BITCO Corporation is seeking a
Senior IT Security Engineer (Identity & Customer Access Management) to join our home office located in
Davenport, IA. As a respected specialty insurer with 11 branch offices across 10 states, BITCO delivers tailored insurance solutions to complex industries such as construction, forest products, and oil and gas. This position is open to a hybrid work arrangement, blending flexibility with meaningful in-person collaboration.
Position Summary:As part of the Cybersecurity team, the Senior IT Security Engineer will focus on maturing IAM/CIAM Services by resolving complex access issues and responding to audit requests. You will be responsible for assisting with all types of user's access policy, process, and audit needs, applying improved role definitions, and following up on compliance evidence requests. This role is an elevated position built to help build the future of IAM/CIAM practices at BITCO and provide excellent customer services while troubleshooting access issues preventing a user from performing their role.
This role is responsible for handling information technology security practices focused on Identity and Customer Identity Access Management, in addition to procedures which includes analyzing, implementing, and monitoring practices and procedures enhancing our Cybersecurity profile. This role also participates in activities with the Internal Audit department and outside auditors to ensure internal and external security requirements are implemented and maintained as required.
Primary Responsibilities: - Review, modify, and administer identity lifecycle management processes, ensuring timely and accurate provisioning/de-provisioning of user accounts and access rights.
- Collaborate with cross-functional teams to integrate IAM/CIAM solutions with enterprise applications, directories, and infrastructure components.
- Facilitate regular access reviews and audits to ensure compliance with regulatory requirements and internal security policies.
- Evaluate business impact and risk exposure based on the level of access granted and make recommendations on where improvements should be made.
- Engage across functional teams to ensure we are implementing role-based security across all modern business applications with a minimal access-based philosophy.
- Maintain understanding of business processes to aid in managing enterprise identity and access requirements.
- Troubleshoot IAM/CIAM- related issues, investigate root causes, and work to implement corrective actions to maintain system availability and integrity.
- Develop and maintain documentation, procedures, and guidelines related to IAM/CIAM operations and processes.
- Provide IAM/CIAM technical guidance and mentorship members of the Operations team.
- Facilitate IAM/CIAM functionality discussions with customers to increase awareness in current role and access definitions.
- Work directly with application and system owners across the organization to gather information on entitlements and access needs.
- Work directly with application and systems owners to define and document application integration requirements with Organizational Information Management
- Participates in the recommendation, acquisition, configuration, and maturation of software/utilities used to administer, monitor, and review information technology security activities
- Develops and maintains an understanding of various security software/utilities relationships to administer, monitor and review security related activities, periodically reviewing the configuration of these tools to ensure we have comprehensive security coverage.
- Facilitates the coordination and preparation of distribution of reports to I.T. management and (when required) to internal/external auditors.
- Participates in recommending and reviewing changes to internal security related practices/documentation to ensure they are appropriate and current with business requirements and IAM/CIAM best practices. Implements or streamlines new practices or procedures where necessary and updates, facilitates Management review, and company adoption.
- Develops and maintains an understanding of external and internal security practices required to meet corporate and regulatory requirements involving the security, maintenance and retention of company data records.
- Participates in and maintains the process for scheduled and unscheduled audits of information technology related security practices and procedures, maintaining a record of the results, and owns the process of reporting and closing any unresolved/remediated audit findings to IT and Business management.
- Performs routine and special assignments in support of IAM/CIAM security related tasks such as internal and external password strengthening, compromised process enforcement, SSO, initiation, reset and termination, password standards testing,
- Performs other duties as assigned
Qualifications:- Bachelor's Degree in Computer Science, Information Systems, or Business Administration with Technology as a core component preferred
- Certificates pertaining to IAM/CIAM and access controls preferred or related work experience
- At least 4-7 years' experience in IAM/CIAM technology and access governance.
- Hands-on experience with IAM/CIAM platforms such as Microsoft Azure Active Directory, One Identity Manager, or similar.
- Experience in organizations experiences large modernization changes, legacy/Technical debt retirement, and SaaS platform (Duck Creek, Kalepa, SNOW, SFDC, EDW) implementations
- Familiarity with the following IT Security concepts is preferred:
- IT security risk and mitigation strategies
- Security frameworks
- Regulatory guidelines
- IT security logging and monitoring
- IT security monitoring tools
- Controls, best practices, and security protocols
- Operating systems, networks, and security fundamentals
- Threat knowledge
- Demonstrated ability to manage multiple priorities and projects
- Critical thinking and problem-solving skills
- Excellent oral and written communication skills
Benefits: - Competitive salary paired with a comprehensive benefits package
- Generous paid time off, plus 12 paid holidays annually
- Comprehensive health coverage, including medical, dental, and vision plans
- Additional protection through accident, critical illness, and hospital indemnity insurance
- Company-paid life insurance equal to 2× annual salary
- Company-paid short-term and long-term disability coverage
- 401(k) Savings and Profit-Sharing Plan through Old Republic
- Ongoing education, training, and professional development opportunities
- Support for industry certifications and insurance designations, including financial assistance
- Flexible scheduling with a two-hour window for start and end times within a 7.5-hour workday
- Opportunities to give back through corporate philanthropy and community service initiatives
- Optional benefits including travel, commuter, and pet insurance
- Employee wellness support through a dedicated fitness program
