Regulatory Compliance Specialist 5
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
Springfield, IL 62762
Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies.
Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Drive the development and implement a comprehensive risk management and regulatory compliance strategy across the GBUs to optimize and continuously improve the information security of the GBU products and services. The role requires coordination between the GBUs’ Development, Cloud Services, Services, and Operations teams and Oracle’s centralized Corporate Security Group and Oracle Legal organizations. This team will ensure that the IT environment implements, demonstrates and continuously monitors the controls necessary to meet key security frameworks and regulatory specifications including ISO 2700x, PCI DSS,HIPAA and SSAE 16 as needed by the GBUs. Facilitate third party attestations, audits and certification efforts for the GBUs. Develop customer facing documentation that describe the security and compliance across the GBUs including Oracle Cloud for Industry. Assess the Cloud compliance and security landscape to keep OCI controls current with industry standards. Interface with corporate groups including Corporate, Privacy and Security legal and Internal audit to ensure compliance with policy. Lead project team members and formalize risks and key controls associated with significant Oracle Cloud for Industry and GBU processes. Manage the vendor security program for the GBUs. Coordinate audit testing, documentation, self-assessment testing and remediation activities. Make recommendations to correct deficiencies identified during the various audits. Perform the role of compliance consultant and subject matter expert for the Oracle GBUs to help them improve their control environment as necessary. Manage project functions including project scheduling, tracking, communications, and controlling to ensure project meets deadlines and remains on schedule.
Acknowledged authority within the Corporation. Exercises creativity and independent judgment in developing methods, techniques, and evaluation criteria. Ability to travel. 10 plus years experience. Bachelor Degree or equivalent. CISA, CISM, CISSP, CIPP desired. 10+ years related experience. Formal training in project management. Fluency & extensive experience IT auditing and controls, preferable with SOX, SSAE 16 – SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002. Strong working knowledge of IT processes and IT infrastructure. Proven ability to combine business acumen, technical acumen and process expertise to define control specifications for SSAE 16 SOC 1 & SOC 2, PCI, ISO 27002. Demonstrated success in leading, controlling, & completing IT projects. Proven ability to influence & gain buy-in at multiple levels, across divisions, functions and cultures; comfort working with executive level management. Demonstrated ability to achieve results through cross-functional, virtual teams. Ability to prioritize, manage, and deliver on multiple projects simultaneously; highly motivated and able to work against aggressive schedules. Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, fast-pace environment. Superior communication skills (interpersonal, verbal, presentation written, email. Positive attitude, team player, self-starter; takes initiative, ability to work independently. Discretion in handling confidential information.
If you are a Colorado resident, Please Contact us or Email us at email@example.com to receive compensation and benefits information for this role. Please include this Job ID: 159939 in the subject line of the email.
The Oracle Cloud SaaS Compliance organization ensures the regulatory compliance of Oracle’s Cloud Applications from initial design through operation by way of standards definition, assessment/audit & certification, and continuous monitoring of cloud based security infrastructure.
We are looking for a Senior Principal Regulatory Compliance Analyst who will play a significant role in evaluating the compliance impacts of cross-service architecture and design changes, new compliance frameworks, and emerging technologies. Candidates for this role must be very comfortable taking a leadership role within regulatory compliance in a fast-paced organization that is highly complex, varied in nature, and span multiple functional areas. Success will be measured by designing, developing, and driving engineering changes with individual service leadership to improve overall control evidence efficiency or minimize key risks.
Primary responsibilities of this role will include:
+ Evaluate significant architecture, design, tooling, and/or operational changes to Cloud Applications services to identify impacts to compliance programs;
+ Evaluate global standards & regulatory compliance frameworks to establish internal standards, guidelines, policies, processes, and procedures;
+ Provide leadership, guidance, and direction in the design and implementation of automated solutions, based on a set of standards and processes that enable application developers to easily consume security and compliance services.
+ Assess security controls and provide reasonable assurance that risk management, control, and governance systems are functioning as intended;
+ Report risk management issues and internal controls deficiencies identified and provide recommendations for improving operations, in terms of both efficient and effective performance;
+ Maintain open communication with management and teams across Oracle;
+ Engage with internal cross functional teams and external strategic resources as appropriate;
+ Design, develop and publish internal program frameworks, checklists, policy, processes, and procedures; and
+ Other duties as assigned;
+ A strong working knowledge of regulatory compliance and security frameworks (NIST, PCI, SOC, ISO, HIPAA, SOX, CIS, etc.).
+ 8+ years of experience in the security or compliance domains and BA/BS degree.
+ Experience with security control assessment, security architecture, continuous monitoring, or authorization;
+ Experience with container-based architectures and implementations such as Kubernetes;
+ Experience in leading security, compliance, privacy, and risk management projects.
+ Familiarity with DevSecOps principles.
+ Industry recognized certifications highly desired: e.g. CISSP, CCSP, CISA, CISM,
+ Big 4 auditor, security architect, or highly regulated industry experienced preferred.
Oracle employee benefits programs are designed individually for each region to ensure they best meets the needs of employees and their eligible dependents. See how ORACLEflex and other benefits help employees thrive at Oracle. http://www.oracle.com/us/corporate/careers/index.html
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.
Diversity and Inclusion:
An Oracle career can span industrie