Oracle Senior Assurance Engineer in Longmont, Colorado
Develops and executes programs and processes to reduce information security risk and strengthen Oracle s security posture.
Supports the strengthening of Oracle s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas. Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance. Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required. Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents. Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required. Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies. Mentors and trains other team members. Compiles information and reports for management.
Minimum of 8 years experience in information systems, business operations, or related fields, at least 5 years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required. Strong knowledge of: Cloud architecture and security principles. Risk Management Frameworks. **nix and Windows system administration. Experience with: Logging and log analysis. Identity management principles and technology. Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. CISSP, CISM, CISA, CIPP or other equivalent certification. Comprehensive knowledge of security design for networks, databases, infrastructure, and cloud computing. Experience writing security incident and vulnerability reports for leadership and other stakeholders. Ability to effectively communicate and influence secure product and network design in a collaborative environment. Comprehensive knowledge of digital forensics. Strong knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods. Knowledge of encryption technologies and architectures. Expert level experience in evaluating and assessing security threats across a variety of environments and industries. Expert level understanding of secure networking principles, routers, switches and load balancers.
Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.
The Oracle SaaS Cloud Security (SCS) – Senior Assurance Engineer, is a career technical position focused on understanding SaaS security performance & compliance posture, anticipating potential blockers to meeting objectives, helping prioritize and contextualize those solution paths – and has a very broad exposure to the domain subject matter experts, as well technical and process across SCS and all SaaS lines of business (LOB). This Senior Assurance Engineer will leverage existing assurance models and methods while redefining more effective and efficient approaches to value delivery in the assurance space.
This role can be remote.
The position incorporates national and international legal and regulatory cyber security requirements including laws, policies, and standards with industry recognized accreditation and standards to develop and implement an Oracle common compliance framework and accreditation practices. The position will require broad domain knowledge in the identification and application of security industry best practices, forward looking technology tools and techniques, and I.T. governance to meet current and future organizational requirements. The position works under the supervision of the Director of SaaS Security – Governance, Risk and Compliance (GRC), with dotted line accountability to the V.P.
The Senior Assurance Engineer is the functional specialist, and manages systems, processes, program(s) and artifacts used in various organizational GRC functions including, but not limited to:
Definition and implementation of GRC automation solutions
Drive continuous improvement identification, planning and monitoring activities and collateral of security services across SaaS Cloud Security (SCS) teams.
Conduct compliance readiness assessments leveraging various commercial & regulatory compliance frameworks - PCI, HIPAA, SOC2, ISO 27001, NIST Cybersecurity Framework (CSF), etc.
Perform risk/threat assessments against identified issues/gaps leveraging industry cybersecurity risk scoring models such as OCTAVE, FAIR, NIST RMF
Demonstrate to internal/external oversight stakeholders that GRC program objectives are met and facilitate improvements where needed
Support the SCS Cyber Security Posture Program
Supports ongoing configuration, management and operations of GRC automation solutions
The position operates in cooperation with Global Information Systems (GIS), Oracle legal, Oracle product teams, and line-of-business compliance teams to deliver a highly secure customer environment that can be validated and measured against defined audit criteria.
Shifting Left. The scope of the SaaS Cloud Security – Senior Assurance Engineer is the direct contributor that conducts proactive compliance readiness assessments. This candidate will define and implement workflows, processes and technology that will proactively stage the requisite delivery of evidence supporting successful compliance audit outcomes. The Senior Assurance Engineer will work with data collection tools and mechanisms, workflow automation software, compliance storage and reporting tools, data repositories and archives, and automated or manual system administration tools, processes, and activities. The role participates in audit interviews with internal and external auditors and provides clear and concise information on the security practices and control objectives in scope of audits.
This role will implement regular communication/reporting channels with operations resources at the product, service, or line-of-business level and ensures accurate and complete information that is within allowed audit timeframes and target periods. Additionally, this role may contribute to daily, weekly and ad-hoc compliance meetings that are facilitated and attended to accomplish audit planning, review and conduct current audits, and after action meetings to resolve identified audit deficiencies. The right candidate will have the strong ability to prioritize multiple competing requirements with coinciding deadlines and will have to make immediate decisions as to how tasks get prioritized in real-time based on pragmatic assessment of need and results and adjust the bar as needed.
Requisite qualifications for the SaaS Compliance Security – Senior Assurance Engineer is:
A minimum of a four-year technical degree or commensurate professional or military experience is required. A master’s degree in a technology discipline is preferred. The applicant must have prior information technology experience working in a complex I.T. environment composed of multiple operating platforms and enterprise software solutions. Experience in an enterprise cloud environment using software as a service (SaaS) technology is preferred. The applicant should have direct knowledge and experience with a variety of common security compliance standards and frameworks including SOC 1/2. PCI-DSS, ISO 27000 series. Industry certifications such as CISSP, CISM, CISA, CISM, ITIL, LSSBB, PMP is preferred.
Prior security experience within information technology at the A level is required. The applicant must be able to show demonstrable project or program management participation with significant aspects of individual responsibility. The role requires a meticulous and detail-oriented approach with a proven ability in time management and task completion to standards. Prior experience Cloud technologies, Certification/Accreditation processes, security standards/playbooks, security testing & validation and various compliance standards is a plus.
Experience with one or more common industry GRC tool suites including Archer, ServiceNow, MetricStream, ZenGRC and Allgress is required. Experience with Atlassian tools including JIRA, and Confluence is preferred. The job is a high trust position with access to systems, control data, customer information and demographics, sales data, and other Oracle proprietary or confidential data and may require a government security clearance in the future. Applicants must be able to pass a rigorous background screening and employment check with periodic reinvestigation.
Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. Seven years of project management, product design or related experience preferred
Detailed Description and Job Requirements
Manage the development and implementation process of a specific company product.
Manage the development and implementation process of a specific company product involving departmental or cross-functional teams focused on the delivery of new or existing products. Plan and direct schedules and monitor budget/spending. Monitor the project from initiation through delivery. Organize the interdepartmental activities ensuring completion of the project/product on schedule and within budget constraints. Assign and monitor work of systems analysis and program staff, providing technical support and direction.
Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. Seven years of project management, product design or related experience preferred.
Job: *Information Security Engineering
Title: Senior Assurance Engineer
Location: United States
Requisition ID: 210001OD