Application Security Architect - Oracle HCM SaaS (Fusion)

About the Role

We are seeking an experienced Application Security Architect to lead the design, governance, and delivery of security and authorization frameworks for Oracle HCM SaaS (Fusion). This role requires a strategic leader with deep technical expertise, excellent stakeholder management skills, and the ability to mentor a high-performing team.

Key Responsibilities

• Drive the security workstream, including planning, resource allocation, and governance.
• Facilitate client workshops to define access models and align stakeholder expectations.
• Present workshop outputs including decision logs, action trackers, and security design documentation.
• Act as the primary contact for all authorization and security-related queries.
• Define and govern Authorization Principles and Framework for Oracle HCM SaaS.
• Design and enforce RBAC structures (job roles, duty roles, abstract roles, data security policies).
• Establish and maintain Segregation of Duties (SoD) conflict matrices and remediation frameworks.
• Ensure authorization models align with risk appetite, compliance, and governance policies.
• Configure and build authorization rules and role hierarchies in Oracle HCM SaaS.
• Conduct validation exercises with business users and IT stakeholders.
• Perform iterative testing to address access gaps, over-provisioning, and SoD conflicts.
• Govern the Oracle Security Console and role management tooling.
• Maintain comprehensive Authorization Configuration Documentation.
• Own and update the Security Design Document (SDD).
• Ensure traceability between requirements, design decisions, and configured rules.
• Develop and enforce documentation standards across the security workstream.
• Govern user access provisioning under the Joiner-Mover-Leaver (JML) framework.
• Lead role design and assignment activities ensuring audit readiness.
• Manage remediation activities including SoD conflict resolution and corrective action tracking.
• Support audit activities with evidence packs and access reports.
• Implement Periodic Access Review (PAR) processes post go-live.
• Align security controls with compliance frameworks and governance policies.
• Collaborate with Risk, Compliance, and Audit functions to validate security design.
• Escalate risks and propose remediation strategies.
• Maintain security-related entries in the project risk register.
• Mentor junior and mid-level security team members.
• Conduct quality assurance reviews of configurations and documentation.
• Foster a high-performance team culture with coaching and feedback.
• Define tasks, estimate effort, and assign responsibilities.
• Define and execute security testing strategies for SIT and UAT.
• Validate access scenarios across Oracle HCM modules.
• Resolve complex access and security defects during testing.
• Support hypercare and post-go-live stabilization.
• Contribute to transition activities and handover to support functions.

Job requirements

• Bachelor's degree in Computer Science or any related discipline.
• 10+ years of hands-on experience in Oracle HCM (Fusion) Security and Authorization.
• At least 2 full end-to-end Oracle HCM implementation lifecycles in a lead role.
• Deep expertise in Oracle HCM SaaS security architecture (RBAC, roles, Security Console).
• Knowledge of Oracle HCM modules (Core HR, Payroll, Talent, Absence, Workforce, Recruiting).
• Proven experience defining and governing data security policies (Person, Payroll, LDG).
• Expertise in SoD conflict management and remediation.
• Experience facilitating workshops and producing high-quality security documentation.
• Stakeholder management skills across business, IT, and audit functions.
• Experience mentoring and managing security teams in consulting/project delivery.
• Oracle Cloud HCM certification in Security or relevant functional modules.

Cristina Malabuyoc Malijan EA License No. 02C3423 Personnel Registration No. R1111547

Your Safety and Data Security Matter to Us

ManpowerGroup is committed to a safe and transparent hiring process. We will never request payment, banking details, or sensitive personal information as part of our recruitment. If you receive suspicious outreach claiming to be from us, please contact [Confidential Information].

Please note that your response to this advertisement and subsequent communications with us will constitute informed consent to the collection, use, and disclosure of personal data by Manpower Singapore for recruitment and employment-related purposes, in compliance with the Personal Data Protection Act 2012. To learn more about ManpowerGroup's Global Privacy Policy, please visit: https://www.manpower.com.sg/privacy-policy.