New 
Sr. Risk & Controls Analyst (IAM)
 TEKsystems | |
$55.00 - $65.00 / hr
| |
 | |
 Nov 14, 2024 | |
|
*Top Skills' Details*
1) Essentially an IT Audit background with some focus in IAM - Experience translating and testing IT governance controls between Business Control Management, Product Management and engineering/development teams. This person will sit in an IAM Governance team that is maturing controls sets and helping drive standardization as well as adherence through testing. 2) Understanding of IAM lifecycle concepts like provisioning, deprovisioning, access certification, authorization and authentication, privileged access, human & non-human service accounts, entitlements, etc. The team will evolve into a thematic alignment and each resource will have a primary area of focus (eventually). Must be able to ask questions to understand how controls are being implemented by engineers and identify gaps in process risk. (NOT looking for knowledge around typical Cyber Risk areas like CSIRT and Vuln Mgmt as those are covered by other groups). 3) Excellent communication and process documentation skills 4) Standard MS Excel and SQL query experience for gathering evidence to attest to control adherence *Description:* One of our top financial services clients is continuing to mature their IAM Governance capabilities. This particular team sits in the IAM product organization and supports the maturation of the IAM control set (over 200 controls currently). Their key interactions are between the Business Control Management organization and the IAM product teams (Prod Mgrs/Owners, developers, engineers, BA's) to translate the control requirements and ensure they are implemented by engineers/devs. Background story - over the last 5 years, our client has migrated the IAM function for over 4,000 apps away from the business units into a centralized, enterprise wide IAM organization. They've development roles and entitlements, started to evolve tooling and implemented ITIL mgmt processes (batch/problem/incident/change mgmt, etc). Over time, this particular team will evolve into theme groups that drive control management for themes like Privileged Access Mgmt (PAM); Entitlements; Non Human/Service Accounts; Provisioning/Certification; Deprovisioning; and IAM Technology (ensure underlying IAM toolsets have their own controls for mgmt). These roles will focus heavily on process risk like approvals, documentation, authentication, etc. There are 3 total roles opening up - 2 focused on gathering evidence, testing controls and offering a risk assessment for various areas of IAM. The other role will be more of a lead role focused on evaluating the nuance of the evidence for it's quality in meeting the control requirements. Good knowledge of DMS (data management system) cabinets, creating great evidence packages and an ability to help mentor others on that practice. Typical day - LOTS OF MEETINGS: -Part of scrum team managing whatever theme they are assigned to. Hearing things coming in from dev/eng teams - bringing up relevant control language and risks; what impacts those areas, writing some procedural documentation when needed; control language; responsible parties, etc- so clear language/writing skills are needed. -lots of listening and being engaged remotely. Very geographically diverse teams. Current team members are in Charlotte, NC; Minneapolis, MN, Conrad, CA and manager is in Westlake, TX. -if in CLT or Minny or TX they could interact with team member or manager so that would be ideal. -Manager's peers are mostly in Charlotte, so is a viable location too. Chandler is only place they don't have governance team members, but the IAM group has a big presence there so that helps. *Skills:* It audit, Internal control, Security, Internal audit, Risk management, Access control, Identity access management, Cloud, Evidence package *Top Skills Details:* It audit,Internal control,Security,Internal audit,Risk management,Access control,Identity access management *Additional Skills & Qualifications:* Manager would prefer if candidates have foundational certifications in cloud providers like Azure or GCP. Also prefers IT audit certs like CISA, GIAC, CIA, CRISC, CISSP, etc The manager sees value in candidates who have worked in IAM Ops previously in their career but now are IT Audit types. The audit knowledge on provisioning, deprovisioning and certification are very common. We can stand out by finding IT Audit candidates who have deeper knowledge in Cloud IAM; PAM; Non-human Services accounts Some preference for candidates with banking/financial experience, but also likes folks with diverse industry knowledge. *Work Environment* 3 days/week onsite - NON negotiable Westlake, TX Charlotte, NC Minneapolis, MN Chandler, AZ About TEKsystems: We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company. The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law. | |