The Identity and Access Management team is responsible for access control and all associated programs. Applications supporting these programs include Okta, SailPoint and Duo. This role is responsible for:
- Administering these tools, including testing and installing system updates
- Developing custom integration, workflows and rules between tools
- Planning, implementation, enforcement and review of security policies, procedures, and controls which safeguard the integrity of and access to enterprise systems, files, and data elements.
- Documenting business and technical requirements for Identity and Access Management systems and processes.
- Documenting and maintain policy, procedures, processes, controls, and job aids to support Identity and Access Management services.
- Participating in Identity and Access Management governance and processes to drive IAM service adoption and evidence gathering to support audit requests.
- Processing access requests from internal and external customers.
- Leading troubleshooting and resolution of system issues that might contribute to enterprise Production problems.
- Managing project work through all phases (design, build, test, cutover).
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
- Work collaboratively across IT and Business departments to implement technical solutions (partnering with PAT, ETS, HR, Legal, Security, etc.)
- Under limited direction from management, monitor, evaluate and maintain systems and procedures to protect networks, systems, and databases from unauthorized use.
- Document business and technical requirements for Identity and Access Management systems and processes.
- Document and maintain policy, procedures, processes, controls, and job aids to support Identity and Access Management services.
- Participate in Identity and Access Management governance and processes to drive IAM service adoption and evidence gathering to support audit requests.
- Research, recommend and implement changes to procedures and systems to enhance systems security.
- Report on controls, evidence gathering and control execution.
- Assist in communicating security policies and procedures to users.
- Assist internal and external customers with multi-platform security access issues and requests.
- Assist in identifying or developing tools or methods to track and monitor risk
- Support management with special projects and other duties as assigned.
The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
- Requires excellent analytical ability, consultative and communication skills, strong judgement, and the ability to work independently with both local and remote IT staff/management, vendors, and consultants.
- Availability for 24 x 7 “on-call” support responsibilities.
- Membership in Information Security industry organizations such as ISSA, CSI, Infragard, SS-ECTF, etc. a plus.
Demonstrated proficiency in the following technologies:
- Microsoft Active Directory (LDAP)
- Experience working in and developing solutions for a highly regulated environment or organization that leverages a security framework (such as NIST, COBIT, etc).
- Must have developer experience with various languages, but primarily Java and PowerShell.
- Experience with Multi-Factor authentication protocols (RADIUS) and systems (Entrust, Duo, or similar).
- Experience with Single-Sign on protocols (OIDC, OAuth2.0, SAML, SWA, etc) and systems (Okta, Ping, Siteminder, or similar).
- Basic knowledge of Linux operating system administration.
- Basic knowledge of Windows server and desktop operating systems
- Basic knowledge of firewall and intrusion detection systems
- Basic knowledge of Amazon Web Services (AWS)
- Basic knowledge of Controls, Risk Ranking/mapping, Remediation items and general IT audit
Preferred (nice to have)
- Understanding of NIST Special Publication 800-53 (Rev. 4) and COBIT framework
- Sailpoint Identity IQ administration or experience
- Mainframe architecture
- CA-ACF2 Mainframe access control facilities
- Directory services, LDAP, and their inherent security (Active Directory, CA Directory).
- Bachelor’s degree in Computer Science, Engineering, or other related field.
- Hands-on IT or security operations experience
- Basic knowledge of threat actor capabilities, intentions, methodologies and motives.
- Familiarity with computer network exploitation and network attack methodologies.
- Industry knowledge of security technologies and methods