Security Analyst 3

Should be a certified Lead Auditor / Internal Auditor for ISO27001 standard. Develops and executes Internal audit programs and schedules. Conducting Internal audits to verify compliance to ISO27001 ISO9001 and SOC I / SOC II control assessment / testing and to strengthen Oracles security posture.

Supports the strengthening of Oracles security posture focusing on one or more of the following: Review of Risk Management process and Risk Treatment options; Performing the Root Cause Analysis (RCA) review of regulatory compliance; review of threat and vulnerability management; review of incident management and response; verify compliance to Oracle security policy requirements.
Risk Management: Understanding the applicable information security risks and review of risk assessment process and the risk assessment matrix for the IT systems applications practices and procedures.
RCA Good understanding of Root Cause Analysis. Finalization of action plans and verification of effectiveness of corrective and preventive measures.
Regulatory Compliance: Basic understanding and knowledge of compliance to industry and government standards and regulations e.g. PCI-DSS HIPAA FedRAMP GDPR etc.
Threat and Vulnerability Management: Fair understanding of management of information security threats and vulnerabilities. Basic knowledge of Penetration Testing is desirable.
Incident Management and response: Should have fair understanding of Incident Management processes.
Other areas of focus may include duties managing Information Security awareness programs.
Should be capable of writing the internal audit observations and sound knowledge of audit report preparation.
Good understanding of Information security controls for the Cloud Infrastructure.

Minimum of 3 years experience in Information Security and Management systems. At least 2 years of experience in the areas of Information Security Audits and Reporting. Which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001 SOC GDPR HIPAA etc.); threat and vulnerability management; incident management and response; etc.
Preferred but not required qualifications include Bachelor-level university degree in a relevant field from an accredited university or equivalent. ISO27001 Lead Auditor CISA other equivalent certification. Experience in performing / executing internal audits and review of risk management process. Basic knowledge and understanding of vulnerability scanning tool (Qualys Nessus etc.).

Career Level - IC3

Supports the strengthening of Oracles security posture focusing on one or more of the following: Review of Risk Management process and Risk Treatment options; Performing the Root Cause Analysis (RCA) review of regulatory compliance; review of threat and vulnerability management; review of incident management and response; verify compliance to Oracle security policy requirements.
Risk Management: Understanding the applicable information security risks and review of risk assessment process and the risk assessment matrix for the IT systems applications practices and procedures.
RCA Good understanding of Root Cause Analysis. Finalization of action plans and verification of effectiveness of corrective and preventive measures.
Regulatory Compliance: Basic understanding and knowledge of compliance to industry and government standards and regulations e.g. PCI-DSS HIPAA FedRAMP GDPR etc.
Threat and Vulnerability Management: Fair understanding of management of information security threats and vulnerabilities. Basic knowledge of Penetration Testing is desirable.
Incident Management and response: Should have fair understanding of Incident Management processes.
Other areas of focus may include duties managing Information Security awareness programs.
Should be capable of writing the internal audit observations and sound knowledge of audit report preparation.
Good understanding of Information security controls for the Cloud Infrastructure.

Minimum of 3 years experience in Information Security and Management systems. At least 2 years of experience in the areas of Information Security Audits and Reporting. Which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001 SOC GDPR HIPAA etc.); threat and vulnerability management; incident management and response; etc.
Preferred but not required qualifications include Bachelor-level university degree in a relevant field from an accredited university or equivalent. ISO27001 Lead Auditor CISA other equivalent certification. Experience in performing / executing internal audits and review of risk management process. Basic knowledge and understanding of vulnerability scanning tool (Qualys Nessus etc.).

Career Level - IC3