Key skills
OracleLeadershipStakeholder ManagementRisk ManagementChange ManagementCommunication
About this role
Governance & Policy Management
- Develop and maintain HR-specific GRC policies (data privacy, access control, SoD, incident management).
- Establish and enforce role-based access control (RBAC), data roles, security profiles, and duty roles in Fusion HCM.
- Define Segregation of Duties (SoD) rules for HR processes (e.g., hiring, payroll updates, terminations).
Risk Management & Controls
- Conduct periodic risk assessments for HR processes (payroll changes, PII access, offboarding).
- Design and test preventive and detective controls (e.g., approval workflows, audit trails, dual-control for payroll).
- Implement monitoring for anomalous HR activities (e.g., multiple salary changes, unauthorized data export).
Compliance & Audit Readiness
- Ensure compliance with local labor laws, data protection regulations (e.g., GDPR-like principles), and internal HR policies.
- Manage quarterly/annual user access reviews, evidence collection, and audit support.
- Maintain control documentation: narratives, RCM (Risk & Control Matrix), test scripts, and remediation plans.
System Configuration & Continuous Monitoring
- Configure security profiles (Area of Responsibility, Data Role, HCM Groups) and access provisioning via HDL/’Manage Users’.
- Use Oracle Risk Management Cloud (if implemented) and audit tools for continuous control monitoring.
- Automate controls via approvals, BPM workflows, notifications, and audit reports.
Incident & Change Management
- Oversee incident triage for security breaches, access exceptions, and HR data incidents.
- Review and approve HCM configuration changes impacting controls (change advisory board participation).
- Coordinate remediation and root cause analysis with HR, IT Security, and Application Support.
Reporting & Stakeholder Communication
- Produce dashboards and reports on access, control effectiveness, violations, and remediation status for HR leadership and Audit.
- Run KPI reports (e.g., access certification completion, SoD exceptions trend, time-to-remediate).
Enablement
- Train HR and IT teams on secure usage of Fusion HCM, compliance expectations, and control procedures.
- Create SOPs for access requests, terminations, payroll changes, and employee data handling.
Core Deliverables
- Security design documents (roles/duty roles/data roles, SoD matrix)
- Risk & Control Matrix (RCM) for HR processes
- Quarterly Access Certification Reports & SoD Violation Reports
- Audit evidence packs & remediation logs
- Control testing scripts and results
- Incident register and post-incident reviews
Required Qualifications
- Bachelor’s/Master’s in Information Systems, HRIS, or related field.
- 4–10+ years in GRC, IT Audit, InfoSec, or HRIS with Oracle Fusion HCM exposure.
- Hands-on with HCM modules: Core HR, Talent, Absence.
- Experience configuring HCM security (roles, data roles, security profiles, HCM groups).
- Strong audit/test documentation and stakeholder communication skills.
Preferred Certifications (nice to have)
- Oracle Cloud HCM certification (Security)
- CISA / CRISC / ISO 27001 Lead Implementer / CIPD (HR compliance)
Skills & Competencies
- Technical: Fusion HCM security model, HDL user provisioning, BPM approvals, audit reporting.
- Risk & Compliance: SoD design, access recertification, control testing, incident response.
- Process: HR lifecycle (hire-to-retire), payroll governance, data privacy & retention.
- Soft Skills: Cross-functional stakeholder management (HR, Payroll, IT Security, Audit), documentation, training.