Skills & Experience:
- Establish/understand client control objectives
- Align design to industry standards of COSO/COBIT/SOX/GDPR/NIST/ISO27001 security frameworks
- Survey, assess and measure enterprise risk related to Oracle Cloud ERP transactions, operations
- Develop governance and control within the greater enterprise risk infrastructure
- Write Policies
- Translate policies to Oracle Risk Cloud controls
- Design, implement, test Oracle Risk Cloud controls
- Detective & Process Controls - design and build across Access, Configuration and Transactions
- Preventative Controls - requirements, analysis, write controls across multiple modules, create reports and alerts
Oracle Risk / GRC Advanced Access Controls (AAC) & Configuration Controls
- Design and build Access Controls definition
- Create Segregation of Duties (SoD) roles, functions, reporting
- Capture Preventative SoD requirements, build
- Perform SoD simulations
- Analysis, recommend cross-platform risk and controls
- Report and remediate SoD violations
- Capture, audit, report on application configuration changes
Oracle Risk / GRC Transaction Controls & Preventative Controls
- Capture requirements and design Transaction Controls
- Configure Duplicate payments sensoring, Employee reimbursements controls
- Design and build - continuous audit automation
- Concentrate on high risk operations workstreams: Procure to Pay, Expenses, cash out
Oracle Risk / GRC Advanced HCM Controls
- Data Privacy and Security Analysis
- Payroll and Payment fraud detection rules define
Experience level:
- Bachelors Degree or equivalent work experience
- Typically five plus years security and / or cyber risk management experience in a mid- to large-enterprise environment
- Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles
- Privacy knowledge CCPA/CPRA, LGPD, GDPR, etc.
One or more of the following Certifications (preferred): CISSP, CISM, CISA, CRISC