Oracle

Director – Corporate Security Incident Management Operations

Oracle

June 11, 2021

POSITION TITLE
Director – Corporate Security Incident Management Operations
Level M-4
REPORTS TO
Head of Corporate Security Incident Management and Forensics
LOCATION
North America, Central America, South America
GENERAL DESCRIPTION AND POSITION GOAL
The Director of Corporate Security Incident Management Operations reports to the head of Corporate Security Incident Management and Forensics, or another manager as assigned. The incumbent leads the information security incident management operations function at the corporate level. They are responsible for building, developing and managing the corporate incident management team, as well as overseeing active incidents throughout Oracle and overseeing, advising and guiding incident management operations within dedicated Cloud and IT Security teams. The incumbent may also provide technical advice and guidance to other teams within Oracle.
RESPONSIBILITIES/ TASKS
Build, manage and o
versee
a team of incident managers which oversee live security
events
Evaluate and identify scope of security events
including
business impact
Ensure team members
e
xecute fact-finding initiatives in any team engagement
Review team deliverables including
formal reports, draft notices, and action items
Ensure team members deliver updates to key stakeholders as needed during active escalations
Participate
and lead
regular discussions with security stakeholders, security teams, and legal
Record and quantified and qualified areas for improvement
Evaluate and review Root Cause Analysis
Establish KPIs for measuring incident handling
Serve as quality control assessor for incident handling tracking and documentation
Establish and constantly maintain a 2-year roadmap of continual program improvement, with tangible 1-year goals and higher-level longer-term goals
Speak authoritatively with internal stakeholders, peers, and other security teams including delegation of tasks and assuming command of an escalation
Oversee activities of various teams to drive response and resolution of impacting issues within appropriate timeframes
Review and scrutinize security event reports from other security teams to ensure completeness and factual basis
Engage with other lines of business contacts within Oracle as needed for security investigations and resolution
Work directly with Privacy & Security Legal to communicate and review security event
Perform other duties as assigned
QUALIFICATIONS
Required qualifications
University degree from an accredited college or university, or multiple equivalent certifications such as CFR, CISSP, CCSP, CCIM, GCIH, GNFA, CSIH
10
years of experience in information security, network security, or other relevant security focus
Preferred: 5 or more years of successful team management experience
3 or more years of experience in Security Operations with direct involvement of escalations
Ability to project credibility and confidence at all levels of the organization, including legal counsel and executive leadership
Ability to articulate highly complicated topics to both technical and non-technical audiences
Strong technical experience, including multiple operating systems and networking
Expert knowledge of industry incident handling standards and processes.
Exceptional organizational skills, to include detailed note taking abilities
Knowledge of Oracle systems and software preferred
Knowledge of a wide variety of technology solutions and services (networks, operating systems, infrastructure components, application, cloud environment) with an ability to troubleshoot, investigate, and identify problems
Demonstrated problem solving ability with strong deductive reasoning
Required personal characteristics: strong organizational skills; detail-oriented; highly proactive; able to work with a minimum direct-supervision; strong presentation, communication skills with mastery of spoken and written English language; makes accurate decisions in complicated, stressful situations; excellent team player. Comfortable working in a dynamic, fast-paced environment.
Ability to document and transfer knowledge and cross-train others
Available to handle
escalations and high-priority incidents on a 24/7 basis, as required by circumstances and management direction.
Manage a team that is responsible for the information security function, including but not limited to information technology security controls and architecture, information privacy, incident response/investigations and digital forensics, disaster recovery and business continuity, regulatory compliance, communication and training for information security initiatives.
Manages teams that maintain and/or implement information security policies and procedures.
Manages the development, deployment and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology and information systems.
Identifies security architecture, goals, objectives and metrics; analyzes business needs and priorities for protection of critical systems.
Build security programs and assurance initiatives, e.g. threat and vulnerabilities management, incident response management, management of forensic investigations.
Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers.
Develops and executes security systems compliance policies and procedures. Selects, develops and evaluates personnel to ensure the efficient operation of the function.
Minimum 10 years experience in the Information Security field required.
Preferred but not required qualifications include:
Bachelor-level university degree in a relevant field from an accredited university, or equivalent.
6 or more years of successful management experience including 2 or more years as a second level manager.
At least 1 contribution in industry event, paper or project.If you are a Colorado resident, Please
Contact us
or Email us at oracle-salary-inquiries_us@oracle.com to receive compensation and benefits information for this role. Please include this Job ID: 108745 in the subject line of the email.
Innovation starts with inclusion at Oracle. We are committed to creating a workplace where all kinds of people can be themselves and do their best work. It’s when everyone’s voice is heard and valued, that we are inspired to go beyond what’s been done before. That’s why we need people with diverse backgrounds, beliefs, and abilities to help us create the future, and are proud to be an affirmative-action equal opportunity employer.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status, age, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.