Access Controls Manager

Company Description

This role is based in London, UK Office 

At Informa, no two days and no two people are the same, and you'll find the freedom, opportunity and support of a fantastic community to make a real impact. We’re an international business that connects specialists with knowledge, helping them to learn more, know more and do more through live and on demand events, digital and data-driven services and academic research.

We are home to over 10,000 colleagues across 30 countries and are a member of the UK’s FTSE 100 group of leading public companies. In Global Support, we provide expert guidance and hands-on support to the Informa Group and Informa’s many business teams. Across tech, finance, legal, corporate development, HR, communications, operations and many other areas, we work collaboratively and flexibly to help our brands serve their customers and help the company succeed.

Job Description

Purpose of the Role & Team Profile

The Information Security (InfoSec) team at Informa is dedicated to protecting the organisation's information assets and ensuring the confidentiality, integrity, and availability of data. The team is responsible for implementing and maintaining robust security measures, policies, and procedures to safeguard against cyber threats and vulnerabilities. The InfoSec team works collaboratively with our business to embed security practices and awareness, ensuring that security is an integral part of Informa's business operations.

The role requires a strong understanding of business process controls for enterprise applications to understand the business risks that are presented, and how these are underpinned by the General IT Controls (GITCs).

The Access Controls Manager is a new and critical position within our Technology Controls Team, which is part of our wider Information Security Team. You will support the Director of Technology Controls to drive compliance and improvement of the User Access Management strategy while managing and enhancing access controls to ensure they remain effective across our technology landscape. Additionally, you will play a crucial part in designing, implementing, and maintaining robust access controls for our enterprise applications, and it must ensure that InfoSec policies and procedures are adhered to for the applications within the remit of the team.

Key interactions

You will report to the Director of Technology Controls and work closely with third-party support providers, internal controls teams, Internal Audit, Information Security, and IT Compliance to ensure that enterprise applications maintain a controlled environment that does not encumber the efficiency of operational activity.

Key Outputs and Outcomes

Access Control Design & Implementation

• Design and enforce access controls to ensure compliance with key group policies, including the Identity and Access Management policy, to enforce the Principle of Least Privilege and ensure access risks are kept to a minimum
• Support and implement robust access controls for our technology landscapes, including on-premise and cloud applications
• Understand and review segregation of duties requirements and embed them in security role designs
• Drive segregation of duties assessments for role changes and new developments

Risk Management & Compliance

• Maintain and enhance segregation of duties rulesets, collaborating with technical specialists to manage ruleset updates
• Support configuration and implementation of access governance tools for access risk management
• Assess risks, conduct root cause analysis, and implement good practice solutions for access control issues
• Provide 1st line support to internal and external partners during review of access management controls

Operational Excellence

• Responsibility for operating the user access reviews process across in-scope Technology Applications
• Troubleshoot and resolve security issues quickly and efficiently
• Provide regular updates on assigned tasks and highlight any issues/dependencies
• Support security requirements gathering and evaluation for in-scope applications

Documentation & Knowledge Transfer

• Responsibility for producing documentation for access controls including the approach taken, role design matrices (where applicable) and access control procedures
• Responsibility for maintaining the access controls library in the internal controls management system for in-scope applications
• Prepare training content where applicable and support knowledge transition activities
• Be a trusted guide for other internal teams in designing effective access control

Measures of Success

• Strong, robust, and consistent access controls operation across in-scope applications
• Continued reduction in user access management related incidents
• Positive audit results and a continued reduction in control deficiencies
• Effective stakeholder management and collaboration across teams

Qualifications

Essential Skills & Experience

• Ability to understand and review segregation of duties reports and remediate risks from roles and role assignments
• Understanding of authorization concepts and good practices with hands-on experience
• Practical knowledge of General IT controls and security principles, particularly in access controls but also including change management procedures
• Good understanding of business processes and key risk areas, and how access management controls play a part in mitigating these
• Good understanding of access governance tools and technologies
• Minimum of 3 years of related work experience in a multi-national company
• Excellent verbal and written communication skills
• Ability to work autonomously under pressure and tight deadlines while maintaining professionalism
• Proficient in Microsoft Office applications

Desirable Skills & Experience

• Professional certifications such as CISA, CRISC, CISSP, CISM, or other relevant security certifications
• Experience in a multi-tiered organisation with a deep understanding of how technology is applied across different levels
• Experience with SAP GRC Access Control or similar access management tools
• Experience using AuditBoard for internal controls management

Additional Information

We work hard to make sure Life at Informa is rewarding, supportive and enjoyable for everyone. Here’s some of what you can expect when you join us. But don’t just take our word for it – see what our colleagues have to say at LifeAt.Informa.com

Our benefits include;

• Freedom & flexibility: colleagues rate us highly for the flexibility and trust they receive and most of us balance time in the office with time working remotely 
• Great community: a welcoming culture with in-person and online social events, our fantastic Walk the World charity day and active diversity and inclusion networks •
• Broader impact: take up to four days per year to volunteer, with charity match funding available too.
• Career opportunity: the opportunity to develop your career with bespoke training and learning, mentoring platforms and on-demand access to thousands of courses on LinkedIn Learning. When it’s time for the next step, we encourage and support internal job moves.
• Time out: 25 days annual leave, rising to 27 days after two years, plus a birthday leave day and the chance to work from (almost!) anywhere for up to four weeks a year
• A flexible range of personal benefits to choose from, plus company funded private medical cover
• A ShareMatch scheme that allows you to become an Informa shareholder with free matching shares
• Strong wellbeing support through EAP assistance, mental health first aiders, a healthy living subsidy, access to health apps and more
• Recognition for great work, with global awards and kudos programmes 
• As an international company, the chance to collaborate with teams around the world

We’re not solely focused on a checklist of skills. We champion energy and ambition and look for colleagues who will roll their sleeves up, join in and help make things happen. If it sounds like a match and you have most – although not all – of the skills and experience listed, we welcome your application. At Informa, you'll find inclusive experiences and environments where all perspectives and backgrounds are welcomed. As part of this approach and our diversity and inclusion commitments, we are also formally an Equal Opportunities Employer. This means we base decisions on relevant qualifications and merit and do not discriminate on the basis of key characteristics and statuses, including all of those protected by law. Ask us or see our website for full information.