Oracle Cloud ERP SOX Compliance & SoD Analyst

6 month contract - extendable

Job Purpose:

The Oracle Cloud ERP SOX Compliance & SoD Analyst is responsible for ensuring that Oracle Cloud ERP user roles, access models, and business processes comply with Sarbanes-Oxley (SOX) requirements and organizational internal control standards. This role manages segregation of duties (SoD) conflicts, supports access reviews, and partners with business process owners, internal audit, and IT security teams to maintain a compliant, efficient, and secure ERP environment.

Key Responsibilities:

1. SOX Compliance & Internal Controls

• Support design, implementation, and maintenance of IT General Controls (ITGCs) within Oracle Cloud ERP (Finance, Procurement, Projects, SCM, and HCM).
• Ensure compliance with SOX 404 requirements through access management, change management, and configuration controls.
• Prepare and maintain SOX control documentation, test scripts, and evidence for audits.
• Collaborate with auditors (internal and external) to provide access reports, SoD analyses, and remediation plans.

2. Segregation of Duties (SoD) Management

• Develop and maintain the SoD matrix for Oracle Cloud ERP roles across key modules.
• Identify, assess, and mitigate SoD conflicts across business functions (e.g., Procure-to-Pay, Order-to-Cash, Record-to-Report).
• Utilize Oracle Risk Management Cloud (RMC) or other GRC tools to automate SoD analysis and reporting.
• Partner with role owners and process leads to redesign or remediate conflicting roles.
• Perform quarterly SoD reviews and user access certification campaigns.

3. User Access Management

• Oversee user provisioning, de-provisioning, and periodic access reviews to ensure least-privilege principle.
• Review and approve role change requests to prevent SoD violations.
• Document and maintain access control procedures and workflows.
• Manage exceptions through risk acceptance and compensating control documentation.

4. Role Design & Governance

• Define and enforce Oracle Cloud ERP role governance standards and policies.
• Partner with Oracle Cloud Security, HR, and Finance teams to align roles with job responsibilities.
• Maintain a central repository of roles, privileges, and SoD mapping.
• Support implementation of new modules or business units by assessing SoD and compliance implications.

5. Audit & Reporting

• Generate and review SoD and user access reports for audit readiness.
• Prepare management dashboards showing SoD conflicts, mitigations, and compliance trends.
• Support periodic control self-assessments and internal audit walkthroughs.