As a member of the Identity and Access Management (IAM) team, the Senior Info Security Consultant will be responsible for the day-to-day operations, governance and oversight of Identity & Access Management (IAM) program with an emphasis on Access Control and Segregation of Duties (SoD) reviews. The Senior Info Security Consultant will work closely with lines of business, technology, risk and Enterprise Security Services partners to manage periodic Access Control and SoD compliance and regulatory reviews to ensure compliance with relevant regulations and standards such as Sarbanes-Oxley (SOX), Payment Card Industry (PCI DSS), etc
The candidate will need to have experience with access control design and reviews for common resources, such as Windows, Linux, Databases (i.e. SQL Server, Oracle, DB2), network appliances and mainframe.
Facilitate identification, documentation and mitigation of Access Control and SoD risks with business process owners and stakeholders, through annual business process questionnaire completion and follow-up.
Partner with Business Process Risk Identification Program to provide/update content for stakeholder training on roles relating to SoD processes and annual certification, and lead change management iniaitives related to SoD program.
Perform validation of access controls within Sailpoint Identity Governance Administration
Handle troubleshooting and issue resolution related to IAM processes, ensuring the smooth functioning of the Identity and Access Management program.
Enhance and maintain IAM operating model to include roles and responsibilities IAM risks
Manage and update metrics (e.g. KRIs, KPIs) to track and report risks and report metrics to senior management?.
Champions and maintains effective communication with lines of business and technology groups
Participate in technology and line of business projects.
Three to five + years of experience in technology-related auditing, consulting, programming, and/or operational banking experience
Identity and Access Management experience or background, with experience in Sailpoint a plus
Subject matter expert knowledge of both the business and technical aspects of security and technology
In-depth knowledge of security and technology, with strong understanding of risk management.
Ability to make decisions based on prior experience in a large enterprise environment and solid understanding of the technologies and risks involved.
Competencies and Skills:
Works autonomously and demonstrates solid leadership competencies; organized, leads others towards common outcomes and execution
Demonstrates strong critical thinking and problem solving skills to understand and analyze complex business processes and technologies to make sound recommendations
Possess strong written, verbal, and presentation skills
Ability to effectively communicate with lines of business and technology groups at all levels of the organization
Strong understanding of risk management with ability to identify and assess risks and issues and manage to resolution
Ability to create and implement new processes and procedures
High level of business acumen, preferably in a regulated/financial industry
Strong risk-based analysis and decision making skills