Înapoi la joburi

Consulting Security Analyst - Compliance & Obligation Management in România

 

Provides oversight and guidance to Oracle business groups in a variety of information security related tasks and activities. Develops and executes programs and processes to reduce information security risk and to protect Oracle’s brand, reputation and revenue. Oversees internal business groups to ensure information security risks are identified, understood, and resolved. Advises on information security issues, information security compliance, industry and regulatory standards compliance, and privacy requirements. Specializes in security compliance management at a Corporate level, as well as at the level of a specific geographic region.

 

RESPONSIBILITIES/ TASKS

 

  • Provides expert advice and direction related to industry and regulatory standards, such as ISO-2700x, HIPAA, PCI DSS, FedRAMP, GDPR, etc.
  • May manage compliance to PCI DSS for Oracle as a merchant (enterprise), including scope management, ongoing compliance oversight and performance of audits
  • Performs risk analysis of audit and compliance programs operated by business groups.
  • Support the Risk Assessment and Management Process (RAMP)
  • May review and provide feedback on documents and other collateral about information security, privacy, compliance and related topics
  • Advises Legal and business groups regarding Oracle’s risk of specific contractual obligations and other written communications about information security
  • Provides leadership regarding audit and regulatory compliance methods, standards and best practices related to business operational programs, practices and procedures.
  • Assesses the risk associated with existing and proposed business audit programs, practices and procedures.
  • Maintains expert proficiency in emerging trends in information security and regulatory environments.
  • May represent Global Information Security broadly in matters related to compliance and obligation management.
  • May provide approvals on behalf of Global Information Security within the bounds of delegated authority.
  • May provide oversight to business groups regarding supplier security management
  • Documents and communicates to executive management the business impact, risk, and potential mitigating controls associated with Oracle’s audit and compliance management practices.
  • May contribute to Oracle information security policies.
  • Assists other GIS staff on specific projects and incidents as required.
  • Performs special security projects on an ad-hoc basis, as assigned by GIS management
  • Performs other duties as assigned.

 

QUALIFICATIONS

 

  • Bachelor-level degree in Computer Science, Information Systems or other related field; alternately 10 year’s relevant experience.
  • Prefer industry certification such as CRISC, CISSP, CISM, CISA, PCI ISA, etc.
  • 8 years experience as an information security practitioner.
  • Knowledge of Cloud computing security principles.
  • Strong knowledge of one or more industry standards, such as ISO-2700x, PCI DSS, HIPAA, NIST 800-series, AICPA SOC 2, etc.
  • Strong knowledge of one or more of the following: policy management and communications, risk management, compliance management, or threat and vulnerability management
  • Experienced program manager, able to effectively drive multiple simultaneous complex projects involving challenging business requirements, detailed processes and broad stakeholder engagement
  • Required personal characteristics: strong organizational skills; detail-oriented; highly proactive; able to work with a minimum direct-supervision; strong presentation, written and verbal communication skills; negotiation and influence; makes accurate decisions in complicated, stressful situations; excellent team player. Comfortable working in a dynamic, fast-paced environment.

 

 

Detailed Description and Job Requirements

 

 

Develops and executes programs and processes to reduce information security risk and strengthen Oracle’s security posture.

Supports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas. Risk Management: Brings expert level skills to assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very highly complex, business-critical environments that may span business units. May conduct and document very highly complex information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: Brings expert level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Recognized leader in industry forums monitoring developments in regulatory compliance. Threat and Vulnerability Management: Brings expert level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required. Develops new tools and methodologies to carry out analysis, and trains others in their use.Incident Management and response: Brings expert level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents. May develop new tools and methodologies to carry out analysis, and trains others in their use.Digital Forensics: Brings expert level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required. Develops new tools and methodologies to carry out analysis, and trains others in their use.Other areas of focus may include duties providing expert level skills and knowledge to manage Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.Mentors, trains and supervises other staff.Compiles information and reports for management.Provides expert level guidance regarding information security methods, standards and best practices related to business operational programs, practices and procedures.

Minimum of 12 years experience in information systems, business operations, or related fields, at least 8 years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required.Expert level knowledge of: Cloud architecture and security principles. Risk Management Frameworks. *nix and Windows system administration. Experience with logging and log analysis.Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. CISSP, CISM, CISA, CIPP or other equivalent certification. Experience identifying, designing, and deploying attack-mitigation techniques with minimal business impact. Experience managing security incidents in an incident commander role. Comprehensive knowledge of networks, systems, applications and their related data flows. Ability to lead cross-departmental security initiatives and advocate for secure development, networks, and architecture. Demonstrable experience with scripting and automation. Expert level knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods. Knowledge of database security principles. Strong knowledge of encryption technologies and architectures. Experience with identity management principles and technology.

As part of Oracle's employment process candidates will be required to successfully complete a pre-employment screening process. This will involve identity and employment verification, professional references, education verification and professional qualifications and memberships (if applicable).

 

Job

 

:Information Security Engineering

 

Travel

 

:No

 

Location

 

:Ireland

 

Other Locations

 

:NO-Norway, GB-United Kingdom, SE-Sweden, DK-Denmark, RO-Romania

 

Job Type

 

:Regular Employee Hire

 

Organization

 

:Oracle

Contact

Datele de contact vor fi vizibile dupa ce veti aplica!

Anunţ expirat

Alte locuri de munca

loading...
www.mynextjob.ro folosește cookies. Navigând în continuare, iți exprimi acordul pentru folosirea acestora. Află mai multe Am ințeles!