Oracle HCM Technical Consultant (Security)

KEY RESPONSIBILITIES

1. Strategic Leadership & Workshop Facilitation

. Lead and drive the security workstream, including end-to-end planning, resource allocation, and delivery governance.

. Facilitate and chair client workshops and working sessions to elicit business requirements, define access models, and align stakeholder expectations.

. Prepare and present workshop outputs including decision logs, action trackers, and security design documentation.

. Serve as the primary point of contact for all authorization and security-related queries from client stakeholders, functional leads, and project management.

2. Authorization Design & Governance

. Define and govern the overall Authorization Principles and Framework for the Oracle HCM SaaS implementation.

. Design and enforce role-based access control (RBAC) structures, including job roles, duty roles, abstract roles, and data security policies.

. Establish and maintain Segregation of Duties (SoD) conflict matrices and remediation frameworks in alignment with audit and compliance standards.

. Define data security policies governing Person, Payroll, and Workforce Management data access in alignment with organizational hierarchies and business rules.

. Ensure the authorization model aligns with the client's risk appetite, regulatory requirements, and internal governance policies.

3. Configuration, Build & Validation

. Configure and build authorization rules, role hierarchies, and data security policies directly within Oracle HCM SaaS (Fusion).

. Conduct structured validation exercises with business users, functional consultants, and IT stakeholders to confirm access models meet business requirements.

. Perform iterative testing and refinement of roles to address access gaps, over-provisioning, and SoD conflicts identified during validation cycles.

. Manage and govern the Oracle Security Console and associated role management tooling.

4. Documentation & Standards

. Author and maintain comprehensive Authorization Configuration Documentation, including role catalogues, data security policy registers, and access matrices.

. Produce and own the Security Design Document (SDD) and ensure it remains current throughout the project lifecycle.

. Maintain traceability between business requirements, authorization design decisions, and configured rules.

. Develop and enforce documentation standards and templates across the security workstream.

5. User Access Provisioning & Audit Readiness

. Oversee and govern user access provisioning processes, ensuring adherence to the Joiner-Mover-Leaver (JML) framework.

. Lead role design and assignment activities, ensuring roles are fit for purpose and audit-ready.

. Manage access remediation activities, including SoD conflict resolution, excessive access removal, and corrective action tracking.

. Support internal and external audit activities by providing evidence packs, access reports, and control documentation.

. Define and implement Periodic Access Review (PAR) processes and ensure controls are operational post go-live.

6. Risk, Compliance & Governance Alignment

. Ensure all security controls and authorization configurations align with applicable compliance frameworks (e.g, internal IT governance policies).

. Collaborate with the client's Risk, Compliance, and Internal Audit functions to validate security design against control objectives.

. Identify and escalate security risks, gaps, and non-compliant configurations with proposed remediation strategies.

. Provide input to the project's risk register for security-related risks and ensure mitigating actions are tracked to closure.

7. Team Leadership & Technical Mentorship

. Manage and mentor junior and mid-level security team members, providing day-to-day technical guidance and quality oversight.

. Conduct quality assurance reviews of security configurations, documentation, and deliverables produced by team members.

. Foster a high-performance team culture, providing constructive feedback, coaching, and development support.

. Define workstream tasks, estimate effort, and assign responsibilities in alignment with project plans.

8. Testing & Post-Go-Live Support

. Define and execute security testing strategies for System Integration Testing (SIT) and User Acceptance Testing (UAT), including test scenario design and execution.

. Validate access scenarios across all Oracle HCM modules during SIT and UAT phases, ensuring role configurations are consistent with business requirements.

. Triage and resolve complex access and security defects raised during testing cycles, collaborating with functional consultants and technical teams.

. Support hypercare and post-go-live activities, including break-fix resolution, access query management, and security configuration stabilization.

. Contribute to transition activities including handover of security operations to the client's support function.

QUALIFICATIONS & EXPERIENCE

Essential Requirements

. Minimum 10 years of hands-on experience in Oracle HCM (Fusion) Security and Authorization, with at least 2 full end-to-end implementation lifecycles in a lead capacity.

. Deep expertise in Oracle HCM SaaS security architecture, including RBAC, Abstract Roles, Job Roles, Duty Roles, Data Roles, and Oracle Security Console.

. Strong understanding of Oracle HCM modules including Core HR, Payroll, Talent Management, Absence Management, Workforce Management, and Recruiting.

. Proven experience defining and governing data security policies, including Person Security Profiles, Payroll Security Profiles, and Legislative Data Group (LDG) security.

. Demonstrated expertise in SoD conflict identification, management, and remediation within Oracle HCM.

. Experience managing and facilitating client workshops, requirement sessions, and design reviews.

. Proficiency in producing high-quality security documentation, including Security Design Documents, Role Catalogues, and Access Matrices.

. Experience supporting SIT, UAT, and post-go-live security activities including defect triage and access validation.

. Strong stakeholder management skills with the ability to engage effectively with business, IT, and audit functions.

. Experience managing and mentoring security team members in a consulting or project delivery environment.

Desirable / Advantageous

. Oracle Cloud HCM certification in Security or relevant functional modules.