Oracle Senior Director, Information Security and Risk Management in Omaha, Nebraska

Work with a world class team to develop, implement, and support cutting edge Oracle technology.

Manages teams supporting and/or implementing large and/or complex multi-functional and/or multi-location projects and/or systems. Defines, documents and manages scope, expectations, implementation approach, deliverables and acceptance testing criteria. Develops and manages an effective risk mitigation strategy for the project(s).

Directs and ensures the implementation of operational policies through subordinate managers Interacts internally and externally with executive management involving negotiation of difficult matters to influence policy. Functional expertise and broad company knowledge. Successful track record in the specialism and as a manager. Detailed knowledge of technical and business concepts of a number of related applications areas. BA/BS degree preferred.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.

SUMMARY

Oracle is seeking a Senior Director, Information Security and Risk Management, to join Oracle s Global Information Security (GIS) leadership team , reporting to the head of Oracle s GIS team. The successful candidate will be a strong leader with excellent communication skills, adept in information security and dedicated to addressing security risk across Oracle Corporation.

The role involves, but is not limited to, the following:

  • Protecting Oracle s brand and reputation

  • Providing strategic direction for information security across the corporation in alignment with corporate strategy and corporate goals

  • Supporting recurring information security updates to Oracle s Audit Committee of the Board of Directors

  • Supporting an annual meeting of the Oracle Security Oversight Committee; preparing the collateral; distributing and chasing actions on committee members; driving implementation of committee directives and decisions

  • Supporting the creation and maintenance of corporate information security-related policies

  • Facilitatingimplementation of Oracle s information security-related policies via global processes, practices, standards and technologies

  • Overseeing, reviewing and enforcing compliance with Oracle policies; information security-related laws and regulations; and customer contractual obligations globally and regionally

  • Identifying, evaluating and prioritizing risk to Oracle s business

  • Partnering with Oracle s Lines of Business (LoBs) to implement information security strategic initiatives to reduce risk to Oracle s business

  • Leading various Global Corporate Programs and initiatives (see responsibilities, below)

  • S upporting Oracle s Sales organization, as required, in customer engagements

  • Supporting Oracle s Marketing organization, as required, especially Security Marketing

  • Providing information security direction, support and guidance to Oracle s LoBs and Corporate Programs

  • Working with key stakeholders to integrate good information security practice into the design of products, services and supporting infrastructure

  • Facilitating business engagement and enablement through promoting good security practice

  • Evangelizing Oracle s information security philosophy and posture internally and externally

  • Partnering closely with Oracle Legal departments, in particular Privacy and Security Legal; Litigation; Compliance and Ethics; Contract Management; Procurement; Employment; Supply Chain; Operations; Commercial; and Regional Legal

  • Partnering with HQ_Apps, as required

  • Recruiting world-class information security professionals

  • Providing risk management oversight among Oracle s LoBs so resources are focused on key areas of threat and vulnerability

  • Providing information security governance and compliance management oversight

  • Mentoring staff and promoting career development and continuous learning

  • Ensuring GIS staff are up-to-date with the latest techniques and technologies that enable them to do the best job possible

  • Representing and championing Oracle at industry peer events

  • Provide direction for GIS reviewing, editing and approving customer contracts, requests for proposals, requests for information, and questionnaires

  • Partnering closely with Oracle Business Assessment & Audit, including assisting in identifying and prioritizing areas suitable for audit; reviewing draft BA&A audit reports

  • Assisting in information security reviews of projects and systems subject to Corporate Security review

  • Providing security technical advice and support, and technical expertise to Oracle colleagues including Oracle s Chief Privacy Officer and Chief Privacy Strategist, and to Oracle s Product Development organizations

Areas of Responsibility include, but are not limited to, the following:

  • Direct, lead, and manage a team with a primary focus:

o Information security risk management

  • Support teams responsible for:

o Compliance and Risk

o Incident Response and Management

o Penetration Testing and Security Reviews

o Mergers and Acquisitions Risk Assessment and Remediation

o Investigations, including into Security Breaches

o Policy development and management

o Policy exception management

o Security Education, Awareness and Communications; provision of advice, guidance, FAQs, good practice documentation, etc.

o GIS Systems

o Regional Information Security

o Investigations

o Desktop Forensics (for eDiscovery and Investigations)

o Cloud Forensics (for Incidents and Investigations)

o Cloud Security oversight

  • Support the management of corporate programs:

o Supplier Security Program

o Information Security Managers Program

o PCI (Payment Card Industry) Data Security Compliance Program (for Oracle as a merchant)

o ISO27001/2 Certification Program (facilitating ISO Certification for relevant LoBs)

SKILLS, EXPERIENCE & QUALIFICATIONS:

  • Degree level qualification or commensurate experience

  • Minimum of 15 years related information security experience to include risk management

  • Minimum of 5 years of experience in an information security leadership role

  • Expert understanding of the fundamentals of information security with the demonstrable ability of practical application in a cloud services delivery environment

  • Excellent verbal and written communications skills with strong affinity for public speaking, and ability to represent Oracle in security engagements with policymakers, customers and other third-parties

  • Strategic, vision-based leadership with an ability to turn strategic thinking into effective tactical and operational activity

  • Demonstrated success in managing a high-performing, cross-functional team managing multiple initiatives across a variety of knowledge areas

  • Strong business acumen along with a proven ability to influence and gain buy-in at the executive level across Oracle s divisions, regions and Lines of Business

  • Ability to keep up with evolving technological changes relating to security

  • Enthusiasm for involvement in new projects and initiatives

  • Ability to effectively manage multiple strategic initiatives in a dynamic, fast-paced environment

  • Professional qualifications preferred: Computer Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), Certified in Risk and Information Security Control (CRISC), Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK)

  • Strong technical background and knowledge including Oracle technology and supplier technologies

  • Management skills information security and risk management; building and managing internal and external relationships

  • Familiarity with risk assessment methodologies

  • Ability to lead change

  • Leadership and motivational skills

  • Promoting business ethics

  • Meeting management skills

  • Conflict management and resolution skills

  • Diplomacy

  • Problem-solving mentality

  • Ability to compromise, as required

  • Organizational awareness and sensitivity

  • Process orientation

  • Pragmatism

  • Keen understanding of business drivers and needs

  • Business-results orientation

  • Influencing and negotiation skills

  • Performance management

  • Biased towards team-working

  • Consistent track record of creating programs and evolving them to a high level of maturity

Job: *Information Technology

Organization: *Oracle

Title: Senior Director, Information Security and Risk Management

Location: United States

Requisition ID: 18000IHH