Identity and Access Management Security Risk Analyst
Location: Atlanta, Georgia US
Notice
Job Number: 30045
Workplace Type: On-site
Employment Type: Full Time Associate
Position Title: Inform Security Risk Analyst
External Description:
Identity and Access Management Security Risk Analyst
- Act as the Enterprise Risk and Security team’s Identity and Access Management (IAM) subject matter expert to help the IT Support Services and other IT and business functional teams define, implement and mature IAM policies, processes, and procedures
- Interact with business and IT stakeholders and Project Managers to ensure Segregation of Duties requirements are defined and implemented properly
- Provide compliance guidance to business and IT functional stakeholders to ensure internal and external user access management and off-boarding practices align with Randstad policies
- Engage with internal and external audit teams to support audit activities associated with Identity and Access Management practices
- Act as IAM subject matter expert to ensure secure and consistent IAM practices are embedded and enforced in IT project and systems integration initiatives
- Review new technologies, solutions, and tools and make solution recommendations to enhance the organization’s ability to manage user account identities and access privileges
- Define policies, processes, access requirements and rules to provide governance and proper oversight of user accounts, identities, and roles that are granted admin level or otherwise elevated or privileged access permissions
- Develop and execute a periodic review process to help reconcile the users and groups who are granted access to Randstad information resources, including, but not limited to production and non-production applications, servers, local workstations, network devices, shared drives and folders, and IT security tools and devices
Risk and Compliance Management
- Execute the Information Security Risk Assessment Process to ensure appropriate risk treatment and risk mitigation decisions are made to address identified risks.
- Act as customer-facing liaison and information security subject matter expert to help IT functional teams, internal project teams, business stakeholders, and external partners interpret security and data protection policies and control requirements and effectively implement and manage their risk mitigation safeguards.
- Assist with executing internal and external audits and assessments. Participate in audit interviews, review findings, and assist with remediation planning.
- Assist with executing the Security Waiver and Exception Process to ensure all authorized deviations from acceptable information protection practices are managed and tracked
- Assist the Enterprise Risk and Security Director with the planning and execution of the Security Incident Response Plan and the planning for recurring incident response training exercises
- Assist the Enterprise Risk and Security Director with the execution of Business Continuity and Crisis Communications Planning and other contingency planning activities
- Policy and Awareness Management
- Contribute to the content development and implementation of information security policies and supporting documentation (i.e. standards, guidelines, etc.) Contribute to the recurring refresh of policies content to ensure control requirements and policy guidance remains current and applicable
- Assist in the continuous development, implementation, and ongoing maintenance of the security training and awareness education program. Help create and deliver security and data protection awareness training content to end users, including assist with the planning and execution of recurring employee phishing defense training campaigns
- Continuing Professional Development
- Assist other Enterprise Risk and Security team members to execute tasks related to information security, IT risk management, and data privacy protection
- Remain current on identity and access management principles and methodologies, IT security risk management trends and information security evolving technologies to reinforce and develop new core competencies
- Perform occasional travel to other corporate offices (Ft. Lauderdale, FL and Woburn, MA) or field locations to reinforce safe data protection and information security practices (0% – 10% travel)
- Knowledge, Skills, and Abilities
- Demonstrated knowledge of Identity and Access Management and least access privilege roles and entitlements principles, methodologies and best practices
- Demonstrated knowledge of industry standard independent IT attestation reporting processes, such as SOC-2, ISO 27001, HITRUST
- Excellent interpersonal communications skills
- Demonstrated effective team and relationship building skills
- Excellent documentation skills and demonstrated ability to produce effective professional documentation related to
- CISSP or GIAC equivalent certification - preferred
Education
- Beachelor’s Degre
Work Experience
- 5 - 7 years identity and access management
- 5 - 7 years IT security and data protection
- 5 – 7 years IT controls
City:
State:
Community / Marketing Title: Identity and Access Management Security Risk Analyst
Company Profile:
EEO Employer Verbiage:
EEO Employer Verbiage Displays here
Location_formattedLocationLong: Atlanta, Georgia US