Principal Regulatory Compliance Specialist

Job Description

About the Job

Oracle Cloud Infrastructure (OCI) is seeking a highly skilled and detail-oriented Regulatory Compliance Specialist to join our dynamic team. As a key player in our global organization you will be responsible for managing audits and assessments, and informing OCI on regulatory changes so that we maintain a high level of compliance and adhere to all relevant regulations, policies, and standards.

What You Will Do

• We are looking for a regulatory compliance specialist who is looking to grow their career in cloud. You will be responsible for support and implementation of scalable audit programs to support Oracle Cloud Infrastructures growth in regulated markets within the Middle east region with specific focus in Saudi Arabia.
  
  
  

Manage Audits and Assessments

• Plan, manage, lead, and execute multiple audit programs within OCI with third-party auditors.
• Evaluate the effectiveness of controls and corresponding evidence in alignment with audit framework requirements.
• Provide high quality, professional day-to-day execution of audit engagements.
• Conduct interactions with third party auditors that exhibit control understanding and confidence.
• Effectively communicate audit engagement status to executive leadership
• Ability to communicate in remote working environments over video, phone, email, and other tools.
• Provide clear expectations and direction to service/security teams within OCI on audit requirements.
• Review audit evidence from the businesses within OCI and analyze for auditor consumption.
• Communicate within the team autonomously and drive communication across partner teams.
• Drive project scheduling, tracking, and communications up to the Director level independently
• Build, manage, and enhance the efficiency of audit programs as the business scales.
• Collaborate with subject matter experts to refine operating processes to increase the value and scale of our audit programs and decrease the operational impact to OCI
  
  
  

Stay Informed on Regulatory Changes

• Monitor and stay up to date on changes to local, national and international regulations affecting cloud service providers in MEA.
• Analyze the impact of regulatory changes and provide recommendations to the managerial team.
• Conduct regular review and updates of existing policies to ensure ongoing relevance
  
  
  

Regulatory Reporting

• Prepare and submit timely and accurate regulatory reports to relevant authorities in accordance with applicable regulations.
• Work closely with internal teams to gather necessary data and information for reporting purposes.
• Provide clear expectations and direction to security and engineering teams within OCI on audit requirements.
  
  
  

What You’ll Bring

• 7+ years audit program management experience with either a “Big 4” firm, or a mid-level firm.
• 4+ years of above experience in the IT or Cloud industry is preferred.
• Knowledge of industry and regulatory frameworks is preferable, such as, NCA (National Cybersecurity Authority) ECC, NCA CCC, NCA DCC(Data Cybersecurity controls), NIA(Qatar), DESC(Dubai), ISO27001,SOX, SOC,
• Demonstrates ability to identify problem areas in a program and build projects to correct, enhance, reduce the impact of those issues.
• Proven ability to combine business acumen, technical acumen and process expertise to define client (internal/external) engagement and program execution.
• Proven ability to influence & gain buy-in at multiple levels, across divisions, functions and cultures; comfort working with executive level management.
• Demonstrated ability to achieve results through cross-functional, virtual teams.
• Possess ability to explain complex auditing topics to audiences with no auditing experience.
• Ability to prioritize, manage, and deliver on multiple projects simultaneously and partner with management in support of key initiatives and projects.
• Strong bias toward action, flexible, resourceful, and able to operate effectively within a dynamic, fast-paced environment.
• Superior communication skills (interpersonal, verbal, presentation written, email, tickets, etc.)
• JIRA and Confluence experience strongly preferred.
• Display a demonstrated ability to think broadly and strategically.
• Maturity, judgment, negotiation/influence skills, analytical skills, and leadership skills
• Attention to detail, proven analytical and problem-solving skills.
  
  
  

Preferred Qualification

• JIRA and Confluence experience strongly preferred.
• Profession Certification CISA,CISM,ISO27001 LA.
• Bachelor’s degree
  
  
  

Career Level - IC4

Responsibilities

Performs evaluation of internal operations, controls, communications, risk assessments and maintenance of documentation as related to regulatory compliance and recommends appropriate changes. Conducts and facilitates internal and external audits to identify, evaluate, disclose and appropriately remedy risks and deficiencies. Coordinates the preparation of and may prepare document packages for regulatory submissions from all areas of company as well as for internal and external audits and inspections. May serve as point of contact for interactions with regulatory agencies for defined matters. Support the creation of a comprehensive risk management and/or quality management, and regulatory oversight program, including specifications for product and service design aligned with Oracle Software Security Assurance and Security Architecture, and/or Quality Management systems. Review specifications. Develop training for GBU development, cloud services, services and operations teams on industry regulatory specifications applicable to their products and services. Execute risk assessments and evaluate risks to the business and develop risk mitigation strategies. Identify industry requirements applicable to Oracle GBUs, and work with members of GBU development, cloud services, services and operations teams to incorporate applicable industry regulatory standards, Oracle security and/or quality policies and customer-contractual obligations into GBU processes and standards. Coordinate industry and regulatory certifications, including managing certification vendors (e.g., PCI, HIPAA,HITECH, ISO, SOC2). Build security documentation and collateral for customers and internal users allowing security to be a differentiator in this GBUs. Build management level metrics and reporting for activities that are owned by the Risk Manager. Execute a vendor security and/or quality management program.

About Us

As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s challenges. We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.

We know that true innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing an inclusive workforce that promotes opportunities for all.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing [email protected] or by calling +1 888 404 2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.