Description
Overview
- Identity Access Management teams are responsible for end to end providing services to support internal employees and external customers capabilities to retrieve physical and logical access to Mastercard systems and applications.
- The Identity Access Governance team within Corporate Security is Laser focused on automating access using behavior analytics tools, executing on access strategy to be an enabler to the business, while creating and fostering a robust security controls environment
- The purpose of this job is to identify ways to leverage the access data to answer important business questions.
- This would include automating access using behavior analytics & governance tools, understanding of end to end provisioning of access across enterprise platforms, and innovating techniques to use and communicate data in new and more effective ways to influencing how access should be granted to users.
- Are you a self-starter with good communication skills that can interact with individuals at all levels of the company?
- How have you taken vast volume of data and determined a new way for its use?
- Give an example of when you have thought outside of the box to solve a problem?
- What experience do you bring to the table that will drive this team to the next level?
- What is your experience in managing risk and understanding security controls?
Role
- Proactively reviews access data to provide recommendations to automate access for an organization, division, or team within the enterprise, as directed
- Identifies inappropriate access privileges, through analysis, partner with impacted users, and lead proper remediation efforts
- Identifies automation opportunities to deliver smarter and easier identity access management services to support access as an enabler strategy
- Complies with documented processes and provide feedback for improvements
- Leads voice of the customer efforts to understand the business needs from regional business leaders for continuous improvement
- Partners with Business Operations team on technology enhancements to access governance & behavior analytics systems
- Coaches junior level employees on access management and security best practices
- Partners with other peers in the Identity Access Management organization to ensure governance processes are in place, enabling access to the business with least privileges
- Researches new methodologies to improve security within the identity access management space
All About You
- Intermediate skills in Information Security
- Intermediate strategic thoughtful risk taking experience
- Intermediate analytical skills working with large amounts of data and identifying outliers
- Intermediate skills of user behavior analytics systems (such as Red Owl, Gurucul, Securonix)
- Intermediate skills of identity access management pillars such as, but not limited to roles, entitlements, access certifications, and segregation of duties rules
- Beginner to Intermediate experience in regulatory compliance (PCI, GLBA, SOX)
- Intermediate technical background (Windows, UNIX, databases) and basic network fundamentals
- Intermediate skills in provisioning to platforms (Windows, UNIX, Mainframe, databases)
- Excellent organization, problem solving, and communication skills
Story Behind the Need - Business Group & Key Projects
Additional workload, evolving governance in IAM, currently based out of US, wanting to expand this in Dublin.
Team of 5 new people plus 1 established.
Typical Day in the Role
Standard office hours
Team in St Louis, working with lots of different people across the company depending on which project they are working on at the time.
No travel. Occasional remote allowed.
Compelling Story & Candidate Value Proposition
Allows them to work with multiple platforms within Mastercard.
Actively engaged in new technologies and finding new technologies.
Use behavior and new provisioning systems.
Working on new systems from the beginning that can make a massive impact on the business.
Looking to automate, streamline and change technologies to fill those needs.
Candidate Requirements
- Good communication skills
- High level of independence/drive
- Excited, hungry, good background/technologies
- Analytical mindset - examples of when problems were identified did the candidate suggest a change to resolve the root cause of the problem or improve the process
- 3-5+ years experience in required field
- Compliance understanding - audit background or understanding of controls - process controls or periodic review controls
- Technical understand - the team requirement is broad but shallow when it comes to technical knowledge - knowledge of UNIX, Oracle and Active Directory would be most beneficial - a base understanding of how access works on these platforms (what gives a user the ability to see/change something).
- Main challenge has been finding someone with access management experience that wasn't limited to hands on keyboard work of doing actual provisioning.
Access Management would be ideal but can be rare:
- Access management in this case would be higher level creating roles, understanding of least privilege/role based access
- This would NOT be time spent provisioning access based on a ticket or request (that is more helpdesk experience)