Security and Privacy Compliance Principal

This position will support the Security and Privacy Compliance organization. The individual will support our governance, risk, and compliance (GRC) practices, working on projects to ensure compliance with regulations and compliance to obligations with our customers. 

A key responsibility of this position will be the growth and maintenance of the incident reporting and response program within the risk management program. The candidate will manage the incident reporting and response program, including managing the tabletop exercise and the review, communication, and escalation process for security events, and ensuring we meet compliance obligations with our processes. This position will manage other compliance projects such as third-party audits (e.g. SOC 1/ PCI-DSS, etc.), risk assessments, or product compliance consulting projects, including HIPAA/Healthcare expansion programs. This role will include conducting research on compliance requirements, performing or managing assessments, and reporting findings to stakeholders. They will ideally have extensive experience in compliance, audit, project management, security, privacy, and software development lifecycle standard methodologies. 

This position will require coordinating, communicating, and working effectively with internal process owners, internal and external auditors, and all levels of management. The candidate should understand IT and security risks, general IT controls and security controls, as well as risk mitigation and issue remediation. Key skills would be IT audit and security event management, including understanding security issues identified, as well as potential exposure and needed mitigation and remediation. 

Career Level - IC4

• Manage security incident reporting and response program
• Manage reporting and response for individual security events that occur
• Assist with tabletop exercises to test processes 
• Ensure tabletop exercises comply with internal and external audits
• Maintain standards and controls documentation with SMEs and ensure compliance with internal and external audit 
• Ensure processes are followed, relevant controls are performed, and the process and controls comply with internal and external audits
• Assist with security and privacy risk assessments of our services
• Assist with security and privacy risk assessments of our suppliers 
• Assist with audit, risk, governance, or consulting compliance projects as appropriate 

The position prefers experience in IT compliance, audit, software development lifecycle (SDLC), and security best practices in a SaaS/Cloud environment.

Additionally, the below will be considered in hiring the appropriate candidate: 

• Candidate must possess at least a Bachelor's/College Degree, preferably in Audit/Finance/Accountancy/Information Systems/Banking or equivalent 
• At least 8 year(s) of working experience in IT Compliance, Audit, Risk Management, Incident Response, or related field is preferred for this position
• Candidate should be a either CPA, CISA, CRISC, CISM, CISSP, or maintain a similar certification in information systems or information security 
• Candidate should understand security issues identified, including potential exposure from security issues, required mitigation, and remediation steps needed
• Candidate should have hands-on working knowledge of and experience with ITGC, including deficiency risk and mitigation documentation 
• Experience with and working knowledge of risk assessments is preferred
• Experience and working knowledge of security-related technology (e.g. Identity Management tools, Firewalls, etc.) is preferred 
• Working knowledge of ERP systems (e.g., NetSuite, PeopleSoft FDM and Oracle eBusiness) security standards and implementation is preferred
• Exposure to cloud environment is preferred
• Experience with SOC audits and ISO27001 is preferred 

Range and benefit information provided in this posting are specific to the stated locations only

CA: Hiring Range in CAD from: $76,700 to $167,600 per annum.


Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle’s differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s challenges. We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity. 

We know that true innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing an inclusive workforce that promotes opportunities for all.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.