IT Oracle GRC Analyst
Company: Ferguson Enterprises
Location: Newport News
Posted on: February 21, 2021
Job Description: We have an exciting opportunity for an IT
Oracle GRC Analyst to join the Ferguson IT Security team. The IT
Oracle GRC Analyst will assist with and participate in the
planning, design, implementation, operation, and maintenance of IT
Governance, Risk & Compliance (GRC) efforts intended to support
Business and IT Risk Management and Assurance goals and objectives
for the Oracle Fusion environment. Primary functions include: the
collection of appropriate and relevant data for the monitoring and
analysis of specific IT control activities, liaising with and
providing consultative support to IT control owners and performers,
generation of reports for analysis, assessment and presentation to
IT and business management, recommendations on and tracking of
control remediation, and coordination of efforts with internal and
external auditors. This position works directly with IT, HQ,
Management, Group staff and Operating Companies, Small Businesses
and Subsidiaries, and with external business partners to achieve
the necessary business goals. **This role is approved to sit 100%
remote. If local to the Newport News, VA area, you will have the
option to work in the new HQ3 building, once permitted.** DUTIES
AND RESPONSIBILITIES: Provide continuous enhancement and support of
Oracle Fusion and RMC environment for business and IT stakeholders,
developing solutions based on business requirements and leveraging
standard or customized functionality.
- Analyze and recommend operational and business workflow changes
to management in order to strengthen the control
environment/security posture for the Oracle Fusion
- Assist in the planning, development, implementation,
configuration and maintenance of the Oracle Risk Management Cloud
- Participates in IT GRC team efforts to plan, design, implement
and maintain IT Governance, Risk & Compliance initiatives and their
supporting elements, these include, but are not limited to: Scoping
of relevant business entities, systems, & processes.
- Identification of and coordination with Risk & Control Owners
on all relevant requirements
- Consultation and assistance to Risk & Control Owners in the
planning, design, implementation, operation, maintenance &
remediation of control activities and other supporting requirements
(e.g. policies, standards, processes, system configurations, etc.)
- Development of appropriate technical job aids and automation
(e.g. scripts, queries, dashboards, etc.) in support of control
performance, monitoring and assessment.
- Alignment and coordination with Financial Controls, Internal
Audit teams as appropriate
- Coordination with and support of External Audit partners in the
planning, execution of, and reporting on annual external testing of
Internal (IT General) Controls over Financial Reporting.
- Coordination, tracking and reporting of remediation plans and
progress for all identified IT Control deficiencies
- Enables the performance of specific IT control activities in
support of business objectives. This includes, but is not limited
to: Collection and distribution of appropriate and relevant data in
a timely fashion for the performance of access reviews and other
identified control activities; Identification and communication of
deficiencies and other items of concern to appropriate parties
during the performance of control activities for timely correction
and/or remediation as needed; Maintenance and archiving of all
relevant data and supporting documentation as evidence of the
performance of control activities
- Perform duties as requested by Management, in addition to the
essential job functions described above. QUALIFICATIONS AND
REQUIREMENTS: A minimum of four (4) years' experience in
Information Security and/or Technology. A minimum of two (2) years'
experience in Oracle Fusion and Risk Management Cloud.
- Master's, Bachelor's or Associate Degree in Information
Security, Information Technology or Information Technology
- One or more of the following preferred, but not required:
Certifications such as CISSP, CISM, CISA, CRISC, GSEC, or PCIP
- Working knowledge of the Oracle Fusion platform and Risk
Management Cloud environment.
- Working knowledge of key business functions and workflows, to
include: Accounts Payable (AP), Accounts Receivables (AR),
Purchasing (PO), General Ledger (GL), Inventory (INV), Cash
Management (CE) and Order Management (OM), Record-to-Cash (R2C),
Procure-to-Pay (P2P), & Governance Risk & Compliance (GRC).
- Knowledge of general concepts of IT Governance, Risk
Management, and Compliance with corporate policies and legal,
regulatory and contractual requirements.
- Knowledge of general concepts and requirements related to
Sarbanes-Oxley risk management and control requirements.
- Knowledge of general concepts and requirements regarding AICPA
auditing standards, SSAE 18 audit engagements, and System and
Organization Controls (SOC) reporting.
- Knowledge of general concepts of internal controls, risk
assessments and information security.
- Knowledge of technical platforms, networks, security concepts,
and data retrieval techniques.
- Self-motivated, with the ability to initiate new work without
- Strong knowledge of auditing techniques and/or control
- Substantial ability to create, organize, and analyze complex
- Proven ability to troubleshoot and solve complex and indistinct
- Ability to communicate with all audiences in a clear and
professional written format.
- Ability to speak publicly, including large groups, with all
levels of management. #LI-REMOTE -The Company is an equal
opportunity employer as well as a government contractor that shall
abide by the requirements of 41 CFR 60-300.5(a), which prohibits
discrimination against qualified protected Veterans and the
requirements of 41 CFR 60-741.5(A), which prohibits discrimination
against qualified individuals on the basis of disability. -
provided by Dice
Keywords: Ferguson Enterprises, Newport News , IT Oracle GRC Analyst, Professions , Newport News, Virginia
Didn't find what you're looking for? Search again!