The Oracle SaaS Compliance team is seeking a Principal Security Analyst to execute on compliance delivery. The primary focus of this role will be to support the continual improvement and maintenance of Oracle Software as a Service (SaaS) certified Information Security Management System (ISMS) and will be part of a team that develops and executes multi-year strategies designed to maintain and expand the certification posture of Oracle’s SaaS services. This role will alsp partner closely with other compliance and security functions to ensure our SaaS products continue to comply with ISO 27001, ISO 27017, ISO 27018, CSA Star, GDPR and similar.

• Mature and improve SaaS ISMS. Identify areas of enhancements and gaps within the design, development, implementation, maintenance and monitoring aspects
• of the ISMS;
• Maintain policies, procedures and guidelines that support the ISMS;
• Engage with compliance team to ensure the control narratives and design documents are fully populated and maintained;
• Plan, schedule, and monitor compliance efforts from inception through delivery;
• Template creation to streamline workload for the following\:
  • Risk Assessment and Risk Treatment Plan (RTP);
  • Statement of Applicability (SOA);
  • Corrective and Preventive Action plans (CAPA);
  • Assessment of control design and operating effectiveness; and
  • Internal Audit and Management Review reports. 
• Outline test methodology, design principles and test results;
• Support and coordinate ISMS internal and external audits; and 
• Follow up on the ISMS continual improvement process, track maturity and roadmap.

Desired Experience\:

• Compliance/Audit experience 8-10 years;
• Understanding of compliance frameworks which may include ISO 27001, ISO 27017, ISO 27018, CSA Star, SOC, PCI DSS and HIPAA;
• Experience of working with or as part of the Governance, Risk and compliance team and/or the Internal Audit function;
• Excellent experience of stakeholder engagement;
• Well-developed communication and interpersonal skills;
• A positive attitude towards work and able to keep motivated with little or no supervision;
• Background in Information Security with good working knowledge of Information Security principles;
• Experience in developing and documenting Information Security Policies, Standards and Processes; and
• Ability to work with various Oracle functions spanning across geographies. 

!|!Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.

Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems. Maintains the company’s firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.

Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Prefer 8 years relevant experience and BA/BS degree.

Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.

!|!