Oracle Risk and Compliance Lead​/Oracle Security Consultant​/Oracle Cloud Governance Consultant

Job Title:
Cybersecurity & GRC Consultant/Oracle Security Consultant/Security Architect
Duration:
Long Term

Location:

Chicago, IL
The Senior GRC (Governance, Risk, and Compliance) Lead has a well-rounded profile with the right combination of significant and progressive professional expertise in Enterprise Governance, Risk, and Compliance Management and will support implementation of Oracle Cloud GRC modules including Enterprise Governance, Risk and Compliance Manager (EGRCM) and Advanced Controls to support Organization Enterprise Governance, Risk, and Compliance management efforts.

Key Responsibilities:

Validate requirements and support implementation of Oracle Enterprise Governance, Risk, and Compliance management modules in support of Enterprise Governance, Risk, and Compliance policies and procedures.
Own the GRC related requirements and provide support in reviewing and approving GRC related requirements, business processes, user stories, functional and technical specification documentation.
Support creation, review, and approval of test cases and test results in support of GRC module requirements.
Support the Third-Party Risk Management lifecycle from pre-onboarding to offboarding of vendor relationships.
Conduct risk assessments for new and existing and vendors to identify privacy and security-related risks.
Collect, review, and track vendor due diligence and compliance documentation (e.g., SIG questionnaires, SOC 2 reports, security policies)
Assist in analyzing internal as well as vendor cybersecurity controls related to hardware, software, and services.
Coordinate with internal stakeholders and third parties to document and remediate risks.
Support contractual reviews in collaboration with Procurement and Contracts Administration teams.
Contribute to client compliance activities, including assessments and client webshare coordination.
Help define, report, and track GRC-related metrics and risk indicators.
Participate in process improvements and automation of GRC activities.
Stay current with industry trends, frameworks (NIST CSF, ISO), and regulatory requirements (GDPR, CCPA).
Practical expertise in security frameworks such as: SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, SOC
2.
Expertise in SaaS and PaaS implementations including Oracle cloud ERP, HCM, SCM and EPM applications.
Solid understanding of IT control frameworks like COBIT and IT General Controls.
In-depth knowledge of risk and controls concepts in information security.
Hands-on experience across control domains such as IAM, Data Security, Network Security, SDLC, Logging & Monitoring, etc.
Technical proficiency in security controls like encryption, logical access, secure coding, vulnerability management, and security architecture.
Strong experience conducting vendor risk assessments and translating technical risk into business impact.
Familiarity with risk treatment and exception processes.
Understanding of security architecture (authentication, authorization, encryption of data in transit/at rest).
Ability to communicate clearly with technical teams, stakeholders, and auditors.
High attention to detail and excellent documentation habits.
Strong analytical skills to resolve system and security issues.
Strong understanding in access control, identity management, and compliance standards
Excellent verbal and written communication skills.
Work with IAM, Security engineering and Network operations teams to understand and design target state OCI PaaS and IaaS services
Document security requirements for OCI PaaS and IaaS services
Strong Understanding of IAM including SSO, IDMS and IGA practices for enterprise
Provide guidance and training to team members on Oracle Cloud security practices.
Liaise with vendors and partners to ensure optimal security practices and stay updated on Oracle Cloud updates and best practices.

Type of

Education Required:


Bachelor’s Degree in Technology, Risk Management, or related field.

Preferred certifications:
CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor or Lead Implementer.

Type of Experience and Number of Years:
Working Experience on Oracle GRC Modules, and Risk Management are mandatory
Working Experience on various Security frameworks like NIST are mandatory
At least one full life cycle implementation of Enterprise Governance, Risk and Compliance Manager (EGRCM) and Advanced Controls preferably
in a public sector environment.
Minimum 5 years of Enterprise GRC experience implementing and supporting industry standard tools and frameworks including third-party vendor risk assessment.
Proficiency in cloud security principles and tools, including IAM, encryption, firewall management, and vulnerability assessment.
Proficiency with Google tools such as Google Docs, Sheets, and Presentations.
A proactive mindset with a focus on continuous improvement and results.
Integrity, accountability, and a strong sense of ownership over responsibilities.
Experience in the Public Sector including Education (K-12) project or program work,…