We are extending our Compliance team!!!
Daily workload looks :
Perform gap and readiness assessments for compliance obligations focused on security (i.e. PCI-DSS, ISO 27001, SOC 1, SOC 2, etc) :
Agree objective, goals, and scope of the project with senior management. Obtain management support and commitment of resources for the assessment
Build audit programs, including audit plan, process, scope, procedures, questionnaires and schedules
Assess adequacy of existing policies, processes, and controls against the requirements of the compliance obligation
Work with management to draft and implement remediation plans to mitigate identified issues and risks, and improve processes and controls
If working with staff, review staff output, provide guidance on project next steps, and supervise and guide staff in working with internal customers
Perform periodic audits of IT projects, applications, operations and environments for adherence to corporate security policies and guidelines.
Serve as subject matter expert for security compliance obligations and liase with executive and senior management, operational and application teams and Internal and External Audit to identify areas of concern, develop the relevant solutions, provide management response, track progress and drive actions to completion.
Assist in performing on-going periodic information security risk assessments and business impact analysis to ensure key business risks are properly identified and mitigated by management.
Enforce compliance with policies in conjunction with internal audit, developing, managing and monitoring security over business processes.
Maintain controls documentation with SMEs and ensure compliance with Internal and External Audit.
Provide guidance and advice to the organization with current information on related regulatory issues and compliance technologies.
Experience in data privacy an advantage but not required
What you should be familiar with :
3 years experience in performing IT Audit / IT Compliance assessments / Gap assessments, ideally for PCI-DSS, ISO 27001, SSAE 16 / ISAE 3402 / SOC 1, SOC 2 or NIST 800.
In-depth knowledge and experience of some of them : PCI-DSS, ISO 27001, SSAE 16 / ISAE 3402 / SOC 1, or SOC 2 highly essential.
Knowledge of NIST 800 an advantage
Highly independent, with high ethical standards and integrity
Experience in program or project management
Experience and working knowledge of security related technology (e.g. Identity Management tools, Firewalls, etc.)
Working knowledge of ERP systems (e.g. NetSuite, PeopleSoft FDM and Oracle eBusiness) advantage
Experience with privacy requirements, such as Model Clauses, GDPR, and related security and privacy policies, processes, and regulations an advantage.
Effective communication and presentation skills
Experience dealing with all levels of management and across different teams, including managing conflicts
Exposure to cloud environment security standards and implementation an advantage
Let s meet up in a DORN new building for a coffee : )
Detailed Description and Job Requirements
Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.
Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems.
Maintains the company*s firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
Job duties are varied and complex; independent judgment needed. May have project lead role. Prefer 5 years relevant experience and BA / BS degree.
As part of Oracle's employment process candidates will be required to complete a pre-employment screening process, prior to an offer being made.
This will involve identity and employment verification, salaryverification, professional references, education verification and professional qualifications and memberships (if applicable).