Regulatory Compliance Specialist IV

Profile

Regulatory Compliance Specialist IV

The candidate manages an audit program portfolio for SOC, Healthcare (HIPAA, HITRUST), Finance (PCI), or SaaS@Customer to support and maintain existing audit compliance efforts and regulatory compliance obligations, and to support program improvements and opportunities. Leads and manages SOC, Financial, Healthcare, SaaS@Customer and potentially other audit assessments/certifications, documentation, conducts analysis of control weaknesses and reports results on a continuous basis. Plans, leads, and executes audit engagements with third-party auditors. Evaluates the effectiveness of the internal controls, business processes, and corresponding evidence, in alignment with industry and regulatory requirements and expectations. Creates and complete projects to assist in improving organizational efficiency and effectiveness, and minimize organizational impact and risk. Provides high quality, professional day-to-day execution of audit engagements. Conducts business process reviews to both assess the efficiency and effectiveness of operations as well as evaluates the design and operating effectiveness of internal controls. Conducts interactions with third party auditors that exhibits control understanding and confidence. Develops audit programs, working papers, and reports. Effectively communicates audit status to executive leadership. Communicates within the team autonomously and drives the communications across partner teams. Drives clearly defined intra-team issues to resolution. Drives project scheduling, tracking, and communications independently. Significantly contributes to the tooling and processes that are being built to scale compliance for an entire global cloud. Coordinates and facilitates audit preparation and in audit activities. Evaluates regulatory compliance requirements and engages with a variety of cross functional teams. Consults with internal teams on engineering designs and development of cloud-based systems. Evaluates and provides reasonable assurance that risk management, control requirements, and governance systems are functioning as intended and will enable the organization's objectives and goals to be met. Reports risks of internal control deficiencies and provides recommendations for improving the organization's operations, in terms of both efficient and effective performance. Evaluates information security and associated risk exposures. Evaluates regulatory compliance program with consultation from legal counsel. Evaluates the Service's audit readiness. Maintains open communication with management and teams across Cloud Operations. Engages with other internal and external strategic resources as appropriate. Evaluates applicable global standards & compliance frameworks to establish internal standards, guidelines, policies, processes, and procedures. Designs, develops and publishes internal program frameworks, checklists, and procedures using creative publishing and editing software tools. Systematically and comprehensively documents the Cloud Service's compliance program. Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies. Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Support the creation of a comprehensive risk management and regulatory oversight program, including specifications for product and service design aligned with Software Security Assurance and Security Architecture. Reviews specifications. Develops training for GBU development, cloud services, services and operations teams on industry regulatory specifications applicable to their products and services. Executes risk assessments and evaluate risks to the business and develop risk mitigation strategies. Works with members of GBU development, cloud services, services and operations teams to incorporate applicable industry regulatory standards, security policies and customer-contractual obligations into GBU processes and standards. Coordinates industry and regulatory certifications, including managing certification vendors (e.g., PCI, HIPAA,HITECH, ISO, SOC2). Builds security documentation and collateral for customers and internal users allowing security to be a differentiator in this GBUs. Builds management level metrics and reporting for activities that are owned by the Risk Manager. Executes a vendor security program.

Additional Information

Req. #: 20000IT7

Company info

Oracle Corporation
500 Oracle Parkway
Redwood Shores
California
United States 94065
Phone : 650-506-7000
Website : http://www.oracle.com