Job Description

:Job ProfileConsulting is accountable for security assurance of what it delivers to its customers.Consulting will be responsible for Oracle Software and Security Assurance [OSSA] compliance of any design, configurations, data migrations, integrations or custom coded modules/reports executed by Oracle Consultants as part of service delivery.The Consulting Security Lead (CSL) plays a critical role in Consulting for planning and managing the security compliance activities of a Consulting division.

• Five+ years technical and/or code development background sufficient to allow the CSL to knowledgeably communicate with and monitor the training and compliance activities of division CSS personnel and project code developers
• Project or program management experience
• Four+ years in roles that provided significant exposure to IT security standards and/or compliance activities
• Good knowledge of cloud technology and security with exposure to Oracle products
• Excellent communication and people management skills
• Excellent cross-LOB collaboration skills

Career Level - IC3Responsibilities:Responsibilities

• Provides Security Assurance/OSSA program oversight & leadership within the division/region

• The CSL is responsible for leading the security compliance effort within their division/region
• Motivating the organization to adhere to security assurance practices.
• The CSL works with Global Product Security (GPS), Security Program Management (SPM) to evaluate compliance with OSSA for Consulting standards
• The CSL is responsible for ensuring that all activity is compliant with all security assurance procedures
• Arranges for selection, training, management, and assignment to projects of Consulting Security Specialists (CSS) along with PM
• Single point of contact and update status to divisional/regional management and SPM
• Coordinate changes to bid preparation to include required Security Assurance labor hours
• Mentor and train consulting security specialist, bid and project teams on the security assurance requirements
• Coordinate Security Assurance communications:

• Messaging: keep security to-of-mind with the field
• Promote & support CSL/CSS community
• Spread the word in other professional communities inside organization
• Keep division management & GPS up to date on rollout progress
• Follow and executes programs and processes to reduce information security risk and strengthen security posture
• Supports the strengthening of project security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; security policy enforcement; privacy; security education and similar focus areas.
• Risk Management: Assesses the information security risk associated with respect to consulting service delivery and solution deployment. May assist in formulation of mitigation options.
• Security Planning: Ensure project security activities and assurance review are planned in all the projects in the Division
• Design Review: Help PM and other security staffs to perform security design review of solution in scope and provide recommendations.
• Regulatory Compliance: Ensure projects are in compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc.
• Threat and Vulnerability Management: May evaluate and track information security threats and vulnerabilities related to solution delivered to the customers
• Other areas of focus may include duties managing Security Education, Training and Awareness programs, compile\'s information and reports for management.

Required Skills/ExperienceMinimum of 11 years\' experience in information systems, development, consulting or related fields, 4+ years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required.QualificationBachelor-level university degree in a relevant field from an accredited university or equivalent.Desirable Certifications

• CISSP, CSSP, CSSLP, CISM, CISA, CIPP, CCSK, CEH or other equivalent certification. Any one of these is mandatory
• Experience managing security incidents and vulnerabilities through their life cycle.
• Knowledge of secure software design principles and the software development life cycle.
• Experience with at least 1 or more of the vulnerability scanning and testing tool (Qualys, Burp Suite, Appspider etc.).

About Us:As a world leader in cloud solutions, Oracle uses tomorrow\'s technology to tackle today\'s problems. True innovation starts with diverse perspectives and various abilities and backgrounds.When everyone\'s voice is heard, we\'re inspired to go beyond what\'s been done before. It\'s why we\'re committed to expanding our inclusive workforce that promotes diverse insights and perspectives.We\'ve partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.We\'re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +1 888 404 2494, option one.Disclaimer:Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans\' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

• Which includes being a United States Affirmative Action Employer

Oracle