Workplace Policy Hybrid Job ID 2024-5211 Date posted 11/26/2024 Overview:

The Identity Security Engineer is a pivotal member of the Identity and Access Management team, responsible for ensuring efficient and secure user access across the organization. This role focuses on improving the user onboarding experience, streamlining employee transfers, and guaranteeing compliance with termination policies to maintain the highest level of security and operational efficiency. This role will be the main owner of the Bank’s Identity Governance and Administration platform (IGA), and act as a subject matter expert on identity and access management (IAM) technologies and processes, implementing solutions and providing support to the organization.

A key aspect of this role is creating and maintaining robust IAM workflows and automations and establishing clear service level agreements (SLAs) for onboarding new users, and other key IdAM processes. This role will facilitate developing key performance indicators (KPIs) to measure the effectiveness of IAM processes and drive continuous improvement. This includes collaborating closely with various teams, such as Cyber Security, Human Resources, RPA, and Lines of Business (LoBs), to implement and optimize user-friendly IAM solutions.

Principal Duties & Responsibilities:

• Onboarding and User Lifecycle Management: 
  • Develop and implement streamlined processes for new user setup, ensuring a positive and efficient onboarding experience that meets defined SLAs.
  • Oversee user access modifications and transfers, ensuring appropriate permissions are maintained throughout employee lifecycle changes.
  • Implement and strictly enforce procedures for user access termination, minimizing security risks associated with departing employees.
• IAM System Management:
  • Manage the lifecycle of IAM solutions, including releases and integrations with other systems.
  • Work with the design, implementation, maintenance, and troubleshooting of the organization's automated access control and identity management systems.
  • Utilize programming skills to customize and enhance IGA platforms, ensuring they meet the organization’s business and compliance requirements.
  • Develop and maintain scripts and automation for IAM processes.
  • Troubleshoot and resolve technical issues related to IAM platforms and services.
• Collaboration and Improvement:
  • Work closely with Cyber Security, Human Resources, RPA, and LOB teams to create efficient and frictionless IAM and SSO solutions.
  • Identify and address process deficiencies, implementing improvements to enhance the overall efficiency and effectiveness of IAM operations.
  • Supports development and implementation of IAM KPIs and KRIs, including the development of scorecards/dashboards.
• Security and Compliance:
  • Ensure IAM solutions comply with relevant security standards, policies, and regulations.
  • Assist with internal and external audit and regulatory bodies during security assessments and audits of IAM systems.
  • As a backup for other IAM professionals, conducts re-certifications of special user access reviews to ensure ongoing compliance with security policies and regulations.
• Continuous Learning: Stay abreast of technological and threat environment changes that impact the IAM function, assist with creating and executing a comprehensive IAM vision to meet those challenges.

Qualifications:

• 5-7 years of prior experience in the following IAM Technologies: IAM, IGA, SSO, MFA, Active Directory, Digital Certificates, and Certificate Authority.
• Experience leading IAM delivery processes to ensure automation, security, and governance best practices. Have led, deployed, or been heavily involved in enterprise rollout of IAM platform solution previously.
• Have expert knowledge of IAM concepts such as Least Privilege, Privilege Access, Roles and Data mining, Segregation of Duty (SoD) and Role Based Access Control.
• Must be comfortable working within IAM/IGA platforms, including building customer workflows, connectors, and other customization that would be required to manage across a multitude of systems.
• Proficiency in programming languages such as Java, Python, or PowerShell, particularly in the context of IGA platforms.
• Strong knowledge of IAM and security Best Practices and Guidelines. Implementation based on risk, criticality, and complexity.
• Knowledge and experience with Identity Management solutions, Kerberos, SSO, OAuth, SAML, OIDC, SWA within the Okta SAAS. Experience with SailPoint, Okta, Microsoft Azure AD, or a similar platform preferred.
• Ability to work with technical and non-technical business owners.
• Very strong ability to work collaboratively across interdisciplinary teams and manage relationships across multiple areas of the business.
• Excellent verbal and written communication skills, including the ability to effectively communicate with internal and external clients.
• Must have the ability to work independently and to carry out assignments to completion within the parameters of instructions given, prescribed routines, and standard accepted practices.
• Must be proficient with MS Office (Word, Excel, and Outlook).

Licenses & Certifications 

• Relevant certifications such as CISSP, CISM, or certifications specific to IAM technologies.

Education:

• Bachelor's Degree in Computer Science, Data Science or related field (Required)
• Relevant certifications on IGA / IAM (Preferred)

Special information to candidates:

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view Equal Employment Opportunity Posters provided by OFCCP here.
• The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
• Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com. 

#LI-GG1