ServiceNow SecOps Manager

Key Responsibilities

• Security Strategy & Compliance 
• Define and enforce compliance to security policies, standards, and best practices for the ServiceNow platform in alignment with ServiceNow recommended Platform security shared responsibility model. 
• Ensure service now platform is compliant with internal and external infosec requirements and industry best practices
• Establish governance frameworks for secure development, data protection, and risk mitigation. 
• Access Control, Authentication, and authorization
• -Design and manage role-based access control (RBAC), ACLs, and authentication mechanisms in ServiceNow.
• Responsible for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and enterprise IAM solutions based on Infosec standard
• Regular review of access control & entitlement based on the job function and refinement using the principle of least privilege,
• Security Operations & Incident Management 
• Oversee the implementation and optimization of ServiceNow Security Operations (SecOps), including: 
• Security Incident Response (SIR) – streamline incident detection, triage, and resolution. 
• Vulnerability Response (VR) – automate vulnerability identification and remediation workflows.
• Threat Intelligence – integrate threat feeds and security insights for proactive defense. 
• Coordinate with cybersecurity teams to detect, investigate, and respond to threats affecting ServiceNow.
• Data Privacy, Security & Encryption 
• Defining Service Now data classification, data retention & data discovery strategy in alignment with Ameriprise data management policies /standards
• Implement data encryption strategy at rest, in transit & encryption key management    Determining the data collection, storage, usage, sharing, archiving, and destruction policy of data processed in ServiceNow instances.
• Monitor access patterns and system activity to identify potential security threats.
• Secure Integrations & Automation 
• Design and enforce secure API management for integrations between ServiceNow and third-party security tools (e.g., Active Directory, CyberArk and Aveksa, Azure AD, RIM, IAM).
• Leverage IntegrationHub, Automation Engine, and Orchestration to streamline security workflows.
• Ensure secure data exchange and prevent unauthorized access to ServiceNow instances.
• Risk & Compliance Management 
• Deploy and manage ServiceNow Governance, Risk, and Compliance (GRC) solutions to assess security risks.
• Participate regular security audits, risk assessments, and penetration tests on the ServiceNow platform.
• Define and implement security controls to mitigate risks and enhance compliance.

Required Skills & Qualifications

Technical Expertise: 

• ServiceNow Security: Deep understanding of SecOps, GRC, RBAC, ACLs, and platform security best practices. 
• Cybersecurity & Compliance: Strong knowledge of security frameworks (NIST, ISO 27001, CIS), regulatory compliance, and risk management.
• Integration & Development: Experience with REST APIs, JavaScript, OAuth, and secure integration practices.
• Cloud Security: Understanding of SaaS security, encryption methods, and cloud-based security models.

 Certifications

• ServiceNow Certifications: 
• Certified System Administrator (CSA) 
• Certified Implementation Specialist – SIR or VR

   Preferred Qualifications:  

• Experience securing large-scale ServiceNow implementations in regulated industries (finance, healthcare, government).
• Strong problem-solving, analytical, and communication skills to interact with technical and non-technical stakeholders.
• Knowledge of emerging security trends, zero trust architecture, and AI-driven security solutions.
• Cybersecurity Certifications
• Certified Information Systems Security Professional (CISSP) 
• Certified Information Security Manager (CISM) 

 Experience Required:  

• 14-18 years of IT security experience, with 14+ years in ServiceNow security architecture, administration, or operations.
• Hands-on experience in security automation, incident response, and risk management using ServiceNow.  
• Prior experience working with cybersecurity, risk management, and IT governance teams.