Oracle HCM ( Application Security)

Zenith Infotech (S) Pte Ltd. was started in 1997, primarily with the vision of offering state-of-the-art IT Professionals and solutions to various organizations and thereby helping them increase their productivity and competitiveness. From the deployment of one person to formation of whole IT teams, Zenith Infotech has helped clients with their staff augmentation needs. Zenith offers the opportunity to be engaged in long term projects with large IT savvy companies, Consulting organizations, System Integrators, Government, and MNCs.

EA Licence No: 20S0237

KEY RESPONSIBILITIES
1. Strategic Leadership & Workshop Facilitation

. Lead and drive the security workstream, including end-to-end planning, resource allocation, and delivery governance.

. Facilitate and chair client workshops and working sessions to elicit business requirements, define access models, and align stakeholder expectations.

. Prepare and present workshop outputs including decision logs, action trackers, and security design documentation.

. Serve as the primary point of contact for all authorization and security-related queries from client stakeholders, functional leads, and project management.

2. Authorization Design & Governance

. Define and govern the overall Authorization Principles and Framework for the Oracle HCM SaaS implementation.

. Design and enforce role-based access control (RBAC) structures, including job roles, duty roles, abstract roles, and data security policies.

. Establish and maintain Segregation of Duties (SoD) conflict matrices and remediation frameworks in alignment with audit and compliance standards.

. Define data security policies governing Person, Payroll, and Workforce Management data access in alignment with organizational hierarchies and business rules.

. Ensure the authorization model aligns with the client's risk appetite, regulatory requirements, and internal governance policies.

3. Configuration, Build & Validation

. Configure and build authorization rules, role hierarchies, and data security policies directly within Oracle HCM SaaS (Fusion).

. Conduct structured validation exercises with business users, functional consultants, and IT stakeholders to confirm access models meet business requirements.

. Perform iterative testing and refinement of roles to address access gaps, over-provisioning, and SoD conflicts identified during validation cycles.

. Manage and govern the Oracle Security Console and associated role management tooling.

4. Documentation & Standards

. Author and maintain comprehensive Authorization Configuration Documentation, including role catalogues, data security policy registers, and access matrices.

. Produce and own the Security Design Document (SDD) and ensure it remains current throughout the project lifecycle.

. Maintain traceability between business requirements, authorization design decisions, and configured rules.

. Develop and enforce documentation standards and templates across the security workstream.

5. User Access Provisioning & Audit Readiness

. Oversee and govern user access provisioning processes, ensuring adherence to the Joiner-Mover-Leaver (JML) framework.

. Lead role design and assignment activities, ensuring roles are fit for purpose and audit-ready.

. Manage access remediation activities, including SoD conflict resolution, excessive access removal, and corrective action tracking.

. Support internal and external audit activities by providing evidence packs, access reports, and control documentation.

. Define and implement Periodic Access Review (PAR) processes and ensure controls are operational post go-live.

6. Risk, Compliance & Governance Alignment

. Ensure all security controls and authorization configurations align with applicable compliance frameworks (e.g, internal IT governance policies).

. Collaborate with the client's Risk, Compliance, and Internal Audit functions to validate security design against control objectives.

. Identify and escalate security risks, gaps, and non-compliant configurations with proposed remediation strategies.

. Provide input to the project's risk register for security-related risks and ensure mitigating actions are tracked to closure.

7. Team Leadership & Technical Mentorship

. Manage and mentor junior and mid-level security team members, providing day-to-day technical guidance and quality oversight.

. Conduct quality assurance reviews of security configurations, documentation, and deliverables produced by team members.

. Foster a high-performance team culture, providing constructive feedback, coaching, and development support.

. Define workstream tasks, estimate effort, and assign responsibilities in alignment with project plans.

8. Testing & Post-Go-Live Support

. Define and execute security testing strategies for System Integration Testing (SIT) and User Acceptance Testing (UAT), including test scenario design and execution.

. Validate access scenarios across all Oracle HCM modules during SIT and UAT phases, ensuring role configurations are consistent with business requirements.

. Triage and resolve complex access and security defects raised during testing cycles, collaborating with functional consultants and technical teams.

. Support hypercare and post-go-live activities, including break-fix resolution, access query management, and security configuration stabilization.

. Contribute to transition activities including handover of security operations to the client's support function.

QUALIFICATIONS & EXPERIENCE

Essential Requirements
. Minimum 10 years of hands-on experience in Oracle HCM (Fusion) Security and Authorization, with at least 2 full end-to-end implementation lifecycles in a lead capacity.

. Deep expertise in Oracle HCM SaaS security architecture, including RBAC, Abstract Roles, Job Roles, Duty Roles, Data Roles, and Oracle Security Console.

. Strong understanding of Oracle HCM modules including Core HR, Payroll, Talent Management, Absence Management, Workforce Management, and Recruiting.

. Proven experience defining and governing data security policies, including Person Security Profiles, Payroll Security Profiles, and Legislative Data Group (LDG) security.

. Demonstrated expertise in SoD conflict identification, management, and remediation within Oracle HCM.

. Experience managing and facilitating client workshops, requirement sessions, and design reviews.

. Proficiency in producing high-quality security documentation, including Security Design Documents, Role Catalogues, and Access Matrices.

. Experience supporting SIT, UAT, and post-go-live security activities including defect triage and access validation.

. Strong stakeholder management skills with the ability to engage effectively with business, IT, and audit functions.

. Experience managing and mentoring security team members in a consulting or project delivery environment.

Desirable / Advantageous

. Oracle Cloud HCM certification in Security or relevant functional modules.