Oracle IT Compliance Manager - NetSuite Division in Raleigh, North Carolina
IT Compliance Manager - NetSuite Division
currently looking for an IT Compliance Manager to focus on the NetSuite
Perform gap and readiness assessments for compliance obligationsfocused on security (i.e. PCI-DSS, ISO 27001, SOC 1, SOC 2, etc):
Agree objective, goals, and scope of the project with seniormanagement. Obtain management support and commitment of resources for theassessment
Build audit programs, including audit plan, process, scope,procedures, questionnaires and schedules
Assess adequacy of existing policies, processes, and controlsagainst the requirements of the compliance obligation
Work with management to draft and implement remediation plans tomitigate identified issues and risks, and improve processes and controls
If working with staff, review staff output, provide guidance onproject next steps, and supervise and guide staff in working with internalcustomers
Perform periodic audits of IT projects, applications, operationsand environments for adherence to corporate security policies andguidelines.
Serve as subject matter expert for security compliance obligationsand liaise with executive and senior management, operational and applicationteams and Internal and External Audit to identify areas of concern, develop therelevant solutions, provide management response, track progress and drive actionsto completion.
Assist in performing on-going periodic information security riskassessments and business impact analysis to ensure key business risks areproperly identified and mitigated by management.
Enforce compliance with policies in conjunction with internalaudit, developing, managing and monitoring security over businessprocesses.
Maintain controls documentation with SMEs and ensure compliancewith Internal and External Audit.
Provide guidance and advice to the organization with currentinformation on related regulatory issues and compliance technologies.
Experience in data privacy an advantage but not required
Highly independent, withhigh ethical standards and integrity
Experience in program orproject management
Experience and workingknowledge of security related technology (e.g. Identity Management tools,Firewalls, etc.)
Working knowledge of ERPsystems (e.g. NetSuite, PeopleSoft FDM and Oracle eBusiness)
5-7 years’ experience inperforming IT Audit/ IT Compliance assessments/ Gap assessments, ideally forPCI-DSS, ISO 27001, SSAE 16/ISAE 3402/SOC 1, SOC 2 or NIST 800.
In-depth knowledge andexperience of PCI-DSS, ISO 27001, SSAE 16/ISAE 3402/SOC 1, or SOC 2 highlyessential. Knowledge of NIST 800 an advantage
Experience with privacyrequirements, such as Model Clauses, GDPR, and related security and privacypolicies, processes, and regulations an advantage.
Effective communicationand presentation skills
Experience dealing withall levels of management and across different teams, including managingconflicts
Exposure to cloudenvironment security standards and implementation an advantage
job description above is the most relevant for this position. Disregard
Detailed Description and Job Requirements
Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies.
Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Respond to security related requests and RFPs . Update and maintain internal and externally facing security documentation. Coordinate and facilitate 3rd party audit activities. Maintain and track required security training for the GBUS. Maintain and update security and compliance reporting. Facilitate vendor security assessments as needed. Manage security and compliance related projects for the GBUs.
Job duties are varied and complex utilizing independent judgment. Ability to travel. 5 plus years experience. BA/BS or advanced degree preferred. CISA, CISM, CISSP, CIPP desired. Experience with IT auditing and controls, preferable with SOX, SSAE 16 - SOC 1 and SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 and ISO 27002. Have an understanding of security standards and risk management. Excellent written and verbal communication skills. Ability to adjust and adapt to changing priorities in a dynamic environment. Technical acumen and the ability to understand and interpret technical specifications. Technical knowledge of Oracle Applications and Database and/or infrastructure components. Project Management Skills.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.
Job: Business Operations
Other Locations: US-NC,North Car-Durham
Job Type: Regular Employee Hire