Job Title: Security Architect – IAM & Role Design (Oracle Cloud Transformation)
The Security Architect will lead the definition and implementation of roles, access models, and authorization frameworks for a manufacturing enterprise migrating to Oracle Cloud Infrastructure (OCI).
This role is accountable for designing a scalable, auditable, and business‑aligned access control model, ensuring that users across manufacturing operations, supply chain, finance, and corporate functions have appropriate, least‑privilege access.
The architect will bridge business process design and technical IAM implementation, translating manufacturing roles into OCI‑compatible security constructs.
Key Responsibilities
* Define enterprise‑wide Role‑Based Access Control (RBAC) and/or Attribute‑Based Access Control (ABAC) models
* Translate business functions into structured roles, including:
o Maintenance engineers
o Supply chain planners
o Finance and procurement users
* Design hierarchical and composite roles aligned to job functions
* Eliminate role duplication and prevent “role explosion”
Business Process & Segregation of Duties (SoD)
* Work with business stakeholders to map end‑to‑end manufacturing processes
* Define and enforce Segregation of Duties (SoD) controls, including:
o Procurement vs. approval
o Identify and mitigate access conflicts and toxic combinations
OCI Identity & Access Management (IAM) Implementation
* Design and configure OCI IAM components:
o Compartments
o Groups and dynamic groups
o Policies and permissions
* Align OCI IAM structure with enterprise role model
* Integrate OCI with enterprise identity providers (SSO, federation)
Access Governance & Lifecycle Management
* Define processes for:
o Joiner / mover / leaver (JML)
o Role assignment and approval workflows
o Periodic access reviews and certifications
* Establish role ownership and governance model
* Implement auditability and traceability of access
Data & Application Access Control
* Define access models across:
o ERP systems (e.g., Oracle ERP Cloud)
o Manufacturing Execution Systems (MES)
o Supply chain platforms
* Ensure consistent access policies across cloud and legacy systems
* Protect sensitive manufacturing and operational data
* Develop:
o Role catalog and definitions
o Access matrices (role vs. permission mapping)
o Naming conventions and design standards
o Create reusable templates for future onboarding of plants or systems
Stakeholder Engagement
* Collaborate with:
o Supply chain and procurement teams
o IT and cloud engineering teams
o Risk, audit, and compliance teams
* Facilitate workshops to validate role definitions and access needs
* Act as the translator between business and technical security
Risk, Compliance & Audit
* Ensure alignment with:
o Internal audit requirements
o Industry standards (e.g., ISO 27001, SOX if applicable)
* Support audits with clear documentation of:
o Access controls
o SoD enforcement
Required Qualifications
Experience
* 8–12+ years in security architecture or IAM
* Experience in ERP or manufacturing environments
* Hands‑on experience with Oracle Cloud Infrastructure (OCI) IAM or similar (AWS/Azure IAM)
* Strong understanding of manufacturing operations, including:
o Production processes
o Plant operations
o Supply chain workflows
* Experience mapping business roles to system access
Technical Skills
* IAM concepts: RBAC, ABAC, least privilege
* Identity federation and SSO
* OCI IAM, access governance tools (e.g., SailPoint, Saviynt, Oracle Identity Governance)
* Understanding of ERP security models (Oracle ERP preferred)
* Role catalog and hierarchy
* Segregation of Duties (SoD) matrix
* OCI IAM design and policy structure
* Access governance processes (JML, reviews)
* Documentation for audit and compliance
Success Metrics
* Reduction in excessive or conflicting access
* High adoption of standardized roles across plants
* Efficient onboarding of new users and sites
Nice‑to‑Have
* Experience with multi‑plant or global manufacturing environments
* Knowledge of OT/IT convergence (Operational Technology security)
* Familiarity with zero trust principles
* Certifications:
o CISSP
o CCSP
o Oracle Cloud certifications
o Identity governance certifications
Profile Summary (Short Version for Job Posting)
We are seeking a Security Architect to lead the design of enterprise roles and access controls for a manufacturing organization transitioning to Oracle Cloud. The role will focus on defining scalable RBAC models, enforcing segregation of duties, and aligning business processes with OCI IAM structures. This position requires strong collaboration with manufacturing and business stakeholders to ensure secure and efficient access across all operations.
#J-18808-Ljbffr