Information Security Architect

Rate
: $68.56-$88.65/hour W2, dependent on skills and qualifications

Description of work / project:

The client is seeking an Information Security Architect with deep Oracle security expertise with financial knowledge to lead security architecture and control design for the migration from Oracle E-Business Suite (EBS) to Oracle Fusion Cloud, supported by Oracle Cloud Infrastructure (OCI) and PaaS services such as Oracle Integration Cloud (OIC) and Visual Builder Cloud Service (VBCS).

This role serves as the enterprise authority for Oracle security architecture, covering application security role-based access controls (RBAC), Segregation of Duties (SoD) and Sensitive Access (SA), automated controls, system hardening, and identity architecture for single sign-on (SSO) and multi-factor authentication (MFA). The Architect partners with implementation teams, business owners, and audit stakeholders to ensure a secure, compliant, and audit-ready deployment.

1) Oracle Security Architecture Leadership

• Own end-to-end security architecture across Oracle Fusion, OCI, and PaaS (OIC, VBCS) environments.
• Translate security and compliance requirements into architecture patterns spanning:
• Fusion roles, privileges, and data security
• OCI IAM, compartments, and policies
• PaaS service security
• Serve as the escalation point for security design decisions, risks, and deviations.

2) Access Model Governance

• Govern design and delivery of:
• RBAC aligned to job personas and least privilege
• SoD and SA rule frameworks, analysis, and remediation
• Role design workshops, configuration, system integration testing (SIT), user acceptance testing (UAT), and validation
• Ensure:
• Conflict identification and resolution with business owners
• Role-based license optimization
• Audit-ready application security documentation

3) Automated Controls & Audit Enablement

• Define and validate automated business process controls (ABPC) addressing key financial and operational risks.
• Oversee:
• Control design, configuration, and effectiveness testing
• Audit policy enablement for high-risk transactions and configurations
• Lead compensating control strategy where automation is not feasible:
• Align with process owner accountability
• Ensure audit readiness and traceability

4) Identity Architecture integration

• Lead design and validation of Oracle Cloud identity architecture across:
• Fusion applications
• OCI, OIC
• Ensure alignment with enterprise identity and access strategy:
• Federation with corporate identity provider
• Conditional access and MFA enforcement
• Break-glass access and logging
• Oversee implementation partner deliverables across build, testing, and deployment.

5) OCI & PaaS Security Architecture and Hardening

• Define and govern OCI security architecture, including:
• System environment strategy (Dev/Test/Pre-Prod/Prod)
• IAM policies, dynamic groups, and SoD enforcement
• Secure network and perimeter controls:
• Security lists, private endpoints, service gateways
• OCI firewall and egress controls
• Protect applications and APIs:
• OCI web application firewall (WAF) deployment for Fusion/OCI elements
• Secure integrations (OIC, on-prem, third-party):
• Encrypted and integrity-protected data flows
• CIS-aligned configurations
• Vault/key management and secrets protection
• Object storage security controls
• Enable monitoring and detection:
• Audit logs, WAF logs, service telemetry
• SIEM integration, alerting, and incident response

6) Integration Security – (OIC & Third-Party)

• Lead security architecture and governance for integrations across Oracle Integration Cloud (OIC), Fusion, OCI, on-prem systems, and third-party applications.
• Define and enforce secure integration patterns, including:
• API authentication and authorization
• Secure credential management and secrets handling
• Data encryption in transit and message integrity validation