InfoSec - IAM Security Compliance Specialist

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

IAM Security Compliance Specialist

Today’s world is fueled by vast amounts of information, which means that data is even more valuable than ever before. Protecting data and information systems is central to doing business, and therefore everyone in EY Information Security has an important role to play. Join a global team of almost 900 people who collaborate to support the business of EY by protecting EY and client information assets! Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond when things go wrong. Together, the efforts of our dedicated team help protect the EY brand and build client trust.

Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology service solutions as we consider the entire security lifecycle. You will join a team of highly knowledgeable, security-focused individuals dedicated to supporting, protecting, and enabling the business through innovative, secure solutions that provide speed to market and business value.

The opportunity

The IAMS Security Compliance Specialist is a dynamic and multifaceted role within the IAM Compliance Management team of the Information Security (IS) domain, with a core focus on ensuring compliance for Identity and Access Management Services (IAMS). This role is pivotal supporting the IAM Compliance Lead in leveraging outputs from the Global Vulnerability Management (GVM) processes to conduct comprehensive scans of the IAMS infrastructure and associated technologies, pinpointing vulnerabilities that could compromise the safeguarding of intellectual properties and sensitive data. In collaboration with Information Technology (IT) counterparts, the specialist works on addressing security vulnerabilities, which may involve the removal, blocking, or exception handling of software or hardware to uphold the operational integrity of IAMS infrastructure services. A significant part of the role involves disseminating knowledge to guarantee the successful resolution of all GVM findings relevant to IAM Services. This agile role is generally filled by an individual contributor who operates under the guidance of the IAM Compliance Lead within IAMS.

Your key responsibilities

• The IAM Security Compliance Specialist is responsible for supporting the IAM Compliance Lead in overseeing vulnerability remediation efforts within the Identity and Access Management Service (IAMS) business. Their duties include:
• Conducting operational oversight of day-to-day vulnerability management for IAMS.
•  Engages the appropriate team contacts to track security deficiencies through coordination with relevant teams to monitor and document security deficiencies, including tracking responses to findings or exceptions and ensuring remediation efforts are completed to enhance the security program and minimize risks.
• Reporting on metrics to assess the effectiveness of vulnerability remediation efforts and regularly publishing these metrics.
•  Analyzing compliance system data and other security information sources to identify security trends, root causes of issues, and significant risks.
•  Providing insight on the status of the function's Global Vulnerability Management (GVM) and compliance findings, as well as on remediation plans and exceptions.
•  Supporting the remediation process for vulnerabilities and related issues to ensure the restoration of proper functions in line with operational readiness directives and agreed-upon Operational Level Agreements (OLAs).
•  Supporting the IAM Compliance Lead with activities to control, track, and audit changes in the IMAS environment.
•  Maintaining or updating business intelligence tools, databases, dashboards, systems, and business processes or methods to facilitate sustainable and measurable improvements as necessary.   

Skills and attributes for success

• Maintains strong interpersonal skills to engage with peers and others in the firm in cross business discussions within a matrixed, geographically dispersed organization and to build a solid network of peers and others of influence.  Adapts personal communication style to the style of others, develops rapport and stays calm under pressure or escalating issues using strong oral and written English communication skills.
•    Projects strong consultative skill to conduct effective questioning, hone in on key directives to formulate ideas and materials as well as present those ideas clearly and concisely to all levels of management within Implementation & Configuration Services and Identity & Access Management Services (IAMS) and others within the broader EY organization.
• Maintains knowledge of services and applications with the assigned IAM processes and operating environment to recognize improvement opportunities and next generation solutions achievable through engineering.
•  Maintains a strong analytical and problem-solving ability to identify and escalate complex and conflicting IAMS or Global IT engineering issues, adapt to multiple and shifting implementation priorities across a broad spectrum of operating nvironments and provide solutions that are both financially sound and operationally feasible.
•  Possesses a working knowledge of Information Technology Infrastructure Library (ITIL) to recognize appropriate reporting features and functions in various IT Service processes.  Looks to progress levels of certification as required or to suggest alternatives to standards as appropriate.
•   Possesses a working knowledge of Project Management Institute’s (PMI) Project Management Body of Knowledge (PMBOK) project management framework that provides project managers with the fundamental practices needed to achieve organizational results and excellence in the practice of project management.
• Possesses a knowledge of collaboration tools designed for sharing knowledge and information such as Service Management Knowledge System, SharePoint and Yammer.
• Develops an ongoing knowledge of EY’s business and the way IAMS team adds to the effectiveness of the IAM processes. Identifies and provides appropriate services and solutions as part of both knowledge sharing and engineering services positioning.

To qualify for the role, you must have

• Degree in Computer Science or subject area related discipline, or equivalent work experience in Information Security or vulnerability management

• 5 - 7 years working within Information Technology in a global firm

• Experience in project management, service introduction, and service readiness processes

Ideally, you’ll also have

• Understanding of Identity Management products and services

• ITIL v3 or v4 Foundation Certification

What we look for

Seeking self-motivated, well-organized, and detail-oriented individuals who are interested to engage and progress within a strong and dynamic team environment. Ability to work in a fast paced, rapidly changing environment with superb communication and collaboration skills (excellent written, verbal, and listening skillsets) would be ideal.

A self-starter, independent-thinker, curious and creative person with ambition to learn and passion for delivering security solutions and services.

What we offer

As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial, and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer:

• Continuous learning: You will develop the mindset and skills to navigate whatever comes next.

• Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way.

• Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs.

• Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.