Individuals within the Information Security role plan, execute, and manage multi-faceted projects related to risk management, mitigation and response, compliance, control assurance, and user awareness. They are focused on developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization. These individuals provide expertise and assistance to ensure the company’s infrastructure and information assets are protected.
Individuals develop security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security assessment procedures and use of firewalls and encryption routines. They perform security assessments and security attestations. To enforce security policies and procedures, they monitor data security profiles on all platforms by reviewing security violation reports and investigating security exceptions. They update, maintain and document security controls and provide direct support to the business and internal IT groups. These professionals work directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. They also communicate and educate IT and the business about security policies and industry standards, and provide solutions for enterprise/business security issues.
PRIMARY DUTIES AND RESPONSIBILITIES:
IDENTITY AND ACCESS MANAGEMENT
- Establish standards, driving designs and implementation of appropriate identity and access management processes and controls which help improve operations and lower risk
- Drive the design, implementation and management of a shared service which covers: Identity Life Cycle Management, Access Management (SSO, federation, multi-factor), Role and Rights Management, Entitlement Review and Attestation (Audit & Assurance) and Identity & Access Analytics
- Understand a variety of IAM-related product suites and tools in order to make critical operational and strategic decisions. Example products include: Oracle OIM, Oracle OAM, Oracle OUD, Ping Identity, Quest Change Auditor, ADFS, Active Directory, PowerShell scripts, Sailpoint, Avatier, etc.
- Directly partner with the enterprise Finance, Legal, Audit and Compliance executives to support Internal and External Audits relating to IAM (SOX, COBIT, IT Controls)
- Lead the development, implementation and management of relevant metrics to measure the efficiency and effectiveness of the IAM program
- Drive the tracking and resolution of Identity-related Audit findings and remediation activities
- Participate in the design and manage the implementation of an Enterprise Information Security Management System (ISMS) which includes appropriate policies, procedures, operational considerations, IT change control, and IT risk and compliance management programs. These efforts include (but are not limited to): Information Security Governance processes, Policies & Procedures, Audits, Metrics and reporting in direct alignment with contractual, regulatory and compliance requirements.
- Lead the development and implementation of prudent enterprise security standards, guidelines and procedures to protect the integrity, availability and privacy of all corporate information assets
- Support Business Unit and IT executives through the process of prioritizing security initiatives and spending based on relevant business risk and regulatory compliance issues, financial implications, and alignment with the corporate strategic plan
- Manage, develop and mentor teams of Identity and Access Management professionals as well as contractors, vendors and services providers
- Support strategic and tactical security, risk mitigation and regulatory compliance guidance for all IT projects, including the evaluation of enterprise policies, processes, operating procedures and governance controls
ADDITIONAL DUTIES AND RESPONSIBILITIES:
- Responsible for all associate relations functions for department staff including hiring, terminating, performance management, development and training
- In alignment with the Company's growth and direction, assists in managing the development of budgets, controls and measurements to monitor progress
- Makes recommendations for succession planning
- Performs related duties as assigned
What your background should look like
EXPERIENCE AND EDUCATIONAL REQUIREMENTS:
- 6-8 years progressively responsible experience in the design, implementation and management of Information Security Shared services for a global corporation (Fortune 500)
- Experience leading functional business and technical teams in a large and complex, environment to deliver IAM capabilities
- Experience with process improvement design and process mappings in order to implement IAM capabilities to address business challenges
- Wide-ranging experience managing a variety of IAM technologies as well as IAM migration experience to/from different platforms
- Strong knowledge and experience managing the following IAM activities: ID administration, governance/auditing, IAM reporting, IAM tool operations
- Seasoned manager of professionals and cross functional teams, who can develop and retain top talent in the field
- Demonstrated success in managing an Information Security Framework, solution and service for a cross functional corporation.
- Extensive experience with Healthcare regulatory and information security guidelines, audits as well as external audit processes and requirements
- Demonstrated successful implementation of security control frameworks and standards such as ISO 27001, ISO 17799, COBIT, ITIL, NIST and PCI
- Certification in Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP) and/or equivalent business experience in a matrix Organization required
- Directly applicable International / Global Experience desired
- Excellent understanding of IT Security & Risk Management, strategic planning and the related tactical initiatives needed to achieve the plan.
- Understanding of financial management and departmental budgeting desired
MINIMUM SKILLS, KNOWLEDGE AND ABILITY REQUIREMENTS:
- Prefer someone with experience managing large-scale identity and access management solutions and operations
- Experience with leading teams responsible for Identity management related activities such as account provisioning, application provisioning, password management, etc.
- Demonstrated ability to effectively present, manage conflicts and interact at Senior Executive levels (CEO, CIO, CFO and Controller) and resolve critical and sensitive issues with external partners and customers
- Demonstrated ability to meet objectives, deliver quality results in a high performance environment
- Excellent skills interacting and mediating sensitive situations at all levels of the organization and with external customers and auditors
- Ability to easily defuse critical situations and manage escalations appropriately
- Ability to communicate effectively both orally and in writing; ability to communicate with customers, associates and management in a cross functional matrix organization; solid teamwork and interpersonal skills
- Strong presentation skills; ability to present and discuss business issues, strategies as well as technical information in a manner that establishes rapport, persuades others, and gains understanding at all levels of the organization
- Ability to establish solid relationships with vendors in support of initiatives; ability to negotiate and manage outside vendors against deliverables
- Good business and financial planning, analytical, and conceptual skills to evaluate business risks and apply knowledge to identify appropriate solutions
- Solid project management skills including the ability to effectively deploy resources and manage multiple projects of various diverse scope in a matrix and cross-functional environment
- Solid knowledge of information security principles and practices
- Excellent interpersonal, communication and collaboration skills to successfully interact and influence employees and key business partners and providers at all levels
- Excellent track record communicating, managing complex projects and influencing others, in a diversified and international matrix organization. Adept at proposing, implementing and managing change while prepared to question the “Status Quo”
- High level of personal integrity with the ability to professionally handle highly sensitive and confidential situations with Executives, Customers and 3rd parties
- Ability to deal with ambiguity very dynamic and high speed and complex business environment
- Demonstrated ability to serve as a respected member of a senior management team and effectively communicate security-related concepts to a broad range of technical and non-technical management and staff, including executive management