Responsibilities:

- Understand client’s risk and compliance needs and guide them towards the best solution that can be implemented using Oracle Risk Management Cloud.

- Participate in implementation and support of Oracle Risk Management Cloud such as Advanced Access Controls (AAC) Cloud Services and Oracle Advanced Financials Controls (AFC) Cloud Services, including Financial Reporting Compliance (FRC), to meet customers’ Governance, Risk and Compliance needs

- Create AAC, AFC, & FRC Configuration workbooks (models/controls/security/reports)

- Create AAC, AFC, FRC test scripts and unit test

- Create OTBI Reports

- Prepare for AAC, AFC, FRC process playbacks and drive the process playback sessions with the client

- Create AAC, AFC, & FRC training material and deliver training

- Conduct UAT for AAC, AFC, & FRC

- Assist cutover to production, go-live, and provide post-production support for AAC, AFC, & FRC

- Identify compliance-related issues. Review existing Risk and Control matrix and identify the gaps. Identify controls to document manually as well as to automate (IT General controls, SOD (Segregation of Duties) controls, Sensitive access (SA) controls and transaction controls) that can be added to the existing SOD Matrix based on business processes and system architecture. Develop risk mitigation strategies and oversee remediation efforts for issues identified during audits or through other risk management efforts. Contribute to the development and implementation of auditing and risk management tools, processes, and metrics.

- Maintain a strong understanding of global regulations for compliance, data privacy, and vendor management.

- Participate in discovery workshops and recommend Risk Management controls and analytics based on the client’s Risk Control Matrix and other documentation.

Qualifications we are seeking:

- Oracle Cloud ERP (SaaS) experience preferred

- Oracle ERP Cloud Application Security experience, and/or Oracle GRC (e.g., design, recommend and implement security technical controls)

- Must possess knowledge of business processes such as Procure to Pay (P2P), Records to Report (R2R), Order to Cash (O2C), and Hire to Retire (H2R). This knowledge includes an excellent understanding of the key risks along with the compensating and mitigating controls for these business processes.

- Understanding of Information Security Management principles, Oracle Cloud application security implementation methodologies and role-based access controls.

- Working knowledge desired of common IT governance, control and assurance industry frameworks, including COBIT, RiskIT, IT Governance Institute and ISACA best practices; control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX.

- Familiarity with regulatory compliance and security and risk management standards including ISO 2701-2, PCI DSS, NIST, ITIL, COBIT.

- A working knowledge of internal control standards, requirements and self-audit processes.

- Excellent internal and external communication, solid interpersonal skills, strong organizational and team building skills.

- Outstanding leadership skills with the ability to lead client and team meetings using project management tools and good business judgement.

Education and certifications:

- Oracle Risk Management (ORM) Cloud certification

- Education Bachelor’s or Master’s degree in Business, Accounting or Finance

- Industry-related certification preferred (e.g., CPA/CA, CIA, CMA, and RICS). Actively maintained certifications preferred

- Prefer technical skills in system software: Oracle ERP Cloud