Adani Group

Oracle Fusion HCM: GRC Analyst / Manager

Ahmedabad April 8, 2026 Full Time

Role Summary :


The Oracle Fusion HCM GRC Analyst/Manager is responsible for defining, implementing, and monitoring governance, risk, and compliance controls across HR processes within Oracle Fusion HCM. The role ensures secure handling of sensitive employee data, robust access governance, adherence to regulatory requirements, and effective audit readiness across HR modules such as Core HR, Payroll, Benefits, Talent, and Absence.


Key Responsibilities:


Governance & Policy Management

  • Develop and maintain HR-specific GRC policies (data privacy, access control, SoD, incident management).
  • Establish and enforce role-based access control (RBAC), data roles, security profiles, and duty roles in Fusion HCM.
  • Define Segregation of Duties (SoD) rules for HR processes (e.g., hiring, payroll updates, terminations).

Risk Management & Controls

  • Conduct periodic risk assessments for HR processes (payroll changes, PII access, offboarding).
  • Design and test preventive and detective controls (e.g., approval workflows, audit trails, dual-control for payroll).
  • Implement monitoring for anomalous HR activities (e.g., multiple salary changes, unauthorized data export).

Compliance & Audit Readiness

  • Ensure compliance with local labor laws, data protection regulations (e.g., GDPR-like principles), and internal HR policies.
  • Manage quarterly/annual user access reviews, evidence collection, and audit support.
  • Maintain control documentation: narratives, RCM (Risk & Control Matrix), test scripts, and remediation plans.

System Configuration & Continuous Monitoring

  • Configure security profiles (Area of Responsibility, Data Role, HCM Groups) and access provisioning via HDL/Manage Users’.
  • Use Oracle Risk Management Cloud (if implemented) and audit tools for continuous control monitoring.
  • Automate controls via approvals, BPM workflows, notifications, and audit reports.

Incident & Change Management

  • Oversee incident triage for security breaches, access exceptions, and HR data incidents.
  • Review and approve HCM configuration changes impacting controls (change advisory board participation).
  • Coordinate remediation and root cause analysis with HR, IT Security, and Application Support.

Reporting & Stakeholder Communication

  • Produce dashboards and reports on access, control effectiveness, violations, and remediation status for HR leadership and Audit.
  • Run KPI reports (e.g., access certification completion, SoD exceptions trend, time-to-remediate).

Enablement

  • Train HR and IT teams on secure usage of Fusion HCM, compliance expectations, and control procedures.
  • Create SOPs for access requests, terminations, payroll changes, and employee data handling.

Core Deliverables :


  • Security design documents (roles/duty roles/data roles, SoD matrix)
  • Risk & Control Matrix (RCM) for HR processes
  • Quarterly Access Certification Reports & SoD Violation Reports
  • Audit evidence packs & remediation logs
  • Control testing scripts and results
  • Incident register and post-incident reviews

Required Qualifications :


  • Bachelor’s/Master’s in Information Systems, HRIS, or related field.
  • 4–10+ years in GRC, IT Audit, InfoSec, or HRIS with Oracle Fusion HCM exposure.
  • Hands-on with HCM modules: Core HR, Talent, Absence.
  • Experience configuring HCM security (roles, data roles, security profiles, HCM groups).
  • Strong audit/test documentation and stakeholder communication skills.

Preferred Certifications (nice to have)

  • Oracle Cloud HCM certification (Security)
  • CISA / CRISC / ISO 27001 Lead Implementer / CIPD (HR compliance)

Skills & Competencies


  • Technical: Fusion HCM security model, HDL user provisioning, BPM approvals, audit reporting.
  • Risk & Compliance: SoD design, access recertification, control testing, incident response.
  • Process: HR lifecycle (hire-to-retire), payroll governance, data privacy & retention.
  • Soft Skills: Cross-functional stakeholder management (HR, Payroll, IT Security, Audit), documentation, training.

KPIs / Success Metrics

  • % Completion of quarterly access reviews (target: 98%)
  • Mean time to remediate access/control issues (e.g., 10 business days)
  • Reduction in SoD violations over time (e.g., 30% YoY)
  • Audit findings attributable to HCM GRC (target: 0 high-severity)
  • SLA adherence for joiner/mover/leaver access requests (e.g., 95% on-time)
  • Compliance dashboard accuracy & timeliness

Sample Control Catalog (HCM Focus)


  • Access Governance
    • Joiner/Mover/Leaver (JML) workflow with manager & HR approvals
    • Quarterly user access review with attestation; emergency access with time-bound expiry
    • SoD rules: e.g., no single user can hire + update payroll element + process payroll
  • Data Privacy & Security
    • Restrict PII export; masking sensitive attributes in reports
    • HCM Data Roles aligned to Area of Responsibility (AOR)
    • Encryption at rest/in transit; logging of downloads/exports
  • Process Controls
    • Dual approvals for salary changes above threshold
    • Payroll recalculation audit and post-payroll variance report
    • Termination checklist ensuring timely access revocation
  • Monitoring & Reporting
    • Alerts for multiple compensation changes within a period
    • Reports: Users with HR Specialist + Payroll Admin combined access
    • Exception dashboards for overdue approvals & pending terminations
Apply on company site

How well do you match this role?

Check My Resume