Oracle Health is seeking a Principal Security Risk Leader to define, scale, and operationalize a unified cyber security risk management capability specifically for Oracle Health and Global Industries. This is a senior individual contributor role operating at the intersection of cybersecurity, product development, regulatory compliance, and business strategy.

This leader will act as a trusted advisor to the CISO of Oracle Health and Industries, ensuring that security risk is consistently understood, measured, and managed in alignment with respective business priorities. The role is responsible for establishing a cohesive risk management approach that spans relevant aspects of cyber security risk, enabling clear prioritization, informed decision-making, and measurable risk reduction across a highly federated and complex environment.

This person will work across organizational boundaries without direct authority, influencing LOB leaders in engineering, product, legal, compliance, and commercial teams to adopt consistent and scalable risk practices. This role requires strong executive presence, deep technical and regulatory expertise, and the ability to translate complex risk into actionable business decisions.

---

Only Oracle brings together the data, infrastructure, applications, and expertise to power everything from industry innovations to life-saving care. And with AI embedded across our products and services, we help customers turn that promise into a better future for all. Discover your potential at a company leading the way in AI and cloud solutions that impact billions of lives.

True innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing a workforce that promotes opportunities for all with competitive benefits that support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling 1-888-404-2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

---

Oracle Health is seeking a Principal Security Risk Leader to define, scale, and operationalize a unified cyber security risk management capability specifically for Oracle Health and Global Industries. This is a senior individual contributor role operating at the intersection of cybersecurity, product development, regulatory compliance, and business strategy. This leader will act as a trusted advisor to the CISO of Oracle Health and Industries, ensuring that security risk is consistently understood, measured, and managed in alignment with respective business priorities. The role is responsible for establishing a cohesive risk management approach that spans relevant aspects of cyber security risk, enabling clear prioritization, informed decision-making, and measurable risk reduction across a highly federated and complex environment.

---

Disclaimer:

Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.

Range and benefit information provided in this posting are specific to the stated locations only

US: Hiring Range in USD from: $120,100 to $251,600 per annum. May be eligible for bonus, equity, and compensation deferral.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following:
1. Medical, dental, and vision insurance, including expert medical opinion
2. Short term disability and long term disability
3. Life insurance and AD&D
4. Supplemental life insurance (Employee/Spouse/Child)
5. Health care and dependent care Flexible Spending Accounts
6. Pre-tax commuter and parking benefits
7. 401(k) Savings and Investment Plan with company match
8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
9. 11 paid holidays
10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
11. Paid parental leave
12. Adoption assistance
13. Employee Stock Purchase Plan
14. Financial planning and group legal
15. Voluntary benefits including auto, homeowner and pet insurance

The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.

Career Level - IC5

---

Industry Risk Strategy & Alignment

• Define and drive a unified security risk management strategy across Oracle Health and GIUs
• Establish a consistent risk framework that integrates product, third-party, and operational risk domains
• Develop risk taxonomies, scoring models, and prioritization approaches that support enterprise decision-making
• Align risk management practices to business priorities, cloud migration efforts, and product delivery models

Program Leadership & Transformation

• Lead the maturation of core risk programs, including product security risk assessments, industry specific third-party risk, and customer/regulatory risk response
• Design scalable, repeatable processes that improve risk visibility, accountability, and remediation timelines
• Introduce data-driven approaches to risk quantification, tracking, and reporting
• Drive consistency in how risk is identified, assessed, and managed across a federated organization

Executive Advisory & Stakeholder Engagement

• Serve as a trusted advisor to the CISO and senior leadership on risk posture, tradeoffs, and emerging threats
• Translate complex technical risks into clear, business-aligned insights for executive audiences
• Support high-stakes customer, regulatory, and audit engagements requiring deep security and risk expertise
• Contribute to executive-level reporting on risk posture, trends, and systemic issues

Cross-Functional Influence & Integration

• Lead cross-functional initiatives spanning product, engineering, legal, compliance, and commercial teams for the industries
• Influence adoption of consistent risk management practices
• Drive alignment across Oracle Health and Global Industry verticals in a federated operating model
• Partner with engineering and product teams to embed risk-informed decision-making into development and deployment processes

Customer & Market Engagement

• Support strategic customer engagements, RFPs, and regulatory discussions involving complex security requirements
• Represent Oracle’s security risk posture in discussions with customers, auditors, and regulators
• Help differentiate Oracle Health in regulated markets through credible and mature risk management practices
  

Candidate Profile:

• 10–15+ years of experience in cybersecurity, risk management, or related domains, preferably in large, complex, and regulated environments
• Deep expertise in security risk frameworks (e.g., NIST CSF, ISO 27001, COBIT, etc.) and experience applying them in practice
• Strong understanding of healthcare and regulated industry requirements (e.g., HIPAA, federal or global regulatory environments)
• Proven ability to operate as a senior individual contributor influencing executive stakeholders without direct authority
• Experience leading or transforming enterprise-scale risk management or security programs
• Strong executive communication skills, with the ability to translate technical risk into business impact and action
• Experience with product security, cloud environments, and third-party risk management strongly preferred

Why This Role Matters:

Oracle Health operates in one of the most highly regulated and risk-sensitive environments in the world, but it is part of a broader portfolio of Global Industry Units including retail, hospitality, financial services, utilities, etc. that support mission-critical systems with significant financial, operational, and reputational risk. While these industries face varying levels of regulatory scrutiny, the expectation for strong, defensible security practices is converging across all of them.

Today, effective, security risk management is inconsistently defined and executed across these environments, limiting Oracle’s ability to compare risks, prioritize investments, and demonstrate a cohesive security posture to customers, regulators, and executive leadership. This fragmentation creates gaps in accountability and increases the likelihood of systemic risk going unidentified or unaddressed.

This role is critical to establishing a unified, industries specific approach to security risk management that enables comparability across business units, enforces clear ownership, and strengthens governance without disrupting the autonomy of individual industries. By standardizing how risk is measured, assessed, and reported, this leader will enable leadership to make informed, risk-based tradeoff decisions, allocate resources more effectively, and defend Oracle’s security posture in customer and regulatory engagements.

Ultimately, this role shifts risk management from a fragmented, compliance-driven activity to a strategic capability that drives transparency, enables measurable risk reduction, and positions Oracle to scale securely across healthcare and global industries.