8901 - Corp Office West Crk - 12800 Tuckahoe Creek Parkway, Richmond, Virginia, 23238

CarMax, the way your career should be!
About this job

At CarMax, we are industry disruptors. At the heart of our innovation is new digital products. Working on many different aspects of the customer experience, our Senior Engineers research and discover new opportunities and shape products to fulfill them. From inception to completion, you will develop tools and technology, learning quickly from our spirit of experimentation. You will have a direct impact on improving the performance of our business and ensuring customers can buy the vehicles they want in a way that is right for them!

Purpose of the role

It requires a passion for security, compliance, and technology to ensure a public organization remains secure and SOX compliant by establishing effective controls and innovative products and processes. As a key member of a collaborative and creative Oracle technology team, working alongside Audit and Compliance partners, you will take the lead in managing the end-to-end Oracle Cloud security (ERP SaaS, PaaS, EPM). This includes, but is not limited to, access provisioning, SOD analysis, and process design. Additionally, you will be responsible for the execution of ITGCs (IT General Controls) and other audit-related activities throughout the year.

• Lead and manage Oracle access provisioning processes for Oracle ERP SaaS, PaaS, and EPM, including the implementation of new solutions based on business requirements. This involves leading functional design, prototyping, and process design stages, while collaborating with our SI partner, other technology teams, and internal business SMEs.
• Oversee and manage all ITGC controls for ERP SaaS, PaaS, and EPM, ensuring that all ITGC documents are kept up-to-date and any necessary execution changes are implemented. Ensure all controls are executed on time and audit board tasks are submitted promptly.
• Lead discussions related to audits and controls with both internal and external auditors, compliance partners, and the controls team. This includes, but is not limited to, process improvements, control language revisions, and operational efficiencies.
• Manage all audit board and SOX-related activities outside of ITGCs throughout the year.
• Collaborate with CarMax associates and business stakeholders to understand current processes and challenges and work together to design solutions that enhance customer and associate experiences.
• Partner with IAM, security, and various operational and technical teams to develop solutions and bring innovative ideas to life.
• Promote your innovative ideas internally, evolving them based on feedback and critique within an agile environment.
• Stay informed about industry trends and best practices to continually improve operations and ensure optimal customer and associate experiences.
• Lead the analysis for converting existing legacy data into Oracle by reviewing data extracts and data mapping.
• Effectively lead change initiatives, collaborating with management and users to ensure engagement, encourage contributions, and foster teamwork for successful project execution.
• Take a hands-on approach to understand, validate, build, test, train, and support users in simplifying business processes across security platforms.
• Collaborate with offshore and onsite technical teams to develop solutions based on business requirements.
• Design and configure new and existing workflows, document processes, and maintain Standard Operating Procedures (SOPs).
• Conduct business interviews to solidify system requirements and work with application team members and product owners to prioritize and ensure transparency for critical initiatives to scale the company.
• Ensure that business requirements are translated into technical user stories for development.

• Bachelor's Degree in Computer Science, Decision Science, Engineering, Statistics, or a related field, or equivalent alternative education, skills, and/or practical experience is required and 5+ years of relevant work experience or
• Master's Degree in Computer Science, Decision Science, Engineering, Statistics, or a related field, or equivalent alternative education, skills, and/or practical experience is required and 3+ years of relevant work experience

• Proven expertise in the implementation, upgrade, enhancement, analysis, design, development, testing, and support of Oracle Fusion Cloud, PaaS, and EPM security (Roles and Permissions), with a strong understanding of LBAC and RBAC.
• Over 5 years of experience in architecting and designing security solutions for Oracle Enterprise applications, including PaaS services.
• More than 5 years of experience working with the Risk Management Cloud module and/or GRC (Governance, Risk, and Compliance), with additional knowledge of Cloud ERP financial modules such as GL, AR, AP, PO, FA, Cash Management, Tax, Project Accounting (Billing/Costing), and Inventory Costing being an advantage.
• Hands-on experience managing audit and compliance requests for evidence, completeness, and accuracy. A strong understanding of SOX (Sarbanes-Oxley Act) is critical for success in this role.
• Experience with Oracle Cloud OTBI and BI Publisher.
• Ability to articulate complex systems and technical topics in a clear, concise manner.
• Strong problem solving and analytical capabilities.
• Develop, design, test and validate configuration/customizing related to new business processes developed as part of the business process improvement initiatives either as production support initiatives or in new projects.
• Work independently with business process owners on presenting innovative solutions, leading workshops from scoping phase through realization phase of the projects.
• Ability to handle multiple simultaneous tasks and consistently deliver on activities.

• Oracle ERP Risk Management Module and basic understanding of other financial modules.
• Oracle Cloud security architecture and processes.
• Access Provisioning, Roles & Permissions, Custom Role creations, LBAC, RBAC, Authentication & Authorization.
• IDCS (Identity Cloud Management Service) and OCI IAM (Identity Management)
• ERP SaaS to PaaS sync process.
• SOX & Compliance activities.
• ITGC
• Oracle Cloud OTBI, BI Publisher
• SQL knowledge
• Business process knowledge
• Requirements Gathering
• Unit Testing
• Oracle certification is good to have.