Consulting Technical Manager

MUST CURRENTLY HOLD AND HAVE THE ABILITY TO MAINTAIN A US Clearance of TS/SCI with Poly

 

JOB DESCRIPTION

As the Information Systems Security Analyst for various programs within GDI, you will serve as the primary subject matter expert leading and assisting all assessment & authorization (A&A) efforts using the NIST Risk Management Framework (RMF) on behalf of various customers across the organization.  You will evaluate corporate security related requirements and assess individual project’s compliance with the requirements. 

This individual will work side-by-side with the Information Systems Security Engineer (ISSE) and serve as a trusted security advisor for our customer.  In this role, you will conduct cybersecurity analysis of systems for a variety of project teams in preparation for A&A accreditation and as part of our customer continuous monitoring approach to risk management. As part of these efforts, you will review, validate, and in many cases, work with project teams to develop key documents that make up a system’s body of evidence. This includes System Security Plans (SSPs), Contingency Plans (CP), Access Control Plans (ACP), and more.

You must be able to cover all activities that support the NIST RMF and A&A process, which includes, but is not limited to, defining systems, identifying risks, identifying, and implementing protective measures in line with various accreditation levels, analyzing system designs, and assisting with A&A issues that may prevent a system from receiving authorization.

SPECIFIC RESPONSIBILITIES:

• Serve as a security advisor for project teams on all initiatives that may have an impact on security. As part this, the ideal candidate will be able to act as liaison between the project teams and key members of cybersecurity leadership.
• Initiate and drive the A&A process for all new project systems.
• Ensure all “keep-the-lights-on” cybersecurity related activities (e.g., vulnerability scans, access reviews, etc.) are performed at the frequency required to remain in compliance with accreditation requirements. 
• As part of A&A preparation efforts, proactively identify potential risks associated with systems and advise on mitigation strategies.
• Drive efforts to produce appropriate artifacts to support A&A control responses.
• Identify and work with key A&A stakeholders to ensure all system documentation is kept up to date and reflects current security configurations, architecture, and data flow.
• Participate in all A&A status and technical exchange meetings (TEM) and facilitate discussions around control responses. You will be working with non-security minded team members; you must be able to explain/breakdown controls and security concepts to help the team provide you with responses. If a protective measure is not in place, you must be able to think in terms of compensating measures and processes.
• Be able to analyze, interpret, and apply changes to A&A control requirements and Federal cybersecurity guidance with respect to customer systems.
• Be able to communicate the current state, and discuss future state, security posture of customer systems to Oracle and Customer leadership and/or via designated reporting mechanisms.
• Conduct thorough reviews all vulnerabilities from malware scans, as well as architecture, and defense-in-depth strategies and report findings in POA&Ms document.
• Works with the customer counterparts directly to manage expectations, respond to tasking, quality of deliverables, and resolution to concerns.
• Understands the greater Oracle product suite and how its applied on the program.
• Hold regular technical team meetings to track progress against high priority items while ensuring framework and best practices are being followed.
• Resolve specific technical issues by coordinating appropriate resources with the customer, PMO and internally within Oracle teams as appropriate.
• Report project status to PMO and to Customers.
• Must prioritize tasking with little oversight and navigate conflicting.

Career Level - IC4

The ideal candidate would possess the following knowledge, skills, and abilities:

• Experience in managing and executing system level A&A efforts using NIST RMF and NIST 800-53 to help project teams achieve and maintain Authority to Develop (ATD), Authority to Connect (ATC), and/ or Authority to Operate (ATO)
• Experience working with Cybersecurity policy, procedures, and process documentation. Experience must demonstrate your ability to:
  • Create procedure, process, and plan documentation from scratch in alignment with customer cybersecurity and accreditation requirements.
  • Perform gap assessments on existing documentation to identify missing information in alignment with control requirements. Work with system owners and system administrators to update documents with the correct language.
  • Update procedures, processes, and plans in accordance with customer needs and changes in Cybersecurity federal regulations and/or accreditation requirements.
• Excellent oral and written communication skills with the ability to explain cybersecurity concepts and NIST 800-53 controls to non-technical team members and members of leadership.
• Must demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently, and accurately in a dynamic and fluid environment.
• Ability to work independently and as part of a team.
• Knowledge of systems engineering as applied to defense and intelligence architectures, to include Cloud computing, PaaS, and SaaS.
• Demonstrated understanding of technical management, project delivery and execution.
• Detail-oriented with strong organizational skills.
• Proactive problem solver with a focus on continuous improvement.
• Strong oral and written communications to support interaction with multiple Oracle internal and customer organizations.
• Demonstrated experience in planning and leading Security Engineering efforts.

 

Required Credentials and Experience: 

• Bachelor’s Degree in in engineering, computer science, or related discipline and 8+ years of relevant experience
• 3+ years’ experience analyzing and advising on securing IT infrastructures on-premise and/or in the Cloud.

 

Desired Certifications: 

• Security+, CISSP, Network+, GSEC

Security Clearance: 

• Must possess or be able to obtain and maintain a TS/SCI security clearance with Polygraph 

Disclaimer:

Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.

Range and benefit information provided in this posting are specific to the stated locations only

US: Hiring Range in USD from: $97,500 to $199,500 per annum. May be eligible for bonus and equity.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle’s differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following:
1. Medical, dental, and vision insurance, including expert medical opinion
2. Short term disability and long term disability
3. Life insurance and AD&D
4. Supplemental life insurance (Employee/Spouse/Child)
5. Health care and dependent care Flexible Spending Accounts
6. Pre-tax commuter and parking benefits
7. 401(k) Savings and Investment Plan with company match
8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
9. 11 paid holidays
10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
11. Paid parental leave
12. Adoption assistance
13. Employee Stock Purchase Plan
14. Financial planning and group legal
15. Voluntary benefits including auto, homeowner and pet insurance

The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.

As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s challenges. We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity. 

We know that true innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing an inclusive workforce that promotes opportunities for all.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.