Senior Assurance Engineer

"Develops and executes programs and processes to reduce information security risk and strengthen Oracles security posture.Supports the strengthening of Oracles security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas. Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance. Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required. Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents. Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required. Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies. Mentors and trains other team members. Compiles information and reports for management.Minimum of 8 years experience in information systems, business operations, or related fields, at least 5 years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required. Strong knowledge of: Cloud architecture and security principles. Risk Management Frameworks.**nix and Windows system administration. Experience with: Logging and log analysis. Identity management principles and technology. Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. CISSP, CISM, CISA, CIPP or other equivalent certification. Comprehensive knowledge of security design for networks, databases, infrastructure, and cloud computing. Experience writing security incident and vulnerability reports for leadership and other stakeholders. Ability to effectively communicate and influence secure product and network design in a collaborative environment. Comprehensive knowledge of digital forensics. Strong knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods. Knowledge of encryption technologies and architectures. Expert level experience in evaluating and assessing security threats across a variety of environments and industries. Expert level understanding of secure networking principles, routers, switches and load balancers.Colorado Pay Range: From $111,407 to $200,534 per annumEligible for bonus and equityOracle offers a comprehensive benefits package which includes the following:1. Medical, dental, and vision insurance, including expert medical opinion2. Short term disability and long term disability3. Life insurance and AD&D4. Supplemental life insurance (Employee/Spouse/Child)5. Health care and dependent care Flexible Spending Accounts6. Pre-tax commuter and parking benefits7. 401(k) Savings and Investment Plan with company match8. Flexible paid time off (unlimited or accrued vacation and sick leave)9. Paid parental leave10. Employee Stock Purchase Plan11. Adoption assistance12. Financial planning and group legal13. Voluntary benefits including auto, homeowner and pet insurance*Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.*Preferred QualificationsThe Oracle Advertising Senior Assurance Engineer, is a career technical position focused on understanding Oracle Advertising security performance & compliance posture, anticipating potential blockers to meeting objectives, helping prioritize and contextualize those solution paths and has a very broad exposure to the domain subject matter experts, as well technical and process across the Oracle Advertising (LOB). This Senior Assurance Engineer will leverage existing assurance models and methods while redefining more effective and efficient approaches to value delivery in the assurance space.The position incorporates national and international legal and regulatory cyber security requirements including laws, policies, and standards with industry recognized accreditation and standards to develop and implement an Oracle common compliance framework and accreditation practices. The position will require broad domain knowledge in the identification and application of security industry best practices, forward looking technology tools and techniques, and I.T. governance to meet current and future organizational requirements. The position works under the supervision of the Director of Security Governance, Risk and Architecture (GRA), with dotted line accountability to the V.P.The Senior Assurance Engineer is the functional specialist, and manages systems, processes, program(s) and artifacts used in various organizational GRC functions including, but not limited to:* Definition and implementation of GRC automation solutions* Drive continuous improvement identification, planning and monitoring activities and collateral of security services across Oracle Advertising teams.* Conduct compliance readiness assessments leveraging various commercial & regulatory compliance frameworks - SOC2, ISO 27001, NIST Cybersecurity Framework (CSF), etc.* Perform risk/threat assessments against identified issues/gaps leveraging industry cybersecurity risk scoring models such as OCTAVE, FAIR, NIST RMF* Demonstrate to internal/external oversight stakeholders that GRC program objectives are met and facilitate improvements where needed* Support the Oracle Advertising Cyber Security Posture Program* Supports ongoing configuration, management and operations of GRC automation solutionsThe position operates in cooperation with Global Information Systems (GIS), Oracle legal, Oracle product teams, and line-of-business compliance teams to deliver a highly secure customer environment that can be validated and measured against defined audit criteria.Shifting Left. The scope of the Oracle Advertising Security Senior Assurance Engineer is the direct contributor that conducts proactive compliance readiness assessments. This candidate will define and implement workflows, processes and technology that will proactively stage the requisite delivery of evidence supporting successful compliance audit outcomes. The Senior Assurance Engineer will work with data collection tools and mechanisms, workflow automation software, compliance storage and reporting tools, data repositories and archives, and automated or manual system administration tools, processes, and activities. The role participates in audit interviews with internal and external auditors and provides clear and concise information on the security practices and control objectives in scope of audits.This role will implement regular communication/reporting channels with operations resources at the product, service, or line-of-business level and ensures accurate and complete information that is within allowed audit timeframes and target periods. Additionally, this role may contribute to daily, weekly and ad-hoc compliance meetings that are facilitated and attended to accomplish audit planning, review and conduct current audits, and after action meetings to resolve identified audit deficiencies. The right candidate will have the strong ability to prioritize multiple competing requirements with coinciding deadlines and will have to make immediate decisions as to how tasks get prioritized in real-time based on pragmatic assessment of need and results and adjust the bar as needed.Requisite qualifications for Oracle Advertising Security Senior Assurance Engineer is:A minimum of a four-year technical degree or commensurate professional or military experience is required. A masters degree in a technology discipline is preferred. The applicant must have prior information technology experience working in a complex I.T. environment composed of multiple operating platforms and enterprise software solutions. Experience in an enterprise cloud environment using software as a service (SaaS) technology is preferred. The applicant should have direct knowledge and experience with a variety of common security compliance standards and frameworks including SOC 1/2. PCI-DSS, ISO 27000 series. Industry certifications such as CISSP, CISM, CISA, CISM, ITIL, LSSBB, PMP is preferred.Prior security experience within information technology at the A level is required. The applicant must be able to show demonstrable project or program management participation with significant aspects of individual responsibility. The role requires a meticulous and detail-oriented approach with a proven ability in time management and task completion to standards. Prior experience Cloud technologies, Certification/Accreditation processes, security standards/playbooks, security testing & validation and various compliance standards is a plus.Experience with one or more common industry GRC tool suites including Archer, ServiceNow, MetricStream, ZenGRC and Allgress is required. Experience with Atlassian tools including JIRA, and Confluence is preferred. The job is a high trust position with access to systems, control data, customer information and demographics, sales data, and other Oracle proprietary or confidential data.Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others.Detailed Description and Job RequirementsManage the development and implementation process of a specific company product.Manage the development and implementation process of a specific company product involving departmental or cross-functional teams focused on the delivery of new or existing products. Plan and direct schedules and monitor budget/spending. Monitor the project from initiation through delivery. Organize the interdepartmental activities ensuring completion of the project/product on schedule and within budget constraints. Assign and monitor work of systems analysis and program staff, providing technical support and direction.Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. Seven years of project management, product design or related experience preferred.As part of Oracle's employment process candidates will be required to successfully complete a pre- employment screening process. This will involve identity and employment verification, professional references, education verification and professional qualifications and memberships (if applicable).**Job:** **Information Security Engineering***Organization:** **Oracle***Title:** *Senior Assurance Engineer***Location:** *CO,Colorado-Broomfield***Requisition ID:** *21000FXN***Other Locations:** *US-VA,Virginia-Reston, United States*"