Summary of This Role
Identity and Access Management – Associate Director – will be responsible for leading an architecture team enabling dynamic design/implementation/integration of multiple platforms supporting secure access control and providing a seamless user experience for both team members and internal/external client. This leader will ensure all activities meet organizational standards and solutions align with meeting regulatory compliance. Enables quality standards for access management and oversees implementation and execution of new identity and access management architecture engagements.
What Part Will You Play?
1.Leads and maintains a global Identity and Access Management Architecture team and its functions for all enterprise identity/access management systems. Maintains numerous IAM platforms supporting identity management, single-sign-on, step-up authentication, IAM audit/monitoring solutions, application integration solutions. Provides detailed consulting and reporting to leadership, clients, business owners and technical experts across the enterprise. Identifies areas for process workflow improvement, assists in validating standard operating procedures. Monitors information security identity and access management industry and communicates on the potential impact on or applicability to the organization from a provisioning perspective. Oversees administration of provisioning processes to safeguard against excessive access, separation of duties, and least privilege. Creates business cases for identity and access management security investments. Leads and executes tactical activities supporting strategic initiatives.
2.Establishes and maintains appropriate and effective data used to provision users across multiple environments/applications. Ensures identity and access management team members maintain current knowledge of provisioning best practices and alignment/adherence to corporate security policy. Creates and/or matures an effective identity and access management security governance, policy, and process to mandate repeatable, accurate and validated processes. Provides guidance and advocacy regarding prioritization of investment and implementation of projects in line with security strategy. Ensures adherence to industry best-practice approaches to onboarding, implementation, operation and management for provisioning systems. Assists information owners in identifying user access requirements for onboarding new systems/applications.
3.Leads, maintains and improves the global identity and access management architecture team. Validates and provides identified gaps in current processes. Maintains and improves the identity and access management program to evolve with emerging technology and ever growing compliance oversight. Provides guidance and analysis of emerging risks to leadership, business owners and technology owners as it relates to identity management platforms. Establishes and maintains effective partnerships with independent teams to evangelize security priorities, methodologies, awareness and compliance.
4.Leads and maintains a comprehensive program that is fully compliant with policy requirements (e.g., Payment Card Industry Data Security Standards (PCI DSS), Federal Financial Institution Examination Counsel (FFIEC)). Develops, maintains, and distributes comprehensive reporting of security findings to internal owners and external compliance assessors. Presents program standards to clients and assessors to validate compliance to requirements. Directs the development of new metrics and reporting on business unit compliance with corporate information security standards.
5.Provides consulting to application owners and supports analysis of integration functions for automation. Provides expertise on best practices and security to technical owners during project implementation design and testing phases. Reviews technical design documents to validate security considerations are understood early within the development/onboarding process. Verifies systems are implemented and effective in meeting identity and access management expectations.
6.Delivers information security requirements in a way that is understood and effects change. Provides analysis of identity and access management program and issues security briefings to internal and external stakeholders when applicable. Interfaces with application owners and stakeholders in the access review process. Ensures high level of customer service is provided to internal and external clients. Conducts survey assessments and gap analysis reporting to determine where improvements can be made, and the changes required to make improvement. Develops and improves procedural documentation for the standardization and repeatability of administrative tasks. Delivers guidance to distribute critical access ensuring alignment with identified service level agreements. Assesses and approves non-routine requests based off of risk level, business impact, and cost. Reviews and approves of project charters, requirements, and solution documentation involving the identity access management provisioning team.
7.Provides regular reporting to senior leadership on status of audit/compliance information, security controls, projects, work requests, and process improvements. Participates in client meetings and corporate sponsored forums. Leads communication with internal and external counterparts to set priorities for work and builds cross functional teams.
8.Reviews and supports the implementation of new processes and other actions to be deployed within security technologies that are recommended by information security identity and access management architecture team. Consults with identity and access management mainframe provisioning team/provisioning team along with technical leadership, and outside security vendors to validate recommended security control measures. Reviews policy and configurations within security technologies to ensure effectiveness of mitigating risk.
What Are We Looking For in This Role?
- Bachelor's Degree
- Relevant Experience or Degree in: Business or IT related field and/or the equivalent of training and experience
- Typically Minimum 8+ Years Relevant Exp
- Responsible for the implementation, security, maintenance and access administration of information security managed technologies
- Must have the ability to pass and maintain a government level security clearance
- Bachelor's Degree
- Computer Science, Information Security, Information Assurance, Audit, related technical field and/or the equivalent of training and experience
- Typically Minimum 4 Years Relevant Exp
- Experience supporting UNIX, Windows Server, mainframe and/or HP NonStop systems. Experience with remote administration tools, basic networking concepts, Help Desk support, scripting/programming and/or logical access administration using security products (ACF2, Active Directory, LDAP, etc.).
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Security Essentials Certification (GSEC) or other industry recognized Information Security certification strongly preferred