IAM Engineer

Full Job Description

Summary The identity and access management (IAM) engineer position is a practitioner role working under the leadership of Information Security management. The IAM engineer helps define, establish, maintain, and manage identities across the organization. The engineer manages and maintains access to systems and applications following rigorous security, engineering, and governance principles, especially when provisioning and de-provisioning access. This position works closely with IT, cybersecurity operations, incidence response, business units, and third parties. In addition, the IAM engineer helps with provisioning, governing access, SSO, directory services, technical integrations and supporting behavioral analytics.

Essential Functions

• Implement and configure global identity solutions and capabilities including Identity Governance, Single Sign On (SSO), Multi-Factor Authentication (MFA), privileged accounts, automation, and behavior analytics systems.
• Make recommendations and implement improvements in automation, onboarding, and provisioning configurations to improve the end-user experience.
• Document access workflows, policies, and exceptions, and maintain integrity of implemented identity solutions for audit reviews.
• Work closely with security leadership, teammates, and stakeholders to evaluate and implement access models that align with organizational risk posture.
• Assess and resolve IAM issues that occur across the employee base, as well as with external entities.
• Evaluate business impact and risk exposure based on the level of access granted and make recommendations where improvements should be made.
• Work closely with incident responders during potential incidents and escalate to management as needed.

Additional Responsibilities

• Frequently interact with business units to understand their plans, risk posture and tolerance, and how IAM supports their vision and business obligations with security in mind.
• Performs other duties as assigned.

Skills And Abilities

• Familiarity with administering directory services, Windows and Azure AD, SSO, MFA and role-based access control (RBAC)
• Experience administering IAM systems, access controls, security and risk management, and security governance fundamentals
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism
• Demonstrates excellent judgment and decision making skills
• Organized, with the ability to prioritize and complete tasks within defined SLAs
• Understanding of service design, delivery concepts and control frameworks
• Strong verbal and written communication skills
• Track record acting with integrity, taking pride in work, seeking to excel, and being curious and flexible
• Ideally familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), HIPAA, GDPR and GLBA, CCPA, NY DFS Cybersecurity RegulationAdditionally, experience in one or more of the following preferred: ISO 17799, ISO 27001, ITIL and NISTintermediate required
• Experience with one or more scripting languages (e.g., Python, PowerShell, Bash) intermediate preferred

Qualifications

• H.S. diploma/GED required
• Bachelor's degree preferred Information Security, Computer Science, Information Technology, Information Assurance, or related technical field.
• Three (3) years or more Information Security or Information Technology practitioner experience required
• Two (2) years or more Related security systems administration with IAM solutions, and preferably some experience with endpoint, network or application security solutions. required
• Ideally familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), HIPAA, GDPR and GLBA, CCPA, NY DFS Cybersecurity Regulation. Additionally, experience in one or more of the following preferred: ISO 17799, ISO 27001, ITIL and NIST. intermediate required
• Experience with one or more scripting languages (e.g., Python, PowerShell, Bash) intermediate preferred
• Other Security+, CISSP, GSEC, GISF, or related Information Security certification