The Oracle Public Sector Saas Compliance team is responsible for the authorization, audit & assessment coordination, continuous monitoring, security and information risk advisor services, of Oracle’s Public Sector and Restricted Realm Saas offerings in North America. This team supports FedRAMP, DoD Cloud SRG (l. L-4/5), and Classified Cloud efforts. This role is part of the Continuous Monitoring Reporting & Tooling Team, and will support vulnerability management and analysis efforts within the U... more details
The Oracle Public Sector SaaS Compliance team is responsible for the authorization, audit & assessment coordination, continuous monitoring, security and information risk advisor services, of Oracle’s Public Sector and Restricted Realm SaaS offerings in North America. This team supports FedRAMP, DoD Cloud SRG (lL-4/5), and Classified Cloud efforts.
This role is part of the Continuous Monitoring Reporting & Tooling Team, and will support vulnerability management and analysis efforts within the US Restricted Realms. This role will work as part of a team of analysts to ensure that our vulnerability management tooling is functioning correctly and reporting information to internal stakeholders. As part of this internal facing function, this role will also drive internal escalations for critical vulnerabilities and other escalations in accordance with our ConMon performance management thresholds. Additionally, this role supports reporting to external stakeholders, including FedRAMP PMO, DISA Cloud representatives, and Federal Agency representatives.
Qualifications
Eligibility for TS/SCI government security clearance
5+ years experience
Project Management skills
Strong knowledge of US Government Risk Management Frameworks and authorization processes, such as FedRAMP, DoD Cloud SRG, ICDs, NIST, DIACAP, JSIG, NISPOM
Extensive experience in creating and managing Plans of Action and Milestones (POA&Ms) for addressing security vulnerabilities identified during weekly/monthly vulnerability scanning as well as FedRAMP assessments.
Proficiency in tracking remediation efforts, ensuring timely resolution of vulnerabilities, and maintaining accurate records of remediation activities.
Ability to coordinate with various teams to gather necessary information, document remediation plans, and ensure compliance with FedRAMP timelines and requirements.
Strong understanding of FedRAMP deviation management, including identifying, documenting, and tracking deviations from standard security controls.
Expertise in analyzing scan results to identify vulnerabilities, assess their severity, and prioritize remediation efforts based on risk.
Proficiency in generating detailed reports and summaries of vulnerability scan findings and presenting them to stakeholders for informed decision-making.
In-depth knowledge of FedRAMP inventory management requirements, including maintaining an accurate and up-to-date inventory of all systems, components, and software within the authorization boundary.
Strong knowledge and ability to demonstrate interpretation and analysis of NIST 800-53 Rev5 Security Controls
Excellent written and verbal communication skills.
Preferred Qualifications
BA/BS or advanced degree
CISA, CISM, CISSP, CIPP desired
Experience working in governance and compliance for a large corporation
Experience working in Information Technology, Cloud or managed hosting services
Experience working with a large audit firm on IT or security audits
Knowledge of Oracle Applications and Cloud components.
Knowledge and understanding of GRC systems, such as xacta
Experience working with industry standard scanners (such as Tenable Nessus, Qualys, OpenSCAP, etc)
Job Abstracts is an independent Job Search Engine. Job Abstracts is not an agent or representative and is not endorsed, sponsored or affiliated with any employer. Job Abstracts uses proprietary technology to keep the availability and accuracy of its job listings and their details. All trademarks, service marks, logos, domain names, and job descriptions are the property of their respective holder. Job Abstracts does not have its members apply for a job on the jobabstracts.com website. Additionally, Job Abstracts may provide a list of third-party job listings that may not be affiliated with any employer. Please make sure you understand and agree to the website's Terms & Conditions and Privacy Policies you are applying on as they may differ from ours and are not in our control.
We would like to take a second to Welcome You to Job Abstracts, the nation’s largest Pure Job Board. With over 3.1 million job listings from 15,000+ Companies & Organizations, we help job searchers find careers that match their interests. As an anonymous user, you have probably discovered how easy our system is to use. However, you have just scratched the surface of what we can offer.
We encourage you to Register so you can use our most powerful features: searching with multiple terms, setting up multiple locations, establishing favorite companies, and accessing your search history. If you find a job you like, you can apply directly for it, and then, keep notes on it. We will also keep a lookout for jobs that match your search terms and email you when we find something you may like.
You can register for free and the system is free to use. If you like our system so far, click on Register and unlock the power required by serious job searchers.
Any time you conduct a search, the system shows you job matches, ranked by their Relevance Score (RS).
The score is calculated by a proprietary algorithm that uses Intelligent Machine Learning.
The Relevance Score tells you how well the job opportunity matches your search term or terms.
When not logged in, the system is limited to one search term. Scores for single term matches are usually lower.
When you register, log in, and set up multiple terms prioritized by importance, the jobs found for you will receive a much higher Relevance Score.
