Major Areas of accountability:
Information Security Governance ~~ Identity Access Governance ~~ Policy/Procedure Management and Enforcement ~~ Reporting/Metrics ~~ Incident Management ~~ Education
Provide timely and effective operational support for the firms information security tools, processes and practices in the Identity space.
Use standard technology monitoring tools to monitor assigned environments and/or technical assets and identify/detect behavior outside of established standards.
Escalate key security issues to the appropriate team to be addressed.
Assist with security assurance testing activities.
Monitor compliance with information security and identity policies and practices and any applicable laws.
Assist with internal and external security risk assessments, risk analysis and application or system-level access reviews and attestations.
Coordinate/facilitate access and entitlement reviews for individual applications, business lines, and the enterprise at-large.
Assist with the research, development, continuous improvement and implementation of identity policies, procedures, standards, and processes based on compliance requirements and industry best practices.
Document the identity governance requirements, processes and procedures.
Enforce information security and identity policies and procedures by reviewing violation reports, investigating possible exceptions, and documenting controls.
Prepare status reports on identity and access matters that are used for a variety of purposes - tracking and monitoring security breaches, forensic investigative activities, remediation plan management and risk management compliance reporting.
Effectively manage and prioritize ad-hoc reporting requests, scorecards, and standard departmental reporting.
Coordinate with internal team and external auditors to provide documentation of compliance assessments, support, and remediation activities.
Maintain and develop knowledge of identity access management trends, new identity technologies and best practices.
Conduct security and industry specific research to keep self and the firm abreast of the latest security issues and regulatory developments that may impact existing policies, procedures and practices.
Participate in information security education, training and awareness activities for technology and business teams.
Required Qualifications
Bachelor s degree in Computer Science, Management Information Systems, or related technical field; or equivalent work experience.
4-7 years of experience in Information Security Services or related technical field.
Work experience that spans the Identity Access Management or Governance, Risk, and Compliance security domains.
Working knowledge of information security and computer network/system access technologies.
Experience working in the financial services industry or other highly regulated/compliance-oriented environments.
Effective verbal and written communication skills that include the ability to describe highly technical concepts in non-technical terms.
Very good understanding of security controls, monitoring systems and regulatory/business drivers that impact security policies and practices.
Working with business users on platform related questions/issues
The successful candidate will need to demonstrate proficiency in atleast one of below four verticals:
1. Identity Access Governance Suites such as RSA Identity Governance Lifecycle (formerly Aveksa) or other competitor products such as Sailpoint or Saviynt.
2. Privileged Account Management Capabilities, Services and Processes [CyberArk] or other competitor products such as Beyond Trust, Thycotic.
3. Security Information Event Monitoring (SIEM) / User and Entity Behavior Analysis [UEBA] Capabilities, Services and Processes (e.g. Sumologic / Securonix)
4. Cloud Governance technologies (AWS and/or Azure)
In addition, the successful candidate will need to meet below requirements:
Interested in gaining broad experience in Information Security Services [must have]
First level knowledge and/or demonstrated technical ability to understand code and technology infrastructure in multiple environments with experience in the below languages [Powershell, Python, Regular expressions-based programming]
Demonstrated basic understanding of the Software Development Lifecycle (SDLC) and programming/development procedures.
Effective oral and written communication skills along with logical, analytical, and abstract thinking skills.
Strong attention to detail, follow-through, and time management skills.
Demonstrated aptitude to quickly learn and apply new tools and processes
Defining business, user, and systems requirements
Developing user acceptance test plans
Developing, document, test and modify new and existing code
Developing working knowledge of systems and processes
Business Analysis
Building Process Flows
Presentations (Creating and Delivering)
Risk Identification and Remediation
Project Management
Project Coordination
Reporting (SQL queries to databases) / Correlation
ITIL (Change, Problem, Incident, Configuration) Management
Preferred Qualifications :
Basic knowledge and experience with:
Operating Systems (Windows, UNIX, Mainframe, etc.)
Directories/LDAP Constructs (Active Directory, Oracle, etc.)
Databases/RDBMS Constructs (Oracle, SQL, DB2, MS SQL Server etc.)
Authentication / Authorization Constructs (Directory, Hybrid, Native Source)
Data Formats (XML, CSV, etc.)
Identity Access Governance Capabilities:
o Role Based Access Controls (RBAC)
o Provision / De-Provisioning
o Access Request
Privileged Access/Credential Management
Privileged Access Management Suites
o CyberArk
Development / Programming / Scripting
o SQL for Oracle or MS SQL
o Java EE
Compliance Types (GLBA, HIPAA, IT Compliance, NERC, PCI, SOX, etc.)
Service Organization Controls (SOC1, SOC2)
Keyskills: Unix MS SQL Db2 XML Project management Active directory Windows Oracle SDLC Python
Ameriprise Financial has helped millions of clients feel confident about their financial futures for more than 125 years. Our network of approximately 10,000 financial advisorsdelivers personalized financial advice to help clients reach their goals..