Description
JOB DESCRIPTION:This position is a member of the Security Assurance team that utilizes account attestation tools to review access for various systems including, but not limited to: all critical applications in the environment, Active Directory/Exchange, remote access, and network data shares. The position supports external and internal audit efforts, provides accurate user account information, performs periodic application account attestations as required, ensures appropriate validation controls are in place, aides with managing and reducing risk, and assists with the development and testing of tools utilized within security assurance.
ESSENTIAL JOB DUTIES:
- Perform periodic reviews of application, network, and system accounts in support of various audit, compliance, and regulatory requirements
- Coordinate validation results with appropriate business contacts and end-user management.
- Create and maintain accurate process documentation.
- Generate periodic compliance reports and execute certification.
- Assist in development and testing of various account attestation tools and processes.
- Collaborate with various business units and multiple levels of management across the enterprise.
- Develop queries and macros to streamline data collection efforts and distribution of certification requests.
- Assist with implementation of role attestation, role mining, and role administration capabilities to increase operational efficiency of entitlement reviews.
- Work closely with business representatives to remediate areas of risk.
- Review and recommend processes and procedures to improve operational efficiency in the area of Security Assurance.
MINIMUM REQUIREMENTS:
- Working knowledge of general Identity and Access Management or Audit principles.
- 1-2 years of experience in information technology or security.
- Knowledge of automated systems and processes.
- Knowledge of Banking and Brokerage regulatory standards.
- Understanding of security methods and technical elements to protect customer data.
- Familiarity and understanding of Sarbanes Oxley compliance.
- PERL or shell scripting skills to manipulate data on various databases including but not limited to SQL and LDAP.
PREFERRED QUALIFICATIONS:
- Knowledge of IBM Tivoli Identity Manager (ITIM). Knowledge of basic audit principles.
- CISSP or other security related certifications.