Develops and executes programs and processes to reduce information security risk and strengthen Oracle’s security posture.
Supports the strengthening of Oracle’s security posture, focusing on the following: incident response; threat and vulnerability management; risk management; security policy development and enforcement; digital forensics

Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.

Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.
Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.
Digital Forensics: May conduct data collection, preservation, and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.

Other areas of focus may include duties managing Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.
Minimum qualifications:  3 years of experience in information systems with at least 2 years in one of the following: Information security risk management; information security program management; Industry/Government security compliance program management; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc.
Preferred but not required qualifications include:  Experience managing security incidents and vulnerabilities through their life cycle. Experience designing and developing automated process for responding to possible network intrusions. Experience with at least 1 automation language or framework (Python, Ruby, SALT, Terraform, etc.). Possess at least one of the following certifications: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA , GCIA, GCIH, GICSP, Cloud , SCYBER, PenTest