Who We Are

At WSP, we are driven by inspiring future-ready pioneers to innovate. We’re looking to grow our teams with people who are ready to collaborate in building communities and expanding our skylines. To do this, we hire candidates of all experiences, skillsets, backgrounds and walks of life. We actively foster a work environment and culture where inclusion and diversity is part of our fundamental structure. This is delivered behaviorally, through our policies, trainings, local partnerships with professional diverse organizations, internal networks and most importantly with the support and sponsorship of our leaders who help drive our commitment to an inclusive, diverse, welcoming and equitable work environment. Anything is within our reach and yours as a WSP employee. Come join us and help shape the future!

This Opportunity

The Oracle COE – Security and Compliance Lead will oversee WSP Security and Compliance posture related to the Oracle SaaS application and related landscape. The role will include participating in the deployment efforts, as well as on-going support for countries that have gone live (application support).

The key responsibility from a Security perspective is to oversee the design and be the guardian of the Security framework. The objective is to ensure an adequate Security posture is put in place to limit the risks of inappropriate or unauthorized access and ensure compliance with applicable privacy and security policies/laws/regulations.

The key responsibility from a Compliance perspective is to ensure compliance with National Instrument 52-109 and other applicable regulations during the rollout of Oracle. Key objectives for the Compliance team will include standardizing the controls across the business (regions), increasing the use of automation in carrying out and documenting controls, and working to incorporate as much of the process into Global Business Services (GBS).

Your Impact

Security

• Ensue the Oracle application and all downstream applications comply with WSP Data Privacy and Security compliance requirements (global and regional).
• Work with the business to ensure a proper Data Privacy Impact Assessment (DPIA) and Information Security (InfoSec)
• Assessment has been performed over Oracle and all applicable downstream applications.
• Oversee the User Security Role Design in Oracle.
• Be the guardian of the defined User Security Role Design
• Support the go-live process as new countries are brought on board. This will include providing support over system access loads for dry run, sandbox, and production environments.
• Respond to security related help desk tickets during and after go-live
• Work closely with the Application Support team to optimize end user support processes for user security and access.
• Review and analyze requests for access that do not follow the model. In cases where access is required that is outside the model analyze risks and ensure proper mitigation is in place.
• Support new go-lives and mergers and acquisitions. Oversee any changes to the Security Role Design as new countries and/or mergers and acquisitions are on boarded.
• Work with the Identity Management (SailPoint IIQ) application support team to define/evolve/manage the auto provisioning process.
• Assist with the ongoing development of the SailPoint auto provisioning process for WSP Oracle users.
• Maintain and provide mapping from WSP Job Code (position), to Persona, to Role.
• Work with business to define the process to provision sensitive access.
• Stay abreast of new and changes to existing privacy and IT security related regulations (GDPR, Bill 64 Quebec, etc.). Analyze the impact of these new/changed regulations on the Oracle Security Model and work with the business to implement required changes.
• Through the rollout of Oracle and the related Security Model, improve WSP’s capacity to address cybersecurity threats/vulnerabilities and improve remediation efforts.

Compliance

• Oversee the review and enhancement of the Global & Regional Internal Control Framework during the rollout of Oracle in each country. Ensure that all compliance requirements are met and that a consistent control framework is established that can be rolled out to all regions.
• Analyze and update the existing 52-109 Controls (ICFR and ITGC) to reflect the business processes with Oracle in place. Ensure all control risks are adequately mitigated and control objectives are met.
• Enhance the control framework through the rollout of tools available through the Oracle Risk Management Cloud
• Work with the business to implement the Advance Financial Controls (AFC) to enable continuous monitoring of expense and payables transactions in Oracle ERP Cloud.
• Work with the business to implement Advanced Access Controls (AAC) to enable continuous monitoring of all access policies in Oracle ERP, potential violations, insider threats and fraud. AACs automate security analysis to ensure segregation of duties, and compliance with access policies.
• Review monitoring and alerts available through the Oracle App Detector and work with the business to define alerts that will be helpful in monitoring and managing business and IT risks.
• Enable configuration monitoring across all modules to ensure only known authorized changes are made to configurations.
• As new countries are brought on to the platform work with local Compliance team to define local regulations that may require enhancements to the Global model. Examples include the Federal Accounting Regulation (FAR) in the US and GDPR in the UK.
• Collaborate with the WSP Ethics and Compliance (E&C) team to understand their list of requested enhancements to E&C controls through the implementation of Oracle. Work with Global Process Leaders, SMEs, and program leadership to determine the feasibility, required effort, and obtain approval for requested enhancements.
• Manage a team of employees and contracted resources in carrying out the roles and responsibilities of the Security and Compliance team.
• Accommodate sometimes conflicting requirements and constraints from diverse stakeholders, such as Horizon Program Leadership, local Business Process Owners, IT, SMEs, and Oracle.
• Analyze, shape, and prioritize stakeholder requirements to ensure they meet security and compliance requirements.
• Build relationships with global and regional stakeholders such as, Internal Audit, Ethics and Compliance, the Financial Compliance team, CISO, and Global IT.
• Provide regular updates to key stakeholders.

Who You Are

Required Qualifications

• Bachelor’s degree in Computer Science, Engineering, or a related discipline
• Minimum of 15 years of experience in audit, controls, information security consulting, or related services, with a strong technical background
• Strong experience in security policies and controls, and information security strategy and architecture, in a global context
• Strong experience in governance, risk and compliance; security policies and controls; and information security frameworks and standards
• Experience in working with outsources services/providers
• Background in Information Technology systems
• Outstanding organizational skills, able to multi-task on multiple projects at one time
• Excellent verbal and written communication skills
• Ability to manage your time efficiently
• Proven ability to prioritize tasks effectively, with attention to detail

#LI-AS1

Additional Requirements

• To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform essential job functions.

Additional Details

• Travel Required: 10%
• Job Status: Regular
• Employee Type: Full
• Primary Location: LAWRENCEVILLE - LENOX DR
• All locations: US-NJ-Jersey City, US-NJ-Lawrenceville, US-NJ-Marlton, US-NJ-Morris Township, US-NJ-Mount Laurel, US-NJ-Newark

About WSP

WSP USA is the U.S. operating company of WSP, one of the world's leading engineering and professional services firms. Dedicated to serving local communities, we are engineers, planners, technical experts, strategic advisors and construction management professionals. WSP USA designs lasting solutions in the buildings, transportation, energy, water and environment markets. With more than 15,000 employees in over 300 offices across the U.S., we partner with our clients to help communities prosper. www.wsp.com

WSP provides a flexible and agile workplace model while meeting client needs. Employees are also afforded a comprehensive suite of benefits including medical, dental, vision, disability, life, and retirement savings focused on providing health and financial stability throughout the employee’s career.

At WSP, we want to give our employees the challenges they seek to grow their careers and knowledge base. Your daily contributions to your team will be essential in meeting client objectives, goals and challenges. Are you ready to get started?

WSP USA (and all of its U.S. companies) is an Equal Opportunity Employer Race/Age/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Disability or Protected Veteran Status.

The selected candidate must be authorized to work in the United States.