Information Security Senior Consultant (IAM Cloud Security)

Location:

For Those Who Work At Home - Various, Ohio 44144

ABOUT THE JOB (JOB BRIEF)

The IAM Cloud Security Senior Consultant is responsible for governance, oversight, and day to day operations of Identity and Access Management (IAM) in the KeyBank cloud environments which are currently Google Cloud Platform (GCP) and Microsoft Azure.

In close collaboration with Information Security (especially the Sailoint and Cyberark teams) and Cloud Infrastructure teams, the IAM Cloud Security Senior Consultant will serve as a subject matter expert to translate the existing on premise IAM access control governance model into a cohesive set of standards, policies and operating procedures to properly maintain a secure posture in a modern cloud-based ecosystem.   

ESSENTIAL JOB FUNCTIONS

• Designs and executes access control provisioning and governance reviews for all applications hosted in the KeyBank cloud ecosystem.  The scope of these reviews includes both the people (workforce) as well as service accounts (non-human) that interface with the applications.
• Establishes the detailed IAM governance policies and procedures applications for cloud environments including Google Cloud Platform (GCP), Microsoft Azure and Office 365.
• Works closely with Security Architecture and Engineering, Application Security, and Code Automation teams to build, enhance, and monitor detective and preventative controls to ensure programmatic and manual (human) interaction with cloud APIs and configurations meet IAM guidelines for priviledged access.
• Creation and regular review/tuning of IAM guardrails and procedures to maintain an up-to-date security posture that adjusts to changes made by the underlying cloud provider.
• Implement centralized review/approval of high/medium risk privileges before application team applies the access in their environment(s).
• Visibility, monitoring and preventative controls for resource-level (i.e. GCE instance) IAM policy
• Collaborates with code automation and application security to enforce consistent security policies across application code deployment pipelines.
• Knowledgeable of relevant industry regulations and standards such as NIST CSF, FFIEC CAT, Sarbanes-Oxley (SOX) and Payment Card Industry Data Security Standard (PCI DSS)
• Communicates down, sideways, and upwards to effectively keep all stakeholders engaged and informed of program effectiveness, metrics, and issues.
• Coordinates with other IAM managers and subject matter experts to manage and update metrics (e.g. KRIs, KPIs) to track and report risks and report metrics to senior management​.
• Facilitate identification, documentation and mitigation of SoD risks with business process owners and stakeholders, through annual business process questionnaire completion and follow-up.
• Partner with Business Process Risk Identification Program to provide/update content for stakeholder training on roles relating to SoD processes and annual certification, and lead change management iniaitives related to SoD program.
• Perform validation of controls within IIQ
• Handle troubleshooting and issue resolution related to IAM processes, ensuring the smooth functioning of the SoD program.
• Maintain IT policies and standards that include SoD requirements
• Enhance and maintain IAM operating model to include roles and responsibilities to manage SoD risks
• Manage and update metrics (e.g. KRIs, KPIs) to track and report SoD risks and report metrics/ risks to senior management​.
• Champions and maintains effective communication with lines of business and technology groups
• Participate in technology and line of business projects. 

Create/own new security standards and provide security requirements and decisions as required.

REQUIRED QUALIFICATIONS

Education/Certifications:  Bachelor’s Degree or equivalent work experience required.

Experience:

• Three plus years of Identity and Access Management experience in a large, highly-regulated environment.
• Identity and Access Management experience or background
• Subject matter expert knowledge of both the business and technical aspects of Identity & Access Management and/or Information Securitysecurity and technology with experience in cloud IAM governance.  Sailpoint and/or Cyberark experience a strong plus
• In-depth knowledge of security and technology, with strong understanding of risk management.
• Ability to make decisions based on prior experience in a large enterprise environment and solid understanding of the technologies and risks involved.
• Familiarity with industry-standard Identity Providers including Microsoft Active Directory, IBM RACF, LDAP directories and cloud-based Identity solutions such as Okta or Ping.
• Excellent communication and leadership skills.  Being able to convey complex concepts to executive management (C-suite and above) and influence direction.
• Demonstrated commitment to high professional ethical standards and a diverse workplace.
• Proven knowledge and experience in maintaining a high level of operational effectiveness and excellence.
• Proven budget development and oversight experience.
• Demonstrated ability to work effectively in a matrix reporting environment to drive results.
• Ability to interface with regulators and other corporate oversight groups

Competencies and Skills: 

• Works autonomously and demonstrates solid Key leadership competencies; organized, leads others towards common outcomes and execution
• Demonstrates strong critical thinking and problem solving skills to understand and analyze complex business processes and technologies to make sound recommendations
• Possess strong written, verbal, and presentation skills
• Ability to effectively communicate with lines of business and technology groups at all levels of the organization
• Strong understanding of risk management with ability to identify and assess risks and issues and manage to resolution
• Ability to create and implement new processes and procedures
• High level of business acumen, preferably in a regulated/financial industry
• Strong risk-based analysis and decision making skills

COMPENSATION AND BENEFITS

NEED EQUAL PAY LANGUAGE

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.

Job Posting Expiration Date: 11/26/2024

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

 

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.

#LI-Remote