Summary of Responsibilities:

Works closely with the Identity & Access Management (IAM) team to develop, build and deliver the future state (IAM) strategy for the Enterprise. This includes helping define a vision for how identities will be managed across all parts of the business, and how the associated access to systems and data will be maintained. Helps drive the technical delivery of (IAM) solutions required to support the needs of the business. Works to understand industry best practices, emerging trends and the latest open source methods that will help address current challenges and enable new ways of delivering value to the Enterprise. Consults with IT project teams and application development teams to provide assistance in their deployment of business and IT applications. Escalates when needed and updates senior team members and Manager on a regular basis.

Position Responsibilities:

• Helps lead technical efforts in the maintenance and execution of a multi-year (IAM) strategic plan that is aligned with business priorities, industry best practices, and the enterprise information security strategic plan.

• Assists in evaluating, recommending, and implementing (IAM) products and services required to meet business and technology requirements, which includes directory services (e.g., AD), identity federation (e.g., SAML, SSO and ADFS), Multi-Factor Authentication (MFA), and Identity Management (IdM). Helps develop monitoring and reporting on the health, effectiveness and efficiency of (IAM) services. Works to improve the efficiency and scalability of operational systems and processes to accommodate the rapid growth of users.

• Works to ensure requirements are gathered, processes defined, and use cases documented. Provides configuration and development support. Helps with User Acceptance Testing and bug-related engineering efforts. Participates in all (IAM) deployment activities. Provides knowledge transfer and assists team in providing post-production support. Helps in building and improving the (IAM) COE Knowledge Base.

• Helps develop and implement scalable access management and identity lifecycle processes for internal (associate) and external (customer, producer and bank channel) identities.

• Identifies opportunities for automation and standardization when needed for the user lifecycle provisioning process (requesting, approving, implementing and auditing user access). Queries identity data from various identity sources to discover dormant or orphaned accounts, obsolete roles or any other data inconsistencies.

• Works directly with IT project teams and application development teams on integration requirements and design. Integrates applications and third-party products into the (IAM) platform to utilize provisioning, de-provisioning and user lifecycle management. Assists team by providing technical support and performing operational fixes related to integration code.

• Responsible for the build out and support of the Role-Based Access Control (RBAC) model and the development of (RBAC) processes and procedures. Creates, revises and/or maintains (RBAC) documentation for business walk-throughs and operational processes.

• Leads the execution and administration of the access rights reviews. Follows up with reviewers to answer questions or provide additional data insight.

• Provides support to business and IT users in understanding access rights, access certifications and controls. Helps consult on access related topics for associates as it relates to onboarding, transfers, etc. Provides access control design assistance to teams deploying business or IT related applications.

• Conducts in-depth research to understand industry best practices, emerging trends and the latest open source methods. Assists senior engineering team members in helping design and deliver high-quality (IAM) solutions that will help address current challenges and enable new ways of delivering value to the Enterprise.

• Provides consulting support to IT and any associated projects. Helps consult with IT project teams and application development teams to assist in the evaluation and design of their (IAM) needs. Assists the (IAM) team in maintaining and assessing operational requirements and service issues for improvement opportunities.

• Performs other duties as assigned by management.

Selection Criteria:

• Demonstrated experience in the areas of identity and access management, provisioning and de-provisioning, password management synchronization, authentication, authorization, and single sign-on or commensurate experience.

• Proven experience working on identity and access management projects.

• Demonstrated inherent passion for information security and service excellence.

• Proven ability to identify project risks and gaps, developing creative and workable solutions to complex problems and policy issues.

• Demonstrated strong team player – collaborates well with others to solve problems and actively incorporate input from various sources.

• Proven strong analytical and problem-solving skills with the ability to grasp new concepts and apply them; effectively evaluates information/data to make decisions; anticipates obstacles and develops plans to resolve.

• Demonstrated excellent verbal and written communication skills with ability to convey information to internal and external customers in a clear, focused and concise manner.

• Proven calm and professional demeanor when handling demanding situations.

• Demonstrated ability to work with a team and multiple stakeholders to provide direction and oversight.

• Proven self-starter with strong internal motivation.

• Demonstrated ability to work under multiple deadlines and with minimal supervision.

• Proven experience in completing assigned tasks accurately and on a timely basis.

Work Setting:

• This position works in an office setting and remains in a stationary position for long periods of time while working at a desk, on a computer or with other standard office equipment, or while in meetings.

• Requires visual acuity to read a variety of correspondence, reports and forms, and to prepare and analyze data in an accurate, neat and thorough manner.

• Continuously makes repetitive motions of the wrists, hands and/or fingers.

Educational Requirements:

• Bachelor’s degree in computer science, computer engineering, IT or a related technical field, or commensurate selection criteria experience.

Computer Skills and Knowledge of Hardware & Software Required:

• Experience with one or more (IAM) solutions such as NetIQ Identity Vault, SailPoint Identity Governance, etc.

• Experience in identity and access governance, including role-based access control (RBAC), user identity lifecycle management and access certification.

• Experience with directory services (Active Directory, LDAP, eDirectory).

• Strong understanding of federation, SSL, SAML, OAuth, OpenID Connect, and identity governance and administration (IGA) technologies.

• Strong understanding of (IAM) frameworks, practices, systems and controls.

• Strong understanding of privileged access management solutions such as CyberArk, Thycotic, etc.

• Knowledge of multi-factor authentication (MFA) solutions and technologies.

• Experience with Linux-based and MS Windows-based system platforms.

• Knowledge of enterprise, network, system and application-level security issues.

• Scripting skills preferred (examples include Python, Perl, JavaScript, PowerShell).

Certifications & Licenses (i.e., Series 6 & 63, CPA, etc.):

• Candidate encouraged to hold one or more of the following security certifications: Certified Information Systems Security Professional (CISSP), any GIAC certification or ISACA certifications.

Position Demands:

• Extended hours required during peak workloads or special projects and off-hour support.

• Occasional travel may be required.