Senior Identity & Access Management Analyst
Cebu, Philippines
QBE Insurance
QBE Insurance Group is one of the world's top 20 insurance and reinsurance companies, located in 27 countries. Visit us for company information.
Primary DetailsTime Type: Full timeWorker Type: EmployeePrimary Responsibilities
• Lead implementation and maintenance of identify and access management, and security-related processes and procedures by providing recommendations around policies, standards, procedures, regulatory compliance and best practices; identify opportunities for improvement and/or update
•Manage intake demand through Company request and incident management system and delegate appropriate levels of work to team members
•Maintain least privileged access to QBE systems for joiners, movers leavers (JML) and for authorized users, ensuring access granted is in line with job function, controls are maintained or access removed in a timely manner
•Lead facilitation and management of access recertification/revalidation processes on periodic basis (monthly, quarterly, annually, etc.) for in-scope applications and systems based on risk, audit and business owner direction
•Ensure work queue remains within tolerance limits, with focus on meeting or exceeding defined SLAs and other key measures
•Timeliness in processing requests and responding to incidents (end-to-end); performance against defined SLAs and other key measures
•Response to incidents raised because of incorrect access applied and/or failures in technology; follow through on ensuring avoidance of repeat incidents not resulting in technology failure
•Coverage and effectiveness of access recertification/revalidation activities and program, with no audit findings for identified scope
•Build and maintain strong, effective relationships with business customers at all levels and Technology Services to ensure effective end-to-end request management and positive customer experience
•Provide regular advice, guidance and ongoing awareness for access-related activities and processes, ensuring business customers and peers are aware of key issues and required activities, including people leader responsibilities (i.e. onboarding/offboarding notification and access re-certification/validation)
•Independently analyze requests to ensure proper separation of duties and least privileged concept is applied when granting access (across multiple, complex platforms)
•Produce accurate management information to enable effective decision making and action
•Investigate and resolve access-related queries/issues, ensuring effective resolution in line with defined control activities and procedures, minimizing business disruption
•Administer Active Directory (AD) and other Company technologies and sources, ensuring information (i.e. identity data) held is current and updated regularly
•Coach, motivate and develop Access Management Analysts to ensure overall delivery (quality and output) of services provided is to an appropriate high standard
•Support and execute, where required, QA of team’s work to ensure an effective, monitored control environment
•Foster a culture of continuous improvement, motivation, collaboration and empowerment within the team to actively engage employees and ensure delivery of team objectives
•Collaborate across Technology Services department by consulting, gathering and analyzing information required to support effective control execution, including onboarding of new applications and other Service Design & Transition initiatives
•Contribute to development and management of Service Improvement Plan for Global User Access Management to ensure increased flexibility, enhanced customer experience, improved cost effectiveness and overall continuous improvement
Required Education
• Bachelor's Degree or equivalent combination of education and work experience
Required Experience
• 5 years relevant experience
Preferred Competencies/Skills
• Ability to proactively manage customer expectations
•Understand needs and goals of the customer and actively look for ways to meet them
•Problem-solving and analytical skills with high attention to detail
•Identify opportunities for synergy and integration
•Assume methodical approach to evaluate situations
•Excellent oral and written communication skills
•Outstanding customer service focus
•Ability to work with all levels of the organization
•Flexible
•Share knowledge and educate others
•Communicate complex information in a user-friendly format
Preferred Education Specifics
• Degree in Computer Science, Information Systems or related field
Preferred Experience
• Experience with IT user access management
•Working in demanding, fast-paced environment
•Experience with Active Directory, RACF and other access management tools/systems
•Experience interviewing others on technical or functional requirements
•project management and/or business analyst level role within complex multi-platform environment
Preferred Licenses/Certifications
• Certified in Risk and Information Systems (CRIS)
•Security +
•Certified Information Systems Security Professional (CISSP)
Preferred Knowledge
• Understanding of applicable regulatory requirements, policy and standards best practice
•Up to date with technical developments to ensure accurate and up-to-date service is provided to customers
•Applied working knowledge of information security policies and procedures, including segregation/separation of duties (SoD) concept
•Understanding of fundamental IT concepts, systems, tools and technologies
•Knowledge of External and Internal Audit, SOC1, and other access control reviews
•Working knowledge of products and concepts relating to insurance industry
QBE Cultural DNA
• Everything we do at QBE is underpinned by our DNA (which interlinks seven cultural elements) – because we know it's not just what we do that matters, it's how we do it that makes the difference. We expect all employees to role model and inspire the right behaviours that link to our cultural elements:
•We are customer-focused
•We are technical experts
•We are inclusive
•We are fast-paced
•We are courageous
•We are accountable
•We are a team
•All employees are expected to adhere to QBE’s Code of Ethics and Conduct and apply sound risk management practices
US Only - Travel Frequency
• Infrequent (approximately 1-4 trips annually)
US Only - Physical Demands
• General office jobs: Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 lbs.
