ERP security is not just role provisioning. It's the layer that makes sure one person can't order, approve, and pay — all on their own.
A major construction and development group has just rolled out Oracle Fusion across Central Europe. Now comes the harder part: making sure the security layer is actually owned — not just kept running. You'll have a senior Oracle Fusion colleague from the international team as backup and sparring partner. In 12 months, you should be able to cover for them.
This isn't for someone who waits for tickets. Not for an architect who wants to redesign everything. This is for someone who understands SoD, designs roles with intent, and knows that compliance is not optional.
This is one of the world's largest construction and development groups — active across Europe and North America, 30,000+ employees, consistently ranked in the global top 20. Buildings, infrastructure, urban regeneration. Projects that shape how cities look for decades.
At the core is an Oracle Fusion ERP covering the entire Central Europe region — Financials, HCM, and Supply Chain across multiple countries. The IT organisation is international, with governance in the UK. The culture is Scandinavian: open, direct, and flat by enterprise standards.
This is the next step in how their IT is evolving. Maybe that step involves you.
Oracle Fusion is live. Roles, access rights, and SoD rules were set during implementation — but that's not the same as long-term ownership. Now it needs someone who actually owns this layer.
The goal is to build real ERP security competence in the Czech Republic — connected to the international team, but with real ownership on the local side. The team is growing. This is a new position, not a replacement hire.
Job description
Role / Mission:
Your mission is simple: make sure people in Oracle Fusion have exactly the access they need. Nothing more. Nothing less.
That means designing and maintaining roles, running SoD analyses, managing user lifecycle, and working with business and IT to turn requirements into configurations that actually work.
You report to the Head of ERP. You're one of the core members of an internationally distributed EMEA team — architects, analysts, developers, and support. A senior Oracle Fusion colleague is there not to watch over you, but to step in when things get tricky.
You help define the security rules for the region, not just execute them.
The impact is direct. One bad role setup or a missed offboarding creates a gap in controls. A good setup passes audits without drama.
After 12 months, this is what good looks like: you know the full access map for the region, you run SoD analyses independently, your documentation is current, and an audit doesn't catch you off guard.
Key Responsibilities:
* Design, implement, and maintain roles, responsibilities, and access controls in Oracle Fusion (Financials, HCM, SCM)
* Run SoD analyses and resolve role conflicts — understanding what you're configuring, not just clicking through
* Manage the full user lifecycle: onboarding, changes, offboarding — accurately and on time
* Configure advanced controls in Oracle Risk Management Cloud (notifications, model controls, perspectives, state management)
* Prepare documentation for internal and external audits (SOX, GDPR) and actively support audit activities
* Keep security process documentation current — not just before audit season
* Work with business process owners and IT to translate requirements into technical configurations
* Escalate issues to Oracle Support Portal when they go beyond what the team can handle internally
What This Role Is NOT:
* Not a helpdesk or ticket queue — you don't just click approve, you actually understand what you're granting
* Not a systems architecture role — overall system design is with a more senior colleague in the international team
* Not infrastructure or network security — this is the Oracle Fusion application layer, full stop
* Not a short-term or transitional position — stable, long-term role in the core IT team
Operating Model:
Working language is English — you'll use it daily with the internationally distributed EMEA ERP team (architects, analysts, developers, and support; governance and senior leadership in the UK). Czech Republic, 1–2 days/week on-site — otherwise remote. Reporting line: Head of ERP.
Requirements
What Matters Most:
Three things that matter:
* ERP security background, hands-on — 2–4 years working with roles, access rights, or identity management in an enterprise ERP. Oracle Fusion is ideal. SAP GRC or another ERP security background works — you'll pick up the Oracle context.
* SoD is not just a term you know — you can explain why a specific role combination is a problem and what the actual risk is. You understand SOX and GDPR beyond just ticking boxes.
* You think before you click — when a role request comes in, you ask why before you approve. That's it.
Oracle Risk Management Cloud, scripting skills, and direct audit experience are strong advantages — not hard requirements. The right mindset and ERP security background will take you the rest of the way.
Nice to Have:
* Direct experience with Oracle Fusion Applications or Oracle Risk Management Cloud
* Scripting or automation skills (Python, Shell) for streamlining repetitive security tasks
* Hands-on SOX audit preparation or support experience
* Oracle or relevant IAM certification
These are nice to have — not hard filters. The right ERP security background and mindset will take you the rest of the way.
Offer & Terms
* Direct access to a senior Oracle Fusion expert in the international team — in year one, that's worth more than any cert
* A real path to owning ERP security in Central Europe — this is where things are heading, and this role is part of it
* International setup with local decision-making — you're not just a distant node in someone else's team
* No startup chaos — space to actually do the job properly
WHAT YOU GET:
* CZK 80,000–90,000/month, permanent contract
* Annual bonus 8% + Employee Ownership Programme (shares)
* Czech Republic | 1–2 days/week on-site — otherwise remote
* English language classes + internal training and development programmes
* International exchange programme + mentoring initiatives
* AI tools are part of the daily workflow — not just a slide in a presentation
* Life insurance, private medical care, Multisport, cafeteria, leisure subsidies
* Employee volunteering programme
More information
Interested? Apply or reach out directly:
| linkedin.com/in/jirisoljak
No CV needed. Just your LinkedIn and a few lines about yourself.
You'll speak directly with an experienced IT headhunter who understands the tech — expect a relevant, no-bullshit conversation.
Process:
* Intro call (15–30 min)
* Screening with the CZ ERP team
* Main interview with Head of ERP (UK)
* You always know where you stand — no ghosting, no black box
EU work authorization required. No visa sponsorship.
