The Senior Identity and Access Management (IAM) Engineer will help facilitate the tactical advancement of Finastra’s identity and access management (IAM) program, which includes identity governance administration (IGA) and privileged access management (PAM) solutions. As part of the broader Information Security organization, this role will participate in a multidisciplinary information security team, applying fundamental systems security understanding, skills, expertise, and experience to maintain and operate complex information systems and security tools that satisfy organizational mission and/or business requirements, including stakeholder protection needs and security requirements. The role will also be responsible for researching, planning, coordinating, and implementing application solutions. The ideal candidate will be self-directed and work effectively in a diverse team environment.
Responsibilities & Deliverables:
- Provide input to the IAM roadmap as it pertains to our current solution technologies (e.g., SailPoint, CyberArk), as well as future technologies, and align priorities to support the roadmap realization.
- Drives IAM initiatives to improve our broader security posture, demonstrated by metrics
- Provides hands-on support, as needed, to initiatives related to our IAM solution technologies
- Engages in continuous technology improvement, process improvement, and quality control
- Oversees access control governance procedures, including periodic access review routines
- Owns the relevant documentation and training required for IAM initiatives and routines
- Reports progress and system health through metrics and KPIs that are risk-driven and/or operational in nature
- Leverages data to drive decision making and advocates for security throughout the organization
- Promotes and delivers with an agile and CI/CD delivery mindset to achieve program objectives
- Addresses ticket queue in timely fashion and follows appropriate change management procedures
- Understands risk and communicates clearly and concisely
- Effectively communicates issues/risks, options, pros/cons, and recommendations to drive change and overcome obstacles
- Stays current on security trends and industry best practices, providing input and recommendations based on research
Knowledge / Skills:
- Extensive knowledge of identity and access management (IAM) concepts, such as authentication, authorization, account lifecycle (joiner, mover, leaver), password policies, MFA principles, RBAC/ABAC, least privilege, etc.
- Knowledge of LDAP/Active Directory, and relevant IT architecture
- Familiarity with compliance organizations and standards (i.e., SOX, PCI, etc.)
- Familiarity with scripting languages (i.e., PowerShell, etc.) a plus
- Knowledge and understanding of APIs, specifically RESTful APIs, and familiarity with service-oriented architecture and web services integration (SOAP, WSDL, REST) a plus
- Knowledge of web technologies (XML, HTML, SPML/SOAP, etc.), PowerShell, SaaS applications, network operations (networks, protocols and email [SMTP, POP3]) a plus
- 5+ years of experience with identity management solutions (e.g., active directory), identity governance administration solutions (e.g., SailPoint), or privileged access management solutions (e.g., CyberArk)
- 3+ years of experience with deploying centralized authentication mechanisms, like SSO
- 3+ years of experience as a systems engineer
- 3+ years of experience with performing control routines and providing requested audit and attestation evidence
Education / Certifications:
- Bachelor's degree from an accredited college or university, or equivalent experience. A degree in Computer Science, Computer/Data Systems Management or a related field or discipline is preferred but not required.
- Certification in one or more of the following areas is desired but not required: Certified Information Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM)