DescriptionThis position will support the Security and Privacy Compliance organization. The individual will support our governance, risk, and compliance (GRC) practices, working on projects to ensure compliance with regulations and compliance to obligations with our customers.
A key responsibility of this position will be the growth and maintenance of the incident reporting and response program within the risk management program. The candidate will manage the incident reporting and response program, including managing the tabletop exercise and the review, communication, and escalation process for security events, and ensuring we meet compliance obligations with our processes. This position will manage other compliance projects such as third-party audits (e.g. SOC 1/ PCI-DSS, etc.), risk assessments, or product compliance consulting projects, including HIPAA/Healthcare expansion programs. This role will include conducting research on compliance requirements, performing or managing assessments, and reporting findings to stakeholders. They will ideally have extensive experience in compliance, audit, project management, security, privacy, and software development lifecycle standard methodologies.
This position will require coordinating, communicating, and working effectively with internal process owners, internal and external auditors, and all levels of management. The candidate should understand IT and security risks, general IT controls and security controls, as well as risk mitigation and issue remediation. Key skills would be IT audit and security event management, including understanding security issues identified, as well as potential exposure and needed mitigation and remediation.
Career Level - IC4
Responsibilities
- Manage security incident reporting and response program
- Manage reporting and response for individual security events that occur
- Assist with tabletop exercises to test processes
- Ensure tabletop exercises comply with internal and external audits
- Maintain standards and controls documentation with SMEs and ensure compliance with internal and external audit
- Ensure processes are followed, relevant controls are performed, and the process and controls comply with internal and external audits
- Assist with security and privacy risk assessments of our services
- Assist with security and privacy risk assessments of our suppliers
- Assist with audit, risk, governance, or consulting compliance projects as appropriate
The position prefers experience in IT compliance, audit, software development lifecycle (SDLC), and security best practices in a SaaS/Cloud environment.
Additionally, the below will be considered in hiring the appropriate candidate:
- Candidate must possess at least a Bachelor's/College Degree, preferably in Audit/Finance/Accountancy/Information Systems/Banking or equivalent
- At least 8 year(s) of working experience in IT Compliance, Audit, Risk Management, Incident Response, or related field is preferred for this position
- Candidate should be a either CPA, CISA, CRISC, CISM, CISSP, or maintain a similar certification in information systems or information security
- Candidate should understand security issues identified, including potential exposure from security issues, required mitigation, and remediation steps needed
- Candidate should have hands-on working knowledge of and experience with ITGC, including deficiency risk and mitigation documentation
- Experience with and working knowledge of risk assessments is preferred
- Experience and working knowledge of security-related technology (e.g. Identity Management tools, Firewalls, etc.) is preferred
- Working knowledge of ERP systems (e.g., NetSuite, PeopleSoft FDM and Oracle eBusiness) security standards and implementation is preferred
- Exposure to cloud environment is preferred
- Experience with SOC audits and ISO27001 is preferred
QualificationsRange and benefit information provided in this posting are specific to the stated locations onlyCA: Hiring Range in CAD from: $76,700 to $167,600 per annum.
Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle’s differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.