Oracle Cloud Infrastructure

Senior Principal Cloud Compliance Assurance Specialist

IC5

 

Come join the fastest growing Cloud organization with world-class engineering and laser focus on excellence. Oracle’s extensive enterprise customer base is looking for rock-solid cloud solutions that provide the same reliability and effectiveness that they have come to expect from Oracle. Oracle Cloud Infrastructure (OCI) provides highly cost effective and high-performance IaaS & PaaS Cloud solutions to its customer and they come to expect industry-leading security and compliance programs, creating a stable and highly effective foundation for their workloads and an infrastructure that meets their security and compliance needs.

We are looking for a Senior Principal Cloud Compliance Assurance Specialist who is looking to advance their career at OCI. You will be responsible for the support and implementation of scalable audit programs to support Oracle Cloud Infrastructure’s growth in regulated markets within the APAC region.

 

Functions include:

• Plan, manage, lead, and execute multiple audit programs within OCI with third-party auditors
• Evaluate the effectiveness of controls and corresponding evidence in alignment with audit framework requirements
• Provide high quality, professional day-to-day execution of audit engagements
• Conduct interactions with third party auditors that exhibit control understanding and confidence
• Maintain and build relationships with local regulators
• Effectively communicate audit engagement status to executive leadership
• Ability to communicate in remote working environments over video, phone, email, and other tools
• Provide clear expectations and direction to security and engineering teams within OCI on audit requirements
• Review audit evidence from the businesses within OCI and analyze for auditor consumption
• Communicate within the team autonomously and drive communication across partner teams
• Drive project scheduling, tracking, and communications up to the VP level independently
• Build, manage, and enhance the efficiency of audit programs as the business scales
• Collaborate with subject matter experts to refine operating processes to increase the value and scale of our audit programs and decrease the operational impact to OCI

 

The ideal candidate will have the following skills:

• 8+ years relevant experience in the IT industry setting and delivering against technical and business strategy at an advanced level
• Knowledge of industry and regulatory frameworks is preferable, such as, FSI Korea and ISMS Korea
• Working knowledge of major control area such as Identity and Access Management, Software Development Lifecycle, Code Management and Integrity, Change Management, Logging and Monitoring, etc. 
• Experience with software and hardware platforms, with an emphasis on infrastructure – servers, storage, networking, Linux and Windows operating systems, and virtualization
• 3+ years of experience in Cloud solutions (IaaS/ PaaS/ SaaS) strategy and implementation
• Knowledge of networking technologies including software-defined networking, and VPN and cloud connectivity solutions
• Knowledge of application security, firewalls, IPS, vulnerability assessment and mitigation, event collection and correlation, auditing, crypto, data loss prevention
• Experience as a hands-on technical practitioner/specialist in customer facing roles (internal and external), including building strong, collaborative relationships
• Superior communication skills (interpersonal, verbal, written, presentation)
• Flexible enough to handle a diverse set of activities daily and adaptable to ever-changing priorities
• Must be able to work in a global, complex and diverse environment
• Demonstrated ability to achieve results through cross-functional, virtual teams
• Ability to prioritize, manage, and deliver on multiple projects simultaneously; highly motivated and able to work against aggressive schedules
• Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, fast-paced environment
• Display a demonstrated ability to think broadly and strategically
• Ability to handle confidential information discreetly
• Bachelors or master’s degree in management, business, computer science or other relevant working experience

 

 

 

 

 

Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies.

Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Drive the development and implement a comprehensive risk management and regulatory compliance strategy across the GBUs to optimize and continuously improve the information security of the GBU products and services. The role requires coordination between the GBUs* Development, Cloud Services, Services, and Operations teams and Oracle's centralized Corporate Security Group and Oracle Legal organizations. This team will ensure that the IT environment implements, demonstrates and continuously monitors the controls necessary to meet key security frameworks and regulatory specifications including ISO 2700x, PCI DSS,HIPAA and SSAE 16 as needed by the GBUs. Facilitate third party attestations, audits and certification efforts for the GBUs. Develop customer facing documentation that describe the security and compliance across the GBUs including Oracle Cloud for Industry. Assess the Cloud compliance and security landscape to keep OCI controls current with industry standards. Interface with corporate groups including Corporate, Privacy and Security legal and Internal audit to ensure compliance with policy. Lead project team members and formalize risks and key controls associated with significant Oracle Cloud for Industry and GBU processes. Manage the vendor security program for the GBUs. Coordinate audit testing, documentation, self-assessment testing and remediation activities. Make recommendations to correct deficiencies identified during the various audits. Perform the role of compliance consultant and subject matter expert for the Oracle GBUs to help them improve their control environment as necessary. Manage project functions including project scheduling, tracking, communications, and controlling to ensure project meets deadlines and remains on schedule.

Acknowledged authority within the Corporation. Exercises creativity and independent judgment in developing methods, techniques, and evaluation criteria. Ability to travel. 10 plus years experience. Bachelor Degree or equivalent. CISA, CISM, CISSP, CIPP desired. 10+ years related experience. Formal training in project management. Fluency & extensive experience IT auditing and controls, preferable with SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002. Strong working knowledge of IT processes and IT infrastructure. Proven ability to combine business acumen, technical acumen and process expertise to define control specifications for SSAE 16 SOC 1 & SOC 2, PCI, ISO 27002 . Demonstrated success in leading, controlling, & completing IT projects. Proven ability to influence & gain buy-in at multiple levels, across divisions, functions and cultures; comfort working with executive level management. Demonstrated ability to achieve results through cross-functional, virtual teams. Ability to prioritize, manage, and deliver on multiple projects simultaneously; highly motivated and able to work against aggressive schedules. Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, fast-pace environment. Superior communication skills (interpersonal, verbal, presentation written, email. Positive attitude, team player, self-starter; takes initiative, ability to work independently. Discretion in handling confidential information.