Senior Information Technology Security Officer

Position Overview:

We are currently seeking an experienced and highly capable Identity and Access Management (IAM) to join our client's team. The chosen candidate will play a pivotal role in defining how we secure our Identity and Access Management area. Collaboration with developers, architects, and DevOps teams to develop and maintain effective security measures, architecture, solutions, policies, and procedures will be a central aspect of this role.

Key Responsibilities:

• IAM Advisory: Provide advisory to teams and projects across all IAM topics as it relates to both cloud and on-premises enterprise technology, and the relationship between the architectures, requirements, pattern, etc. Participate in Identity and Access Management enterprise governance processes and drive IAM standards adoption. Subject-matter expertise across all IAM topics which provide IT security and risk advisory to Cyber Security leaders and IT teams. Drive the adoption of creative solutions to address complex, global IAM problems.
• IAM Oversight: Develop, implement, and continuously enhance the organization's strategic approach to IAM area, with the goal of mitigating risks and preventing breaches. Help build the security framework for how to collaborate with projects on IAM area topics and requirements.
• Policy Formulation: Craft, update, and enforce IAM policies, procedures, and guidelines in alignment with industry standards and regulatory requirements. Perform gap analyses of our adherence to information security control frameworks (ISO, ISF, NIST, etc.) Assess, identify, and implement new IT/OT security controls on various projects across organization. Review existing IAM policies, procedures, guidelines, and instructions update/create where gaps exist.
• Compliance Oversight: Monitor and ensure adherence to information protection laws and regulations, taking necessary actions to maintain compliance. Review coverage and effectiveness of existing IAM IT and OT security controls.
• Risk Evaluation: Conduct comprehensive assessments of IAM risks identifying vulnerabilities, assess potential impact, and recommend effective security measures. Perform risk management activities from the initial identification throughout assessment and identifying mitigating actions.
• Employee Training: Deliver training and awareness initiatives to educate employees on Identity and Access management area best practices.
• Security Reviews and Assessments: Regularly conduct security reviews and assessments to identify weaknesses and propose strategies for improvement. Assist in major vendor assessments and contractual negotiations in IAM area.
• Support development teams to secure identity related aspects of the software projects. Help in defining requirements, translating them into solution proposals and assess the outcome of the project to verify if it meets the security policies and market best practices.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a relevant field. A Master's degree is advantageous.
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), are highly preferred.
• Demonstrated experience in roles focusing on IAM in on-prem and Cloud scenarios.
• Very good understanding of the IAM concepts for API’s, Containers, Cloud native solutions.
• Profound understanding of IAM security, compliance frameworks, and prevailing security best practices.
• Very good analytical and problem-solving capabilities, with the ability to assess risks and propose effective solutions or mitigations.
• Superb communication skills to convey intricate technical concepts to non-technical stakeholders.
• Proficiency in conducting security assessments, risk evaluations, and vulnerability analyses.
• Familiarity with security technologies, encryption methods, access controls, and authentication mechanisms.
• Collaborative mindset for effective cross-functional teamwork and the ability to influence decision-making processes.
• Strong organizational acumen and meticulous attention to detail.
• Up-to-date knowledge of emerging trends and advancements in the field of data security.