential functions for role:

• Create risk assessments, track mitigations efforts and developing risk metrics and risk reports.
• Design evaluation process of risk data from other organizational areas, such as HR, security, GIS, etc.
• Perform risk assessments to identify current and future risks in accordance with ISO standards where gaps may exist.
• Monitors ISO regulations and other international industry standards leveraging ISO certification.

Required Skills:

• 10 to 12 years of consulting or risk management experience
• Risk management experience
• Strong understanding risk, compliance and risk management principles.
• Extensive Project Management experience
• Strong communication and presentation skills
• Strong collaboration skill
• Bachelor's degree or higher

Preferred qualifications:

• PMP certified

 

Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies.

Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Drive the development and implement a comprehensive risk management and regulatory compliance strategy across the GBUs to optimize and continuously improve the information security of the GBU products and services. The role requires coordination between the GBUs* Development, Cloud Services, Services, and Operations teams and Oracle's centralized Corporate Security Group and Oracle Legal organizations. This team will ensure that the IT environment implements, demonstrates and continuously monitors the controls necessary to meet key security frameworks and regulatory specifications including ISO 2700x, PCI DSS,HIPAA and SSAE 16 as needed by the GBUs. Facilitate third party attestations, audits and certification efforts for the GBUs. Develop customer facing documentation that describe the security and compliance across the GBUs including Oracle Cloud for Industry. Assess the Cloud compliance and security landscape to keep OCI controls current with industry standards. Interface with corporate groups including Corporate, Privacy and Security legal and Internal audit to ensure compliance with policy. Lead project team members and formalize risks and key controls associated with significant Oracle Cloud for Industry and GBU processes. Manage the vendor security program for the GBUs. Coordinate audit testing, documentation, self-assessment testing and remediation activities. Make recommendations to correct deficiencies identified during the various audits. Perform the role of compliance consultant and subject matter expert for the Oracle GBUs to help them improve their control environment as necessary. Manage project functions including project scheduling, tracking, communications, and controlling to ensure project meets deadlines and remains on schedule.

Acknowledged authority within the Corporation. Exercises creativity and independent judgment in developing methods, techniques, and evaluation criteria. Ability to travel. 10 plus years experience. Bachelor Degree or equivalent. CISA, CISM, CISSP, CIPP desired. 10+ years related experience. Formal training in project management. Fluency & extensive experience IT auditing and controls, preferable with SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002. Strong working knowledge of IT processes and IT infrastructure. Proven ability to combine business acumen, technical acumen and process expertise to define control specifications for SSAE 16 SOC 1 & SOC 2, PCI, ISO 27002 . Demonstrated success in leading, controlling, & completing IT projects. Proven ability to influence & gain buy-in at multiple levels, across divisions, functions and cultures; comfort working with executive level management. Demonstrated ability to achieve results through cross-functional, virtual teams. Ability to prioritize, manage, and deliver on multiple projects simultaneously; highly motivated and able to work against aggressive schedules. Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, fast-pace environment. Superior communication skills (interpersonal, verbal, presentation written, email. Positive attitude, team player, self-starter; takes initiative, ability to work independently. Discretion in handling confidential information.