This role plays a pivotal part in strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.

Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments.  May conduct and document complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.

Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc.  Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business.Threat and Vulnerability Management:  May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.

Incident Management and response:  Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.

Digital Forensics:  May conduct data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.

Other areas of focus may include duties managing Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.
Compiles information and reports for management.