US Only - Disclaimer
• To successfully perform this job, the individual must be able to perform each essential job responsibility satisfactorily. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential job responsibilities.
Job Type
• Individual Contributor
Australia/New Zealand Only - Advice/Non-Advice
• Non-Advice: This role is not authorised to provide financial product advice to retail customers in respect of General Insurance products. Financial product advice, means a statement or recommendation made to a retail customer with the intention of influencing their decision in considering a general insurance product.
Global Disclaimer
• The duties listed in this job description do not limit the assignment of work. They are not to be construed as a complete list of the duties normally to be performed in the position or those occasionally assigned outside an employee’s normal duties. Our Group Code of Ethics and Conduct addresses the responsibilities we all have at QBE to our company, to each other and to our customers, suppliers, communities and governments. It provides clear guidance to help us to make good judgement calls.
• Lead implementation and maintenance of identify and access management, and security-related processes and procedures by providing recommendations around policies, standards, procedures, regulatory compliance and best practices; identify opportunities for improvement and/or update
•Manage intake demand through Company request and incident management system and delegate appropriate levels of work to team members
•Maintain least privileged access to QBE systems for joiners, movers leavers (JML) and for authorized users, ensuring access granted is in line with job function, controls are maintained or access removed in a timely manner
•Lead facilitation and management of access recertification/revalidation processes on periodic basis (monthly, quarterly, annually, etc.) for in-scope applications and systems based on risk, audit and business owner direction
•Ensure work queue remains within tolerance limits, with focus on meeting or exceeding defined SLAs and other key measures
•Timeliness in processing requests and responding to incidents (end-to-end); performance against defined SLAs and other key measures
•Response to incidents raised because of incorrect access applied and/or failures in technology; follow through on ensuring avoidance of repeat incidents not resulting in technology failure
•Coverage and effectiveness of access recertification/revalidation activities and program, with no audit findings for identified scope
•Build and maintain strong, effective relationships with business customers at all levels and Technology Services to ensure effective end-to-end request management and positive customer experience
•Provide regular advice, guidance and ongoing awareness for access-related activities and processes, ensuring business customers and peers are aware of key issues and required activities, including people leader responsibilities (i.e. onboarding/offboarding notification and access re-certification/validation)
•Independently analyze requests to ensure proper separation of duties and least privileged concept is applied when granting access (across multiple, complex platforms)
•Produce accurate management information to enable effective decision making and action
•Investigate and resolve access-related queries/issues, ensuring effective resolution in line with defined control activities and procedures, minimizing business disruption
•Administer Active Directory (AD) and other Company technologies and sources, ensuring information (i.e. identity data) held is current and updated regularly
•Coach, motivate and develop Access Management Analysts to ensure overall delivery (quality and output) of services provided is to an appropriate high standard
•Support and execute, where required, QA of team’s work to ensure an effective, monitored control environment
•Foster a culture of continuous improvement, motivation, collaboration and empowerment within the team to actively engage employees and ensure delivery of team objectives
•Collaborate across Technology Services department by consulting, gathering and analyzing information required to support effective control execution, including onboarding of new applications and other Service Design & Transition initiatives
•Contribute to development and management of Service Improvement Plan for Global User Access Management to ensure increased flexibility, enhanced customer experience, improved cost effectiveness and overall continuous improvement
Required Education
• Bachelor's Degree or equivalent combination of education and work experience
Required Experience
• 5 years relevant experience
Preferred Competencies/Skills
• Ability to proactively manage customer expectations
•Understand needs and goals of the customer and actively look for ways to meet them
•Problem-solving and analytical skills with high attention to detail
•Identify opportunities for synergy and integration
•Assume methodical approach to evaluate situations
