Governance Program Manager - Risk & Resilience

Position: Governance Program Manager 3- Risk & Resilience
** Job Description*
* ** About the Role*
* Oracle Cloud Infrastructure (OCI) is building the next generation cloud to support demanding hyperscale and AI/ML workloads. The Cloud Compliance & Assurance organization serves as the keeper of customer trust at OCI, ensuring that Oracle Cloud IaaS, PaaS, and SaaS services meet the high compliance standards our customers expect.

We are seeking a driven, curious, and collaborative technical professional with a proven track record of elevating security and compliance standards for complex cloud and AI/ML services.

** The Team*
* The Oracle Cloud Governance team is responsible for risk management, resilience, and crisis management across our cloud services. As a Governance Program Manager, you will partner with subject matter experts across Oracle to conduct risk assessments and establish resilience measures that ensure service availability.

This role offers a unique opportunity to partner with teams across Oracle Cloud and the broader organization to manage risk within acceptable thresholds. Projects in our organization are complex and highly visible to senior leadership. Successful candidates combine deep technical expertise with strong relationship-building skills to drive program success. This role is integral to reducing organizational risk and achieving regulatory compliance.

** Required Qualifications*
* + 5+ years of experience in program management, risk management, or governance roles within technical or operational environments

+ Proven track record conducting enterprise risk assessments and developing mitigation strategies

+ Experience designing and facilitating tabletop exercises and business continuity simulations

+ Demonstrated ability creating resilience documentation, including business continuity plans, disaster recovery plans, and incident response procedures

+ Strong understanding of compliance frameworks (e.g., ISO 27001, NIST CSF, SOC 2, GDPR, SOX)

+ Excellent stakeholder management skills with ability to communicate complex risk concepts to technical and non-technical audiences

+ Strong analytical and problem-solving capabilities with exceptional attention to detail

+ Ability to manage and deliver multiple concurrent projects with aggressive timelines

+ Bias for action with iterative delivery approach

+ Superior communication skills across all formats (interpersonal, verbal, written, presentation)

+ Self-starter with positive attitude and collaborative mindset

** Preferred Qualifications*
* + Professional certifications: PMP, CRISC, CISA, CISM, or CBCP

+

Experience with data center operations, infrastructure management, or critical facilities

+ Knowledge of operational resilience principles and third-party risk management

+ Background in highly regulated industries

+ Experience coordinating audits and evidence collection

+ Master's degree in relevant field

** Responsibilities*
* ** Typical Activities*
* + Design and execute comprehensive risk assessments across technology infrastructure, operations, and business processes

+ Evaluate individual sites and services for compliance with the established resilience framework, partnering with service teams to design and implement business continuity, disaster recovery, and crisis management controls where gaps are identified

+ Create and facilitate tabletop exercises and simulations to test preparedness and identify capability gaps

+ Monitor compliance with regulatory requirements and industry frameworks

+ Prepare executive-level reports and dashboards communicating risk posture, compliance status, and resilience metrics

+ Collaborate with cross-functional teams to identify, document, and track risks, controls, and remediation activities

+ Maintain governance documentation, policies, and procedures reflecting current practices and regulatory requirements

+ Coordinate with internal and external auditors to support compliance validation

+ Conduct gap analyses against compliance frameworks and develop remediation roadmaps

+ Partner with technical teams to understand infrastructure dependencies and potential single points of failure

+ Track and report key risk indicators (KRIs) and key performance indicators (KPIs)

Disclaimer:…