Job Description

The Oracle Governance Risk and Compliance Analyst shall perform the following duties and responsibilities:

1. Participate in implementation and support of Oracle Risk Management Cloud controls such as Advanced Access Controls Cloud Services and Oracle Advanced Financials Controls Cloud Services solution to meet the District’s Governance, Risk and Compliance needs.

2. Identify compliance-related issues both internally and externally

3. Configure security in Oracle Financials, Procurement, Project and Grants to meet the District’s security requirements.

4. Review existing IT General Controls, Segregation of Duties (SOD) and Sensitive Access (SA)Matrix and identify the gaps.

5. Identify General controls, SODs and SAs that can be added to the existing SOD Matrix based on business processes and system architecture.

6. Assist management in creating/updating process documentation over internal controls.

7. Actively partner with management to ensure effective controls are in place to address key risks.

8. Participate in the District’s audit planning activities (scoping, risk control matrix management, technology summary, etc.).

9. Execute internal control testing in support of the District’s compliance program.

10. Interface with auditors (internal and external), business and IT teams to support audit requests.

11. Conduct control review sessions with business teams and client Audit Teams.

12. Map SOD & SA Rules with Oracle Security Roles and identify mitigation Controls.

13. Develop risk mitigation strategies and oversee remediation efforts for issues identified during audits or through other risk management efforts.

14. Contribute to the development and implementation of auditing and risk management tools, processes, and metrics.

15. Maintain a strong understanding of global regulations for compliance, data privacy, and vendor management.

16. Exhibit strong communication, collaboration and conflict management skills to establish and maintain relationships with IT, business functions, customers, and third parties.

17. SME with ability to apply knowledge and influence other functions regarding best practices.

18. Track and report on remediation activities resulting from Internal or External assessments and audits.

19. Track and report on progress of critical initiatives.

20. Define, document, maintain, and communicate new security requirements as they are being introduced.

21. Other duties as assigned.

The candidate shall, at minimum, have the following qualifications:

1. Minimum of seven (7) years of Oracle EBS and Oracle ERP Cloud Application Security experience, and Oracle GRC (e.g., design, recommend and implement security technical controls).

2. Minimum of five (5) years of security, segregation of duties, mitigating control development and related testing.

3. Minimum five (5) years of experience in performing IT audits and assessments or support for third party audits.

4. Minimum five (5) years of experience reporting on critical technical and security related initiatives as well as collecting and disseminating information across multiple teams and lines of business.

5. Experience with Oracle Fusion preferred.

6. Strong working knowledge of common IT governance, control and assurance industry frameworks, including CObIT, RiskIT, IT Governance Institute and ISACA good practices; control frameworks such as COSO, internal control principles and related regulations including SOX and J-SOX.

7. Knowledge of Public Sector business processes such as Procure to Pay, Budget to Report, Order to Cash, and Acquire to Retire

8. Familiarity with regulatory compliance and security and risk standards including ISO 2701-2, PCI DSS, NIST, ITIL, COBIT

9. Bachelor’s degree in Business, Accounting, Finance, Information Technology or other comparable major.

10. Industry-related certification preferred (e.g., CPA/CA, CIA, CMA, and RICS). Actively maintained certifications preferred

11. System Software: Oracle EBS R12.2.X or Oracle ERP Cloud

Company Description

Federal/State/Local Oracle consulting company, specializing in Oracle implementations, upgrades, O&M support, cloud, business process reengineering, RPA, and more.