SaaS Compliance SOX IT Compliance Analyst The SaaS Compliance SOX organization supports and maintains the compliance of Oracle’s internal financial systems by way of continuous monitoring of Oracle’s internal IT SOX controls. Successful candidates for this role must be comfortable taking a leadership role with regulatory compliance in a fast-paced organization. Candidates will be expected to lead the monitoring of SOX IT regulatory compliance requirements. A background in continuous monitoring and assessment of compliance frameworks is desired. A working knowledge of the SOX framework is required. SOC1, SOC2, PCI and HiPAA compliance frameworks and similar skill and experience is a plus for the right candidate. Primary responsibilities of this role will include: Working with Oracle’s external auditors in leading walkthroughs, overseeing tests of design and operational effectiveness of Oracle’s IT general controls; Coordinating and performing SOX program testing/auditing of IT General Controls with control owners and their management; Evaluating IT General Control deficiencies for impact and perform risk assessments and root cause analysis to determine appropriate management actions. Monitor management’s associated remediation efforts to closure, including review of supporting evidence; Engaging, developing relationships and maintaining open communication with a wide variety of cross functional internal resources and management as appropriate; Assessing new products, systems, databases or changes to existing processes to identify financial and operational risks before launch, providing guidance and identifying improvements to control design; Leading benchmarking and other initiatives to improve controls, make processes more efficient, effective, and/or reduce cycle time for SOX IT compliance; Evaluating applicable global standards & compliance frameworks to establish internal standards, guidelines, policies, processes, and procedures; Creating and maintaining supporting documentation for SOX compliance testing and risk assessment reviews; Other duties as assigned. Qualifications: CISA, CISSP, CRISC, CISM, ISO 27001, Security , PMP and other security certifications preferred 5 years relevant experience and a BA/BS degree Exceptional communication and project management skills Ability to meet stringent deadlines in a fast-paced environment; demonstrates sense of urgency and should be results driven Internal and 3rd party auditing experience, preferred Technical acumen and the ability to understand and interpret technical specifications Experience working in Information Technology, Cloud or managed hosting services, preferred Technical knowledge of Oracle Applications and Database and/or infrastructure components, preferred *********************************************** Be able to complete one or more background investigations and/or appropriate security clearance(s) as required by government contracts and due to applicable laws, regulations, and executive orders. Assists and supports the organization in complying with, as well as the ongoing preparation, testing and monitoring of conformance to, the requirements of government regulations and/or regulatory agencies. Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Respond to security related requests and RFPs . Update and maintain internal and externally facing security documentation. Coordinate and facilitate 3rd party audit activities. Maintain and track required security training for the GBUS. Maintain and update security and compliance reporting. Facilitate vendor security assessments as needed. Manage security and compliance related projects for the GBUs. Job duties are varied and complex utilizing independent judgment. Ability to travel. 5 plus years experience. BA/BS or advanced degree preferred. CISA, CISM, CISSP, CIPP desired. Experience with IT auditing and controls, preferable with SOX, SSAE 16 – SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002. Have an understanding of security standards and risk management. Excellent written and verbal communication skills. Ability to adjust and adapt to changing priorities in a dynamic environment. Technical acumen and the ability to understand and interpret technical specifications. Technical knowledge of Oracle Applications and Database and/or infrastructure components. Project Management Skills. This employer is a corporate member of myGwork, the business community for LGBTQ+ professionals, students, inclusive employers & anyone who believes in workplace equality.