about randstad

Randstad is the world’s largest talent company and a partner of choice to clients. We are committed to providing equitable opportunities to people from all backgrounds and help them remain relevant in the rapidly changing world of work. We have a deep understanding of the labor market and help our clients to create the high-quality, diverse and agile workforces they need to succeed. Our 46,000 employees around the world make a positive impact on society by helping people to realize their true potential throughout their working life.

Randstad was founded in 1960 and is headquartered in Diemen, the Netherlands. In 2022, in our 39 markets, we helped more than 2 million people find a job that feels good and advised over 230,000 clients on their talent needs. We generated revenue of €27.6 billion. Randstad N.V. is listed on the NYSE Euronext (symbol: RAND.AS). For more information, see www.randstad.com  

Identity and Access Management Security Risk Analyst

Location: Atlanta, Georgia US

Notice

This position is no longer open.

Job Number: 27636

Workplace Type: On-site

Employment Type: Full Time Associate

Position Title: Inform Security Risk Analyst

External Description:

Identity and Access Management

  • Act as the Enterprise Risk and Security team’s Identity and Access Management (IAM) liaison to the IT Support Services, business functions, and HR and Financial application support teams to help define, implement and mature IAM policies, processes, and procedures.
  • Interact with business and IT stakeholders and Project Managers to ensure user access management and Segregation of Duties requirements are defined during early stages of projects and initiatives and implemented properly.
  • Provide compliance guidance to business and IT functional stakeholders to ensure internal and external user access management, on-boarding and off-boarding practices comply with Randstad policies.
  • Act as the Enterprise Risk and Security Team's liaison to provide input and proposed changes to help implement an improved user on-boarding and termination process. 
  • Engage with internal and external audit teams to support audit activities associated with user access management and IAM practices and procedures, including, but not limited to participate in audit interviews, review audit findings, lead remediation planning, and document and communicate lessons learned with business and IT stakeholders.
  • Act as IAM subject matter expert to ensure secure and consistent IAM practices are embedded and enforced in IT project and systems integration initiatives.
  • Lead the clean-up and new process design for granting users access to shared drives and folders. Ensure all shared drives and folders have owners assigned and are only accessed by users who have been authorized by the drive or folder owners. 
  • Assist with the planning and execution of Business Continuity, Disaster Recovery, and other contingency planning activities, including helping to administer the IT crisis communications alert notification tool and ensuring only appropriate users are provisioned to access the tool or receive alert communications.    

Risk and Compliance Management

  • Contribute to help execute the Information Security Risk Assessment Process to ensure appropriate risk treatment and risk mitigation decisions are made to address identified risks related to Identity and Access Management policies and practices.
  • Act as a customer-facing liaison and information security IAM subject matter expert to help IT functional teams, internal project teams, business stakeholders, and external partners understand policies and control requirements and effectively implement and manage their risk mitigation safeguards.
  • Liaise with the Google admin team to ensure appropriate controls are in place to control user's access to applications and services within the Google suite.
  • Assist with the planning and execution of tasks required to ensure the services provided by key third party vendors, suppliers and business partners do not pose risks to Randstad’s business operations, including:
    • Help conduct Third Party Vendor Security Risk Assessments
    • Participate in vendor risk remediation discussions and execution
    • Assist with the review of contract agreements, Statement of Works, and other product or service agreement documentation
    • Assist with onsite assessments at vendor sites, as needed
  • Assist with executing the Security Waiver and Exception Process to ensure all authorized deviations from acceptable information protection practices are managed and tracked

Policy and Awareness Management

  • Contribute to the development and maintenance of the data protection and information security life-cycle documentation (i.e. policies, standards, guidelines, etc.).
  • Contribute content on a recurring basis to help ensure control requirements and policy guidance remains current and applicable.
  • Assist in the continuous development, implementation, and ongoing maintenance of the security training and awareness education program. Help create and deliver security and data protection awareness training content to end users.
  • Assist with the planning and execution of the employee phishing defense training campaigns.

Continuing Professional Development

  • Expand core competencies by assisting Enterprise Risk and Security (ERS) team members to execute other tasks related to information security, IT risk management, and data protection, as needed.
  • Perform occasional travel to other corporate offices (Ft. Lauderdale, FL and Woburn, MA) or field locations to reinforce safe data protection practices and collaborate with other ERS team members and field operations teams.
  • Remain current on IT security risk management and data privacy developments, evolving technologies, and trends to reinforce current competencies and develop new competencies.

 

Qualifications:

  • Bachelor’s Degree
  • Certified Information Systems Security Professional (CISSP) or other equivalent Information Security industry standard professional certification.
  • 3-7 years hands-on experience executing all phases of an Information Security Risk Management life-cycle, including industry standard security risk assessment methodologies.
  • Demonstrated ability to analyze well defined and ambiguous business and IT functional requirements and identify potential risks and risk mitigation solutions.
  • Proven ability to successfully execute the end-to-end life-cycle of IT and information security project initiatives, from inception through implementation.
  • In-depth knowledge of techniques to apply a layered Defense In-Depth approach to protecting information resources, including, but not limited to Risk and Compliance Management, Threat and Vulnerability Management, and Identity and Access Security.
  • Proven expertise implementing all phases of the Security Policy Development Life-cycle and developing security awareness training content to help reinforce safe data protection practices.
  • In-depth knowledge of the ISO 27002 International Controls Standard and different approaches to implement and enforce the controls framework.
  • Demonstrated expertise administering a third party vendor security risk assessment process.
  • A self-starter with proven ability to effectively multi-task and juggle contending priorities while continuing to meet deadlines.
  • Collaborative oral and written communications skills.

 

 
Get to know us and find out "What More Could You Do" at Randstad
 
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status. 

City:

State:

Community / Marketing Title: Identity and Access Management Security Risk Analyst

Company Profile:

EEO Employer Verbiage:

EEO Employer Verbiage Displays here

Location_formattedLocationLong: Atlanta, Georgia US