SaaS Cloud Security - Compliance Program Manager

Preferred Qualifications

SaaS Cloud Security - Compliance Program Manager

The Oracle SaaS Security - Compliance Program Manager, is a career technical position focused on the application of recognized governance, risk management, and compliance principles and practices. The position incorporates national and international legal and regulatory environments including laws, policies, and standards with industry recognized accreditation and standards to develop an Oracle common compliance framework and accreditation practices. The position will require enterprise level knowledge in the identification and application of security industry best practices, forward looking technology tools and techniques, and I.T. governance to meet current and future organizational requirements. The position works under the supervision of The Director of SaaS Security – GRC, with dotted line accountability to the V.P. SaaS Compliance. The Compliance Program Manager is the functional counterpart of an internal audit specialist, and manages systems, processes, and artifacts used in various organizational compliance activities. The position operates in cooperation with Global Information Systems (GIS), Oracle legal, Oracle product teams, and line-of-business compliance teams to deliver a highly secure customer environment that can be validated and measured against defined audit criteria.

The scope of the SaaS Security Compliance Program Manager is the direct support for periodic compliance assessments managed by a variety of Oracle compliance teams; external industry or regulatory audits; or contractually required audits of customer environments. The compliance manager will work with data collection tools and mechanisms, compliance storage and reporting tools, data repositories and archives, and automated or manual system administration tools, processes, and activities. The role participates in audit interviews with internal and external auditors and provides clear and concise information on the security practices and presence. Regular communications with operations resources at the product, service, or line-of-business level ensures accurate and complete information that is within allowed audit timeframes and target periods. Daily, weekly and ad-hoc compliance meetings are facilitated and attended to accomplish audit planning, review and conduct current audits, and after-action meetings to resolve identified audit deficiencies. The role will also be required to provide input into security-evidence-automation in support of compliance.

Requisite qualifications for the SaaS Security – Compliance Program Manager is:

- EU/UK citizenship or EU/UK permanent residency status is required for the position, no visa sponsorship is available for the position.

- A minimum of a four-year technical degree or commensurate professional or military experience. A master’s degree in a technology discipline or an MBA is preferred.

- The applicant must have prior information technology experience working in a complex I.T. environment composed of multiple operating platforms and enterprise software solutions.

- Experience in an enterprise cloud environment using software as a service (SaaS) technology is preferred.

- The applicant should have direct knowledge and audit experience with a variety of common compliance standards and frameworks including SOC 1/2. PCI-DSS, ISO 27000 series. Knowledge of International audit standards is preferred.

- An audit certification such as CISA is preferred. Prior security experience within information technology at the A+ level is required with cloud security experience and a CISSP or equivalent industry certification.

- The applicant must be able to show demonstrable project or program management participation with significant aspects of individual responsibility. -The role requires a meticulous and detail-oriented approach with a proven ability in time management and task completion to standards.

- Prior experience with UK government I.T. audits or compliance standards is a plus.

 - Experience with one or more common industry GRC tool suites including Archer, ServiceNow, MetricStream, ZenGRC and Allgress is required with experience with Atlassian tools including JIRA, and Confluence is preferred.

- The job is a high trust position with access to systems, control data, customer information and demographics, sales data, and other Oracle proprietary or confidential data and potentially require UK government security clearance in the future.

- Applicants must be able to pass a rigorous background screening and employment check with periodic reinvestigation.

 Detailed Description and Job Requirements

 - Manage the development and implementation process of a specific company product.
- Manage the development and implementation process of a specific company product involving departmental or cross-functional teams focused on the delivery of new or existing products.

- Plan and direct schedules and monitor budget/spending. Monitor the project from initiation through delivery.

- Organize the interdepartmental activities ensuring completion of the project/product on schedule and within budget constraints.

- Assign and monitor work of systems analysis and program staff, providing technical support and direction, including providing input in the area of compliance automation.
- Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization.

- Leading contributor individually and as a team member, providing direction and mentoring to others.

- BS or MS degree or equivalent experience relevant to functional area.

- Seven years of project management, product design or related experience preferred.

As part of Oracle's employment process candidates will be required to successfully complete a pre-employment screening process. This will involve identity and employment verification, professional references, education verification and professional qualifications and memberships (if applicable).