We are seeking a results-driven Principal Program Manager to lead and elevate our Oracle Health Release Management function. This strategic role involves orchestrating end-to-end processes to reduce critical vulnerabilities, oversee OWASP 3rd-party dependency checks, manage SAST (Static Application Security Testing) findings, and address container security vulnerabilities.

As the driving force behind our application security efforts, you will work closely with development, DevOps, and cybersecurity teams to ensure secure releases and mitigate risks effectively. This is an excellent opportunity to blend your technical expertise and program management skills to make a tangible impact on Oracle Health application security.

 

Key Responsibilities

Technical and Program Leadership

Develop and manage the overall program for application security release management, aligning with organizational objectives and security standards.Establish, monitor, and refine KPIs to measure progress in vulnerability reduction and secure software delivery.Lead cross-functional efforts to streamline and integrate security checks into CI/CD pipelines, enabling secure and timely releases.

Vulnerability Management and Mitigation

Drive the resolution of all critical vulnerabilities, prioritizing based on business impact and risk exposure.Ensure adherence to security best practices and addressing supply chain risks.Manage security findings and container vulnerability remediation efforts, partnering with development and DevOps teams.

Stakeholder Collaboration

Act as the primary interface between application security, development, DevOps, and business teams to align release goals with security requirements.Foster strong communication and accountability by leading regular status updates, meetings, and executive reporting.Advocate for security by design, integrating it into software development lifecycles (SDLC).Lead product Security Champions to scale reviews and ensure compliance

Risk Reduction and Governance

Establish governance frameworks to track and report on remediation progress, ensuring compliance with internal and external standards.Collaborate with audit and compliance teams to address regulatory requirements and maintain audit readiness.Escalate unmitigated risks appropriately and propose compensating controls where immediate fixes are not feasible following OHSC exception process.

Continuous Improvement

Identify process inefficiencies and lead initiatives to enhance vulnerability management workflows.Stay informed on emerging threats, application security trends, and tools to recommend improvements to the program.Champion a culture of continuous improvement by driving training and awareness programs for development teams. 

Required Qualifications

Education: Degree in Computer Science, Cybersecurity, Information Technology, or a related field. Advanced degrees are a plus.Experience:15+ years of experience in cybersecurity, application security, or DevSecOps, with at least 3 years in a program or project management role.Proven expertise in managing remediation of critical vulnerabilities, dependency checks, SAST, DAST findings, and container vulnerabilities.Deep understanding of application security frameworks, tools, and standards (e.g., OWASP Top 10, NIST, ISO 27001).Certifications:Relevant certifications such as SANS, CISSP, CSSLP, or PMP are highly desirable. 

Desired Skills

Strong knowledge of modern development practices, including Agile, DevOps, and CI/CD pipelines.Hands-on experience with security tools such as Veracode, Checkmarx, SonarQube, Black Duck, Snyk, or similar.Excellent communication and interpersonal skills for engaging technical and non-technical stakeholders.Experience in container orchestration and security, including Kubernetes and Docker.Ability to balance strategic thinking with tactical execution.Navigate ambiguity, change and shifting priorities

If you are passionate about building secure applications and have a proven track record of driving impactful remediation programs, we want to hear from you. Apply now and help shape the future of Oracle Health application security initiatives.

Career Level - IC5