THE INFORMATION SECURITY IAM ANALYST IS RESPONSIBLE FOR ORGANIZING, ANALYZING, AND DOCUMENTING USER PROVISIONING PROCESSES FOR ALL APPLICATIONS THROUGHOUT THE ENTERPRISE. THIS POSITION WILL DEVELOP TECHNICAL DOCUMENTATION TO ASSIST WITH INTEGRATION INTO OUR IDENTITY MANAGEMENT SYSTEM BY WORKING WITH OUR INFORMATION TECHNOLOGY TEAM. THIS WILL REQUIRE INTERACTION WITH BUSINESS UNITS TO ASSIST WITH DEFINING ROLE BASED ACCESS WHERE APPLICABLE AND DETERMINE THE UNIQUE REQUIREMENTS TO ASSOCIATE APPLICATION USER ACCOUNTS WITH A CENTRALIZED ID VAULT. THIS POSITION WILL ALSO BE RESPONSIBLE FOR DEFINING ROLE BASED ACCESS INSIDE OF IDENTITY GOVERNANCE AND INITIATING ONGOING USER ACCESS REVIEWS AND USER RIGHTS REVIEWS THAT ALIGN WITH COMPANY POLICY. THE ANALYST WILL ALSO WORK WITH MEMBERS IN THE ORGANIZATION TO CONTINUE BUILDING THE INFORMATION SECURITY DEPARTMENT AND IMPROVE THE ORGANIZATION’S SECURITY POSTURE.
- Identity Management (IdM) and Identity Governance (IdG) (40%)
- Coordinate with various application administrators to understand and document the role based access for each application.
- Develop technical documentation to allow accounts in the applications to be associated with identities stored in the ID Vault.
- Coordinate with Information Technology to develop workflows to enhance and automate the user provisioning process.
- Develop training materials to educate the business on Identity Management and Identity Governance processes including role based access.
- Develop and initiate ongoing user access and rights reviews.
- Ensures proper policies, procedures, risk mitigation activities, and operating controls are followed. Reports gaps in policies, procedures, and operating controls to leadership to ensure member impact and risk is mitigated.
- Program Management (30%)
- Coordinate activities with our Project Management Office to ensure all new applications or changes to existing applications have been aligned with our IDM and IDG processes.
- Provide ongoing assessments to ensure that all applications are documented in our enterprise software inventory and that each application has the appropriate risk assessments and classifications.
- Assist the Information Security Officer in developing ongoing proposals for annual tactics to enhance the existing IDM and IDG systems.
- Incident Alert Management (15%)
- Review all alerts, document, prioritize, and monitor for closure or escalation.
- Work with IT department to respond to alerts and close security assessment findings.
- Ensure that alerts across all IT and/or security systems are configured in accordance to information security policy and processes.
- Measure the efficacy of alerts and alert processes to filter out the noise and improve operational response.
- Information Security Metrics (15%)
- Develop metrics and key performance indicators (KPIs) that measure the progress and inherent risk of the organization for Executive Management.
- Responsible for developing and performing information security assessments on a scheduled basis that focus on ensuring policies and procedures are consistently applied.
- Manage external vendors to facilitate information security assessments that have been outsourced.
- Coordinate with internal business units or stakeholders to ensure that information security initiatives are properly documented, communicated, and monitored.
Required Skills
- A Bachelor’s Degree in information technology or computer science is required. Candidates without a bachelor’s degree will be considered who can demonstrate equivalent work experience or training.
- CISSP or GIAC Certification is required. Candidates without these certificates will be considered, however they will be required to obtain certification within the first year of employment.
- At least 5 years of experience in the information technology or information security field.
- Valid driver’s license is required as the position will be required to travel to various locations to perform assessments.
Required Experience