Job Title: IT Security Administration Senior Analyst
Department: IT Security
Reports To: IT Security Administration Manager
Responsible for administration and execution of identity and access management program processes, access certification processes, regulatory compliance support, access monitoring and analysis, policy compliance support, and other related information security administration functions. Recommends, designs, implements, and administers information security controls that meet dynamic tactical and strategic information security objectives.
Duties & Responsibilities:
- Supports defined company operating principles via effective, pragmatic information security access management controls implementation and administration.
- Performs access-oriented security risk and compliance reviews.
- Collaborates with information security management to identify, recommend, and develop access management risk remediation plans, track remediation outcomes and timelines, etc.
- Represents information security via pragmatic consultation and participation in a defined SDLC.
- Promotes security best practices via awareness, leadership by example, and compliance with policies and applicable legal and regulatory requirements.
- Supports internal and external auditors through effective and timely execution of audit deliverable requests and maintaining audit readiness for access management processes.
- Assists information security management in the development of management audit responses.
Knowledge, Skills, and Abilities:
- Strong understanding of current and developing information security administration technologies and trends.
- Strong understanding of role-based access management (RBAM) methodologies, controls, and practices.
- Strong, effective written and oral communications skills for multiple audiences
- Strong negotiation skills (e.g., internal security recommendations, external vendor coordination)
- Strong understanding of pragmatic information security access controls; access management strategies; access risk and compliance management techniques; and PCI, HIPAA, and SOX regulatory requirements.
- Ability to learn and retain new technical and non-technical skills in order to adapt to an evolving risk climate and business environment.
- Ability to work occasionally during non-standard shifts, in an on-call capacity, and able to travel occasionally (up to 25%).