•Excellent oral and written communication skills
•Outstanding customer service focus
•Ability to work with all levels of the organization
•Flexible
•Share knowledge and educate others
•Communicate complex information in a user-friendly format
Preferred Education Specifics
• Degree in Computer Science, Information Systems or related field
Preferred Experience
• Experience with IT user access management
•Working in demanding, fast-paced environment
•Experience with Active Directory, RACF and other access management tools/systems
•Experience interviewing others on technical or functional requirements
•project management and/or business analyst level role within complex multi-platform environment
Preferred Licenses/Certifications
• Certified in Risk and Information Systems (CRIS)
•Security +
•Certified Information Systems Security Professional (CISSP)
Preferred Knowledge
• Understanding of applicable regulatory requirements, policy and standards best practice
•Up to date with technical developments to ensure accurate and up-to-date service is provided to customers
•Applied working knowledge of information security policies and procedures, including segregation/separation of duties (SoD) concept
•Understanding of fundamental IT concepts, systems, tools and technologies
•Knowledge of External and Internal Audit, SOC1, and other access control reviews
•Working knowledge of products and concepts relating to insurance industry
QBE Cultural DNA
• Everything we do at QBE is underpinned by our DNA (which interlinks seven cultural elements) – because we know it's not just what we do that matters, it's how we do it that makes the difference. We expect all employees to role model and inspire the right behaviours that link to our cultural elements:
•We are customer-focused
•We are technical experts
•We are inclusive
•We are fast-paced
•We are courageous
•We are accountable
•We are a team
•All employees are expected to adhere to QBE’s Code of Ethics and Conduct and apply sound risk management practices
US Only - Travel Frequency
• Infrequent (approximately 1-4 trips annually)
US Only - Physical Demands
• General office jobs: Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 lbs.
US Only - Disclaimer
• To successfully perform this job, the individual must be able to perform each essential job responsibility satisfactorily. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential job responsibilities.
Job Type
• Individual Contributor
Australia/New Zealand Only - Advice/Non-Advice
• Non-Advice: This role is not authorised to provide financial product advice to retail customers in respect of General Insurance products. Financial product advice, means a statement or recommendation made to a retail customer with the intention of influencing their decision in considering a general insurance product.
Global Disclaimer
• The duties listed in this job description do not limit the assignment of work. They are not to be construed as a complete list of the duties normally to be performed in the position or those occasionally assigned outside an employee’s normal duties. Our Group Code of Ethics and Conduct addresses the responsibilities we all have at QBE to our company, to each other and to our customers, suppliers, communities and governments. It provides clear guidance to help us to make good judgement calls.
How to Apply:
To submit your application, click "Apply" and follow the step by step process.
Equal Employment Opportunity:
QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Categories:
Analyst Jobs
IAM Jobs
Tags: Active Directory CISSP Compliance Computer Science Risk management SLAs SOC 1
Perks/benefits: Career development Flex hours
Region:
Asia/Pacific
Country:
Philippines
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Senior Security Analyst jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsSenior Network Security Engineer jobsSecurity Consultant jobsIT Security Engineer jobsCyber Security Specialist jobsSenior Penetration Tester jobsSecurity Specialist jobsSenior Information Security Analyst jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsSystems Engineer jobsSystems Administrator jobsInformation System Security Officer (ISSO) jobsSenior Product Security Engineer jobsCloud Security Architect jobsIT Security Analyst jobsPrincipal Security Engineer jobsStaff Security Engineer jobsSecurity Operations Analyst jobsCybersecurity Specialist jobs
DevSecOps jobsKubernetes jobsEncryption jobsPowerShell jobsIDS jobsSplunk jobsSaaS jobsEDR jobsSDLC jobsIPS jobsRMF jobsSQL jobsTop Secret jobsIntrusion detection jobsBash jobsCompTIA jobsThreat detection jobsITIL jobsFinance jobsOWASP jobsDoDD 8570 jobsCRISC jobsDocker jobsActive Directory jobsBanking jobs
UNIX jobsTCP/IP jobsVPN jobsGIAC jobsTerraform jobsSANS jobsClearance Required jobsIT infrastructure jobsHIPAA jobsSOX jobsSOC 2 jobsOSCP jobsCISO jobsIndustrial jobsJavaScript jobsCCSP jobsData Analytics jobsDNS jobsSOAR jobsPolygraph jobsJira jobsAnsible jobsMITRE ATT&CK jobsCyber defense jobsGCIH jobs