Security Specialist - Access Management 1016333

Security Specialist - Access Management 1016333

Preferred onsite

Position and/or Project Description:

The Security Specialist – Access Management is essential in managing and securing identities and accounts. The Access Administrator is responsible for the setup, configuration, and maintenance of user profiles and privileges, ensuring proper access controls are in place and adhered to. The Administrator conducts regular auditing of account usage, resetting of passwords, and responding to user access issues. Access Management works closely with the security policies to identify potential unauthorized access, contributing to the overall security posture. Attention to detail and understanding of complex permission sets are critical in facilitating smooth operations and protecting sensitive information.

Desired Education/Certifications:

1. CISSP or similar security-related certification

Mandatory Experience:

1. Minimum of 3 years of experience working within Information Technology.

2. Minimum of 2 years of experience specifically in a security-related role or with significant access management responsibilities.

3. Proven experience with the full user account lifecycle management (creation, modification, termination) across diverse systems.

4. Demonstrated ability to implement and enforce access control policies and procedures, including role-based access control (RBAC).

5. Strong working knowledge of at least one or more enterprise-level Identity and Access Management (IAM) systems or tools (e.g., Active Directory, Azure AD, Okta, SailPoint, CyberArk).

6. Solid understanding of fundamental security principles, including the principle of least privilege, need-to-know, and separation of duties, as they apply to access management.

7. Experience with user authentication methods, including passwords, multi-factor authentication (MFA), and biometrics.

8. Familiarity with common security protocols (e.g., LDAP, SAML, OAuth).

Desired Experience:

1. 5+ years of experience working within Information Technology, with increasing responsibility in security roles.

2. 3+ years of dedicated experience in Access Management or Identity Management.

3. Hands-on experience with the administration, configuration, and troubleshooting of IAM systems in complex enterprise environments.

4. Experience with implementing and managing privileged access management (PAM) solutions.

5. Proficiency in security auditing and log analysis using SIEM tools (e.g., Splunk, QRadar) to identify and investigate access-related security events.

6. Familiarity with relevant security frameworks and compliance standards (e.g., NIST, SOC 2, ISO 27001, HIPAA, GDPR).

7. Experience with scripting languages (e.g., PowerShell, Python) for automation of access management tasks, including user provisioning, de-provisioning, and reporting.

8. Experience working in a regulated industry (e.g., finance, healthcare) or cloud environment (AWS, Azure, GCP).

9. Experience with single sign-on (SSO) and identity federation technologies.

10. Knowledge of directory services (e.g., Active Directory, LDAP).

11. Experience with identity governance processes.

Deliverables:

·       User Account Lifecycle Management:

1. Timely and accurate creation, modification, and termination of user accounts across all relevant systems and applications, adhering to established service level agreements (SLAs).

2. Maintain accurate and up-to-date user account information in all systems.

·       Access Provisioning and Deprovisioning:

1. Efficiently grant and revoke user access rights based on approved requests, defined roles, and business needs.

2. Ensure proper segregation of duties and enforce the principle of least privilege in access assignments.

·       Password Management:

1. Handle password resets and account unlock requests promptly and securely.

2. Enforce strong password policies, including complexity, expiration, and history requirements.

3. Implement and support multi-factor authentication (MFA) to enhance password security.

·       Access Control Implementation:

1. Configure and maintain access controls (permissions, privileges, roles) in accordance with security policies, standards, and best practices.

2. Implement and manage role-based access control (RBAC) to simplify access management and improve security.

·       Security Audits and Reporting:

1. Conduct regular audits of user access, permissions, and account activity to identify potential security violations, anomalies, and compliance issues.

2. Generate comprehensive and accurate reports on access control effectiveness, audit findings, and compliance status.

·       User Support and Training:

1. Provide timely and effective support to end-users regarding access-related issues, inquiries, and requests.

2. Develop and deliver training materials and guidance to users on access management policies, procedures, and best practices.

·       Documentation and Process Improvement:

1. Maintain up-to-date documentation of access management processes, procedures, system configurations, and security policies.

2. Identify opportunities for process improvement, automation, and optimization to enhance efficiency and security.

·       Policy Adherence and Compliance:

1. Ensure all access management activities comply with established security policies, regulatory requirements (e.g., SOX, HIPAA, GDPR), and industry best practices.

2. Participate in internal and external audits related to access management.

·       Collaboration and Communication:

1. Work effectively with other IT teams (e.g., Security Operations, Infrastructure, Application Development) to address access-related security concerns, resolve issues, and implement solutions.

2. Communicate access management policies, procedures, and changes to relevant stakeholders.

·       Security Monitoring and Incident Response:

1. Monitor access control systems and logs for suspicious activity and potential security breaches.

2. Participate in security incident response activities related to access management, including investigating unauthorized access attempts and implementing corrective actions.

3. Escalate access-related security incidents to appropriate teams.

How to Apply: Interested candidates can send their updated resume (not more than 3 pages) to resumes.hr@ngitservices.com, referencing the job title "Security Specialist - Access Management 1016333" in the subject line of their email.