As a Workforce IAM - PAM - Cyber Security Engineer, you will play a crucial role in implementing and supporting Privileged Access Management Solutions in alignment with M&T's identity and access management strategy. You will work closely with cross-functional teams to ensure the effective management of privileged access rights, enforce security policies, and maintain regulatory compliance. This role functions with a moderate level of autonomy, leveraging team peer connections and support from more senior members of the WIAM team.
Responsibilities:
Implementation of PAM Solutions that aligns with industry best practices, regulatory requirements, and organizational policies.
Collaborate with internal and external auditors to ensure compliance with IAM-related regulatory requirements, manage audits, and respond to audit inquiries.
Adhere to applicable operational risk controls in accordance with Company or regulatory standards and policies and standards.
Develop, implement, and enforce privileged access management policies, procedures, and guidelines, ensuring compliance with relevant regulatory bodies.
Establish processes for privileged user provisioning, de-provisioning, and modification of access rights across critical infrastructure, platforms and applications, ensuring timely and accurate access management.
Define and maintain Privilege Access Security Models, Role-Based Access Control (RBAC) models, mapping roles and responsibilities to access privileges, and ensuring segregation of duties (SoD) and least privilege principles are enforced.
Monitor, report, develop and address anomalies of key performance indicators (KPIs) and key risk indicators (KRIs).
PAM Engineering role includes:
Designing and implementing privileged access management solutions: They develop strategies and architectures to securely manage, monitor, and control privileged access to critical systems and data.
Configuration and customization: They configure PAM tools according to the organization's specific requirements and integrate them with existing systems and workflows.
Policy development and enforcement: They define and enforce policies for privileged access, ensuring compliance with industry regulations and security best practices.
Monitoring and auditing: They monitor privileged access activities, detect anomalies or suspicious behavior, and conduct regular audits to ensure adherence to security policies.
Incident response and resolution: In the event of security incidents or breaches involving privileged accounts, they lead the response efforts, investigate the root causes, and implement corrective actions to prevent future occurrences.
Collaboration and training: They collaborate with cross-functional teams, including IT, security, and compliance departments, to ensure alignment of PAM initiatives with organizational goals. Additionally, they provide training and awareness programs to educate users about the importance of privileged access management and best practices for securing sensitive resources.
Skills:
Security expertise: A strong understanding of cybersecurity principles, including authentication, logging and monitoring, authorization, encryption, and network security.
Knowledge of PAM tools: Proficiency in using privileged access management tools such as CyberArk, BeyondTrust, Thycotic, or similar solutions.
Identity and Access Management (IAM): Understanding of IAM concepts, including role-based access control (RBAC), least privilege access, and directory services, authentication services, IDp, MFA, Security Models (e.g., Active Directory).
Networking: Knowledge of network protocols, firewall configurations, and VPN technologies to ensure secure access to privileged resources.
Cloud Platforms: Understand of various aspects of Cloud technology, Understanding of Enterprise Hybrid-cloud environments. various cloud types and platforms (SaaS, PaaS, IaaS, Azure, AWS, GCP)
Operating systems: Familiarity with various operating systems (e.g., Windows, Linux, Unix) and their security features to implement effective access controls.
Scripting and automation: Proficiency in scripting languages (e.g., Python, PowerShell) to automate repetitive tasks, streamline processes, and integrate PAM solutions with existing systems. CIDI technology and source control, DEVSECOPS, Secrets Managements (e.g. GitLAB,)
Risk management: Ability to assess risks associated with privileged access, prioritize mitigation efforts, and develop strategies to reduce the organization's exposure to security threats.
Communication skills: Strong verbal and written communication skills to collaborate with cross-functional teams, document procedures, and communicate security requirements effectively.
Problem-solving: Aptitude for troubleshooting technical issues, analyzing complex problems, and finding innovative solutions to address security challenges.
Compliance knowledge: Familiarity with regulatory compliance requirements (e.g., GDPR, HIPAA, PCI DSS) and industry standards related to privileged access management.
Continuous learning: Willingness to stay updated on the latest cybersecurity trends, technologies, and best practices through ongoing training and professional development.
Attention to detail: Thoroughness in implementing security controls, documenting configurations, and reviewing access policies to ensure accuracy and effectiveness.
Education and Experience Required:
Bachelor's degree and a minimum of four years' experience in PAM domain, cybersecurity, risk, and/or governance role. In lieu of a degree, a combined minimum of 8 years' higher education and/or work experience.
Education and Experience Preferred:
Detail-oriented with a commitment to accuracy and quality in work deliverables.
Background in Identity and Access Management
Background in control and risk governance
Ability to work independently, manage multiple priorities, and meet deadlines in a dynamic, fast-paced environment.
Strong problem-solving and critical-thinking abilities.
Excellent documentation skills
Strong interpersonal and communication skills, with the ability to collaborate effectively with stakeholders at all levels of the organization.