Position: Oracle Business Security Analyst
Role Overview:
We are looking for a committed Oracle Business Security Analyst to join our team, reporting to the Controls and Compliance Supervisor. This position involves a combination of planning, evaluating, designing, and implementing business security and data security access management, specifically tailored to meet least privilege role-based access control requirements for Oracle Fusion Cloud Enterprise Resource Planning (ERP), Oracle Cloud Enterprise Performance Management (EPM), Oracle Data Relationship Management (DRM), Maximo and PowerPlan applications. The individual in this role will serve as the subject matter expert on role functionality configurations and access management for all users supporting business processes. The ideal candidate will work closely with the Oracle Security, Controls and Compliance, Governance teams, Business departments, and end-users to ensure proper role configuration and access are provided and appropriate. Key focus areas include, but are not limited to, role/functionality design, configuration, segregation of duties, security/data security access management, and controls over business processes.
Key Responsibilities:
- Perform IT and business security assessments, design, and implementation services for Oracle Cloud ERP, Oracle Cloud EPM, DRM, Maximo and PowerPlan with an emphasis on role security and data access configurations, segregation of duties, to support business processes.
- Oversee user access provisioning and identity synchronization in accordance with organization-defined data security policies and the user role matrix.
- Evaluate the design and effectiveness of Oracle, DRM, Maximo and PowerPlan security access roles and functionalities, and conduct Separation of Duties assessments across key business process cycles and integrated applications.
- Examine and audit end-user accounts, permissions, and access rights to ensure alignment with segregation of duties and security profiles, in compliance with SOX requirements.
- Collaborate with the Oracle Security, Controls and Compliance, Business Operations and Governance teams to support role functionality development, address business process and access requirements, and manage user access issues through triage, troubleshooting, and resolution. Work closely with various business departments and users to identify and improve security access, emphasizing least privilege and segregation of duties.
- Maintain the Cool Compliance access management platform used to automated roles access request, approvals, provisioning, and de-provisioning to support access for Oracle Cloud ERP, EPM, DRM, Maximo and PowerPlan. Maintenance includes developing and maintaining role rules, internal and external not rules and approval workflows in promoting tool automation.
- Collaborate with internal and external auditors, as well as internal controls and compliance teams, to ensure adherence to SOX compliance, security access standards, and data security regulations, while providing necessary support and documentation.
- Maintain tools supporting the overall access management process ensuring users have the access needed to perform their jobs efficiently. This includes configuring workflows, streamline operations and automating self-service capabilities where suitable.
- Create and implement security access processes and procedures for Oracle Cloud ERP, EPM, DRM, Maximo, PowerPlan and associated compliance frameworks.
Requirements:
- Bachelor’s degree in computer science, Information Technology, Accounting, Finance, or Business, or related degree required
- At least two years of recent experience in implementing financial applications with a focus on Oracle Cloud ERP, EPM, DRM or similar applications such as SAP security and administration, including expertise in designing and implementing security role access for Accounting, Finance, and Treasury processes OR three years business access experience in a similar role or system required. This includes user provisioning, role-based access control, and ensuring least privilege access to support said business processes. (Maximo and PowerPlan experience is a plus)
- Possess strong technical problem-solving skills with the ability to work independently as well as collaboratively in a collaborative environment
- Excellent organizational skills, along with strong written and verbal communication and presentation abilities
- Must be highly self-motivated
- Solid understanding of Segregation of Duties (SOD), the ability to identify and assess access risks, personally identifiable information (PII), and internal controls.
- Strong time management skills and the ability to work under pressure to meet deadlines, manage multiple tasks, and set priorities
Preferred:
- In place of extensive knowledge and experience in an Oracle Cloud ERP, EPM, DRM, Maximo and PowerPlan security roles, experience in a senior-level position within a business process where you have collaborated on role-based least privilege access processes is acceptable. This includes providing insight and direction on identifying role design for user job responsibilities, considering SOD, approving user provisioning, and managing security/data access to support role-based access control and least privilege access.
- Experience and familiarity with standard Accounting, Finance, and Treasury business processes, along with knowledge of job responsibilities required across various Oracle Cloud, Maximo and PowerPlan operational areas
- Oracle Risk Management Cloud Certified Implementation Specialist Certification a plus
- Certifications, such as CISA (Certified Information Systems Auditor), CPA (Certified Public Accountant), CIA (Certified Internal Auditor), or CISSP (Certified Information Systems Security Professional)
- Project or team lead experience a plus
- Experience and knowledge with Oracle Cloud, Maximo, SQL querying, PowerPlan application configurations, technical objects, and procedures documentation skills
About Southern Company
Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .
Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and benefits will also be provided during the hiring process.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Identification: 13503
Job Category: Information Technology
Job Schedule: Full time
Company: Southern Company Services
