- We are building a new technology organization based in Downtown Seattle. This new entity is being constructed with an entrepreneurial spirit that promotes an energetic and creative environment. We are unencumbered and will need your contribution to make it a world-class engineering center with the laser focus on excellence.
- Oracle’s extensive enterprise customer base is looking for rock-solid cloud solutions that provide the same reliability and effectiveness that they have come to expect from Oracle. As a trusted Enterprise vendor, Oracle is in the early stages to provide highly cost effective compute, storage, & PaaS Cloud solutions to its customer base.
- We are specifically looking for a Compliance Program Manager to join the Oracle Cloud Infrastructure Group in Seattle. You will be responsible for the development and implementation of compliance programs that will support the Cloud Infrastructure product offering.
- The candidate will be responsible for overseeing OCI’s compliance program in the Datacenter Operations (DCO) space, primarily working with 3rd party cloud colocation vendors to build out commercial, government compliance requirements and physical security control frameworks. The candidate will support DCO
- operations to validate compliance and monitor remediation efforts for identified risks and practice gaps.
- This role is required to plan, coordinate and execute security assessments, document assessments, design and measure effectiveness of key controls, lead cross-functional remediation teams in developing processes using requirements gathered from outside audit feedback and timely compliance requirements.
- Will foster and nurture trusted relationships with Compliance Teams, Internal Audit and other Risk & Compliance Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc.
- Establish a baseline of physical security risk, identify areas of potential exposure, develop and align vendor risk management strategies with OCI goals and objectives, and execute program ensuring consistency.
- Partner with business lines & internal support functions to help ensure that all risk assessment and mitigation requirements have been met;
- evidence is captured, monitored & mitigated throughout testing/ development/ implementation and use
Support the development and implementation of a common and consistent standard framework to effectively manage vendor risk in accordance with contractual requirements.
- Manages and continuously updates effective physical security program and controls framework for cloud environments.
- Develops and reviews / challenges physical security assessments and reports on findings, consult on remediation plans, track status, aggregate results and report to Management / Leadership.
- Educates DCO, Security and Compliance teams on cloud compliance requirements on access control, data handling, drive destruction, chain of custody, and security breaches.
- Establish milestones and deliverables meet any identified contractual or compliance gaps.
- Lead assessment of vendor risk, develop mitigation plan and partner with internal stakeholders to assign monitoring responsibility
- Prepare and complete annual risk assessments and assist with regulatory and accreditation audit preparation as needed
- Ensure colocation vendor’s policies, procedures and key controls are aligned with security standards, and regulatory requirements by performing projects, applications and systems security risk and compliance assessments.
- Mitigates Vendor Risks including vulnerability and configuration deficiencies by conducting investigations of possible security exceptions.
- Maintain awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to vendor risks associated with information security, data privacy and retails and pharmacy operations.
- Develop communications and related campaigns for practices according to Vendor Risk Management security standards as part of the enterprise Security awareness program.
- Lead and perform periodic assessments of Vendor information systems, people and processes to identify risks associated with compliance gaps and security vulnerabilities, and develop and execute remediation action plans to reduce or eliminate vendor risk exposure.
- Bachelor Degree or equivalent
- Tactical thinker who can develop, evangelize and execute procedures in a high tempo operational environment.
- Experience in leveraging contract and statements of work to hold vendors accountable to performance
- 7-10+ years related experience
- 5 + years program management experience
- Formal training in project management
- Physical security subject matter expert with background in US government requirements and best practices.
- Experience IT/Cloud auditing and controls, preferably with FedRAMP, SOX, SSAE 16 – SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, ISO 27001 & ISO 27002
- Fluency in risk management principles to quantify threat, vulnerability and criticality of both physical and logical assets.
- Strong working knowledge of Cloud IT processes and Cloud IT infrastructure
- Proven ability to combine business acumen, technical acumen and process expertise to define client (internal/external) engagement and program execution
- Proven ability to influence & gain buy-in at multiple levels, across divisions, functions and cultures; comfort working with executive level managemen
- Ability to prioritize, manage, and deliver on multiple projects simultaneously; highly motivated and able to work against aggressive schedules
- Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, fast-paced environment
- Superior communication skills (interpersonal, verbal, presentation written, email)
- Positive attitude, team player, self-starter; takes initiative, ability to work independently
- Display a demonstrated ability to think broadly and strategically
- Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills
Sign Up to Bookmark Jobs, Keep Track of Completed Applications and Receive Recommended Jobs