Regulatory Compliance Specialist 4-20000IT7
Regulatory Compliance Specialist 4 (IC4)
Oracle SaaS Compliance
This is a new position as a SaaS Compliance Program Lead as part of our Americas Commercial Audit Program Management & Execution Team.
The Oracle SaaS Compliance team ensures the security and compliance of Oracle Cloud Services by verifying teams follow regulations, policy, standards, and best practices. The Compliance team assist Service teams through assessment, audit or certification. We also support compliance operations and continuous monitoring of cloud-based security infrastructure, and support customer compliance inquiries.
Successful candidates for this role must be very comfortable taking a leadership role with regulatory compliance in a fast-paced organization. Candidates will be expected to successfully manage an audit program portfolio for SOC, Healthcare (HIPAA, HITRUST), Finance (PCI), or SaaS@Customer to support and maintain existing audit compliance efforts and regulatory compliance obligations, and to support program improvements and opportunities.
Primary responsibilities of this role will include:
- Leads and manages SOC, Financial, Healthcare, SaaS@Customer and potentially other audit assessments/certifications, documentation, conducts analysis of control weaknesses and reports results on a continuous basis;
- Plans, leads, and executes audit engagements with third-party auditors;
- Evaluates the effectiveness of the internal controls, business processes, and corresponding evidence, in alignment with industry and regulatory requirements and expectations;
- Creates and complete projects to assist in improving organizational efficiency and effectiveness, and minimize organizational impact and risk;
- Provides high quality, professional day-to-day execution of audit engagements;
- Conduct business process reviews to both assess the efficiency and effectiveness of operations as well as evaluate the design and operating effectiveness of internal controls;
- Conduct interactions with third party auditors that exhibits control understanding and confidence;
- Develop audit programs, working papers, and reports;
- Effectively communicate audit status to executive leadership;
- Communicates within the team autonomously and drives the communications across partner teams;
- Drives clearly defined intra-team issues to resolution;
- Drives project scheduling, tracking, and communications independently;
- Learns actively and quickly; empowered to update and enhance current audit processes, tooling, and documentation;
- Significantly contributes to the tooling and processes that are being built to scale compliance for an entire global cloud;
- Coordinates and facilitates audit preparation and “in audit” activities;
- Evaluates regulatory compliance requirements and engages with a variety of cross functional teams;
- Consults with internal teams on engineering designs and development of cloud-based systems;
- Evaluates and provides reasonable assurance that risk management, control requirements, and governance systems are functioning as intended and will enable the organization’s objectives and goals to be met;
- Reports risks of internal control deficiencies and provides recommendations for improving the organization’s operations, in terms of both efficient and effective performance;
- Evaluates information security and associated risk exposures;
- Evaluates regulatory compliance program with consultation from legal counsel;
- Evaluates the Service’s audit readiness;
- Maintains open communication with management and teams across Oracle Cloud Operations;
- Engages with other internal and external strategic resources as appropriate;
- Evaluates applicable global standards & compliance frameworks to establish internal standards, guidelines, policies, processes, and procedures;
- Designs, develops and publishes internal program frameworks, checklists, and procedures using creative publishing and editing software tools;
- Systematically and comprehensively documents the Cloud Service’s compliance program;
- Other duties as assigned.
The ideal candidate will have the following skills:
- Significant experience in control assessment and audit for financial and operational controls
- In-depth knowledge of industry and regulatory compliance standards
- Proven ability to combine business acumen, technical acumen, and process expertise to assess requirements and alignment
- Possesses ability to explain complex topics to audiences with no auditing experience
- Demonstrated ability to use multiple avenues of communication (verbal, written, ticketing, messaging, etc.)
- Ability to prioritize, manage, and deliver on multiple tasks simultaneously and ability to partner with management in support of key initiatives and projects
- Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, agile, and fast-paced environment
- Motivated to accomplish goals and objectives to ensure organizational and customer success
- Attention to detail, proven analytical and problem-solving skills
- Prefer JD, Information Systems or Engineering degree
- CISSP, CISA, CISM, CCSK, or PMP certifications desired
- Preferred 5-7 years relevant experience working on SOC, HIPAA (or other Healthcare), PCI (or other Finance)
- Prior Cloud Service Provider experience a plus
- Experience with either a “Big 4” accounting firm, a mid-level accounting firm, and/or a large IT corporation’s internal audit department is preferred
Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies.
Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Support the creation of a comprehensive risk management and regulatory oversight program, including specifications for product and service design aligned with Oracle Software Security Assurance and Security Architecture. Review specifications. Develop training for GBU development, cloud services, services and operations teams on industry regulatory specifications applicable to their products and services. Execute risk assessments and evaluate risks to the business and develop risk mitigation strategies. Work with members of GBU development, cloud services, services and operations teams to incorporate applicable industry regulatory standards, Oracle security policies and customer-contractual obligations into GBU processes and standards. Coordinate industry and regulatory certifications, including managing certification vendors (e.g., PCI, HIPAA,HITECH, ISO, SOC2). Build security documentation and collateral for customers and internal users allowing security to be a differentiator in this GBUs. Build management level metrics and reporting for activities that are owned by the Risk Manager. Execute a vendor security program.
Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. . Ability to travel. 8 plus years experience. BA/BS or advanced degree preferred. 5-7 years work in governance and compliance for a large corporation. CISA, CISM, CISSP, CIPP desired. Strong knowledge of IT auditing and controls, preferable with SOX, SSAE 16 – SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002. Experience with 21 CFR Part 11 and HIPAA. Knowledge and understanding of the delivery process for validated systems; specifically Computer System Validation process or CSV. Have an understanding of security standards and risk management. Experience working in Information Technology, Cloud or managed hosting services. Excellent written and verbal communication skills. Ability to adjust and adapt to changing priorities in a dynamic environment. Technical acumen and the ability to understand and interpret technical specifications. Technical knowledge of Oracle Applications and Database and/or infrastructure components. Project Management skills.
Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.
Job posted: 2020-08-20