This position is a component of the computer and information security profession that ensures legitimate parties have the right access to the right resources and right time while keeping illegitimate parties out of those systems. The position develops and maintains processes, procedures and training, and performs cybersecurity-related administrative tasks necessary to manage user identities and their access to enterprise resources and data.
Tasks and Responsibilities: • Internal consultant, lead technical analyst and subject-matter expert (SME) for identity and access management activities. • Assist in the development and implementation of programs, processes, and procedures used to support user identity and access to enterprise resources. • Utilize external authoritative sources, information technology controls, corporate policies and procedures, vendor management system, and risk management workflows and identity access management tools. • Interpret various regulatory standards and requirements impacting and the security organization. • Collaborate with various business units to understand risks associated with identity and access management constraints that impact their operations and controls. • Perform cyber vulnerability and risk assessments to proactively secure the organization • Perform system integration and full suite use case testing • Perform IT Security Reviews. • Prepare internal and external audit evidence. • Maintain proficiency with applicable laws, regulations, and standards. • Performs other duties as assigned.
Minimum Qualifications • Bachelor's degree in business administration, Information Systems, Information Technology, Information Technology Security, Computer Science, Management Information Systems OR Information Security experience will be considered as a substitute for degree, or demonstrated experience with GRC activities • Knowledge of IT Systems, network protocols, network devices and operating systems. • Knowledge of mobile computing • Knowledge of Cloud Computing • Knowledge of data governance and privacy. • Knowledge of compliance related activities (NERC, PCI, HIPAA) • Knowledge of Active Directory or related applications (LDAP, AZURE, SAML, etc.) and user / group provisioning • Knowledge of operating systems, enterprise resource planning (ERP) and database applications • Skills with user / group provisioning • Skills with system reporting tools and applications (i.e Splunk, etc.) • Skills with Microsoft Office suite, including word processing, spreadsheets, and presentation software. • Skills with Database administration to include (MS SQL Server and Oracle) • Ability to address IT systems access and provisioning • Ability to administer (diagnose and troubleshoot) security access issues (ex: authorizations, account provisioning/deprovisioning, compliance issues) • Ability to enforce identity and access management • Ability to speak in public as a subject matter expert • Ability to comprehend results from security assessment and analyze impacts of those assessments. • Ability to interpret results from assessments and explain impacts of those assessments.
Preferred Qualifications: • Knowledge of the Energy Sector (Gas and Electric) • Knowledge of Identity Management and GRC practices. • Identity Management, I.T., security, GRC or audit related professional certifications • Excellent presentation skills