Regulatory Compliance Specialist 4 (REMOTE)
- Plan, manage, lead, and execute multiple audit programs within OCI with third-party auditors
- Evaluate the effectiveness of controls and corresponding evidence in alignment with audit framework requirements
- Provide high quality, professional day-to-day execution of audit engagements
- Conduct interactions with third party auditors that exhibit control understanding and confidence
- Effectively communicate audit engagement status to executive leadership
- Ability to communicate in remote working environments over video, phone, email, and other tools
- Provide clear expectations and direction to security and engineering teams within OCI on audit requirements
- Review audit evidence from the businesses within OCI and analyze for auditor consumption
- Communicate within the team autonomously and drive communication across partner teams
- Drive project scheduling, tracking, and communications up to the Director level independently
- Build, manage, and enhance the efficiency of audit programs as the business scales
- Collaborate with subject matter experts to refine operating processes to increase the value and scale of our audit programs and decrease the operational impact to OCI
The ideal candidate will have the following skills:
- 8+ years audit program management experience with either a "Big 4" accounting firm, or a mid-level accounting firm.
- 4+ years of above experience in the IT or Cloud industry is preferred
- Knowledge of industry and regulatory frameworks is preferable, such as, SOC 1 & SOC 2, HIPAA, PCI, ISO Series, C5, CSA STAR, and HITRUST
- Demonstrates ability to identify problem areas in a program and build projects to correct, enhance, reduce the impact of those issues
- Proven ability to combine business acumen, technical acumen and process expertise to define client (internal/external) engagement and program execution
- Proven ability to influence & gain buy-in at multiple levels, across divisions, functions and cultures; comfort working with executive level management
- Demonstrated ability to achieve results through cross-functional, virtual teams
- Possess ability to explain complex auditing topics to audiences with no auditing experience
- Ability to prioritize, manage, and deliver on multiple projects simultaneously and partner with management in support of key initiatives and projects
- Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, fast-paced environment
- Superior communication skills (interpersonal, verbal, presentation written, email, tickets, etc.)
- JIRA and Confluence experience strongly preferred
- Display a demonstrated ability to think broadly and strategically
- Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills
- Team leadership expertise
- Attention to detail, proven analytical and problem-solving skills
- Bachelor's degree or equivalent experience
- PMP, PgMP, CISA, CISM, CISSP, CIPP, desired
Detailed Description and Job Requirements
Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies.
Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Support the creation of a comprehensive risk management and regulatory oversight program, including specifications for product and service design aligned with Oracle Software Security Assurance and Security Architecture. Review specifications. Develop training for GBU development, cloud services, services and operations teams on industry regulatory specifications applicable to their products and services. Execute risk assessments and evaluate risks to the business and develop risk mitigation strategies. Work with members of GBU development, cloud services, services and operations teams to incorporate applicable industry regulatory standards, Oracle security policies and customer-contractual obligations into GBU processes and standards. Coordinate industry and regulatory certifications, including managing certification vendors (e.g., PCI, HIPAA,HITECH, ISO, SOC2). Build security documentation and collateral for customers and internal users allowing security to be a differentiator in this GBUs. Build management level metrics and reporting for activities that are owned by the Risk Manager. Execute a vendor security program.
Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. . Ability to travel. 8 plus years experience. BA/BS or advanced degree preferred. 5-7 years work in governance and compliance for a large corporation. CISA, CISM, CISSP, CIPP desired. Strong knowledge of IT auditing and controls, preferable with SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002. Experience with 21 CFR Part 11 and HIPAA. Knowledge and understanding of the delivery process for validated systems; specifically Computer System Validation process or CSV. Have an understanding of security standards and risk management. Experience working in Information Technology, Cloud or managed hosting services. Excellent written and verbal communication skills. Ability to adjust and adapt to changing priorities in a dynamic environment. Technical acumen and the ability to understand and interpret technical specifications. Technical knowledge of Oracle Applications and Database and/or infrastructure components. Project Management skills.
Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.
FindTheBestJob is a free service and does not charge a fee at any stage of application or recruitment process. Don’t provide your bank account or credit card details to anyone during job application. FindTheBestJob does not guarantee the availability of a job since organizations may end applications earlier than due date.