As BB&T Lines of Business (LOBs) strive to meet client demands, a steadfast commitment to information security is essential to effectively manage risks associated with change, innovation, and an evolving threat landscape. Corporate Information Security (CIS) strives to achieve an effective balance by partnering with LOBs to align incentives and devise strategies that achieve shared objectives and mutually desirable outcomes. Primary areas of accountability include the following:
• Understand the enterprise's core information security competencies and the value they bring to business processes for a competitive advantage
• Interact with internal and external customers to ensure continuous customer satisfaction, ensuring that SLAs and KPIs are met to support operating units
• Ensures adherence to developed policies, standards and procedures or complete appropriate exception documentation
• Partner with key stakeholders from within the LOB (including LOB Senior Management), CIS, and other groups throughout BB&T IT Services to offer transparency on matters pertaining to Information Security
Essential Duties and Responsibilities:
Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.
- Provide regular updates to CIS management on LOB strategies, critical projects and related risks, potential policy exceptions, and other items, as applicable. Ensure information security requirements are properly represented throughout LOB processes including risk assessments, new product evaluations, application development, testing, and ongoing operations
- Engage, as necessary, in LOB sponsored projects and advise on information security related matters. Manage the credentials, privileges and access for Active Directory and RACF to ensure all information systems are functional and secure, ensuring that SLAs are met. Maintain IAM security policy including providing updates to CIS procedural documents to support policy
- .Analyzes security-related technical problems and provides basic engineering and technical support in solving these problems
- .Represent CIS when working with BB&T business partners to understand business problems and providing solutions to those problems.
- Effectively support the production applications within the assigned area, with a focus on quality implementations and production stability. This includes managing audit/risk profile and issues and data custodian responsibilities.
- Review technical and business processes, standards and procedures, making recommendations for continuous improvement.
- Assists in the development of testing strategies, methodologies and analyses; evaluates the adequacy and effectiveness of policies, procedures, processes, systems and internal controls; analyzes business and/or system changes to determine impact; identifies and assesses operational risk issues and assigns risk ratings consistent with established policy standards.
- Helps to prepare group-level reporting on program initiatives, implementation status, risk metrics and trends, and incidents and issues, as required.
- Assists in the development and execution of auditing processes to identify system access anomalies.
Required Skills and Competencies:
The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Bachelor’s degree in information technology, business, or related discipline, or equivalent experience
- Minimum of five years of demonstrated experience in an Information Security access administration support role for security technologies and identity management solutions, preferably at a financial institution
- Highly adaptable to a constantly changing business and technology environment Familiarity with multi-platform environments and their operational/security risk considerations
- Good verbal and written communication skills Demonstrated proficiency in basic computer applications, such as Microsoft Office software products
- Experience with administration and customer support for two or more information security technologies: Active Directory, RACF as well as enterprise applications on-prem and on Cloud Experience with an IAM solution (Oracle, Sailpoint, MS Azure, CA SiteMinder, Centrify)
- Exposure to IAM applications with common identity stores (LDAP, relational databases, application servers, virtual directory servers, physical access management systems)
- Ability to travel as-needed
- Experience with Information Security frameworks or standards such as ISO27001 or COBIT Knowledge of financial services industry and all applicable regulations and industry standards
- Familiarity with audit processes as they relate to SOX, PCI-DSS and GLBA information protection requirements
- Experience with an IAM solution (Oracle, Sailpoint, RSA Aveksa, MS Azure, CA)
- Other technical certifications (e.g. CISSP, GIAC, CISA, GISF, CQIA, ASQ)