Participate in gathering and analyzing business and technical requirements to develop enterprise-wide Identity and Access Management (IAM) processes and procedures.
Demonstrate a solid understanding of risk and change management, security policies and controls, user account lifecycle management, onboarding/offboarding, role-based access control (RBAC), access governance, and directory services.
Translate business requirements into specific system, application, or process designs.
Collaborate with cross-functional teams, including business units and technical stakeholders, to identify and define functional requirements, and contribute to or lead the design of IAM solutions.
Engage in a broad range of IAM design activities from requirements analysis to implementation.
Apply your knowledge of various IAM products and domains, with the ability to quickly adapt to new tools and technologies through self-learning or formal training.
Provide support for identity provisioning, governance platforms, and privileged access management (PAM) tools.
Lead and contribute to IAM-related projects to ensure successful delivery of objectives.
Identify and communicate high-level functional gaps, risks, and potential issues, and propose effective solutions.
Monitor service delivery against SLAs and escalate exceptions as needed.
Perform IAM-related risk assessments and consult on project implementations to ensure alignment with RBAC frameworks and internal security policies.
Drive improvements in RBAC processes, governance policies, and IAM lifecycle workflows.
Lead or contribute to incident and problem management efforts, ensuring root cause analysis and future incident mitigation.
Participate in on-call production support rotations and work with vendors to resolve technical issues.
Influence the IAM strategy by making informed decisions on complex technical challenges.
Support internal and external audit readiness by preparing and organizing required audit documentation.
Design and implement key management controls to ensure encryption key security throughout the lifecycle.
Conduct physical access control reviews and physical security assessments for restricted areas.
Promote and extend secure access control practices across the organization and its affiliates.
Qualifications:
A positive, proactive mindset with strong empathy and team collaboration skills.
Bachelor's or Master's degree in Computer Engineering, Information Security, MIS, or a related field.
Minimum of 5 years of experience in cybersecurity or IAM domains.
Solid foundation in information security principles and best practices.
Knowledge of international security frameworks and standards, such as COBIT, NIST 800 series, ISO/IEC 27001, PCI-DSS, and OWASP.
Familiarity with end-to-end security architecture including network, platform, and application layers.
Experience with application/system security controls, IAM risk assessments, and access governance.
Strong skills in technical writing, documentation, process mapping, and visual communication.
Ability to develop and execute a clear vision for IAM and security solutions.
