IAM Governance Expert

Job Description Summary

As part of the Identity and Access Management global team, you will be onboarded in the IAG area as Identity and Access Management Governance Expert. This role will focus on the definition and implementation of a global roadmap in terms of Identity and Access Management developing and reviewing the IAM Governance framework to build all policies, process, guidelines to ensure a proper governance for all accesses to Sandoz infrastructure.

 

Job Description

Major Accountabilities:

• Develop and implement a roadmap to cover all initiatives part of the IAM Governance Framework to have a proper set of defined policies, processes, guidelines and trainings to ensure the correct protection of the Sandoz Assets in terms of the Identity and Access Management.
• Write, review and challenge IAM policies, standards, and processes across the company to support business, strategy, cybersecurity and regulatory needs.
• Standardize end-to-end IAM processes and ensure alignment of IAM processes to the IAM policies and standards.
• Lead and develop specific security strategies and technical feasibility studies.
• Establish IAM continuity strategy to support Disaster Recovery programs
• Leverage existing processes or identity opportunities to integrate or develop processes to enable the business to move more quickly and avoid redundant processes.
• Conducting IAM risk assessments and implementing mitigation measures to address identified risks.
• Lead and provide guidance in implementing complex IAM projects, Project Management includes prioritization of activities, defining objectives, milestones, writing project status reports and overall ensure successful on-time implementation and deployment.
• Develop, review and maintain a backlog of strategic and tactical IAM initiatives to reduce risk, increase usability and operational effectiveness.
• Collaborate with internal stakeholders (IAM specialists, Operations, HR, Procurement, IT) to define concrete requirements and prioritize future IAM initiatives.
• Provide leadership to support other Sandoz projects and operations that require IAM services.
• Create, track and manage annual operating, capital and project budgets.
• Engagement in relevant working groups with application owners and gathering all requirements to give guidance on how to proceed to comply with IAM policies, processes and / or guidelines, identifying opportunity to expand IAM framework if needed.
• Develop and foster relationships with critical stakeholders throughout Sandoz.
• Developing and managing key metrics (KPIS) and executing on improvements while liaising and managing key vendors to support the overall IAM program.
• Assist with IAM related audits and handling of internal and external audit requests.
• Define guidelines for training and awareness on IAM policies and best practices to ensure all employees understand their roles in maintaining security.

What you’ll bring to the role:

Education:

• University degree or equivalent experience in computer science, engineering or information technology or another relevant field
• Certification or accreditation in Information Security (CISM, CISA, CISSP, MS Azure, Active Directory, etc.) is a plus
• Fluent in written and spoken English

Experience and Skills:

• At least 5 years of experience Identity and Access management; including more than 3 years of experience in Identity and Access Management governance.
• Deeper knowledge on the identity lifecycle defining processes for joiners, leavers and movers.
• Experience with RBAC implementations in wide large companies it´s a plus
• Experience with assessments and prepare action plans to implement an IAM roadmap based on priorities from IAM standpoint
• Familiarity with regulatory requirements and best practices related to IAM
• Excellent negotiation, communication and interpersonal skills ability to develop influential relationships with different stakeholders across all levels
• Strong project management skills with the ability to multitask
• Entrepreneurial mindset driven by curiosity and continuous improvement

 

Skills Desired

Communication, Cyber-Security Regulation, Cyber Threat Hunting, Cyber Threat Intelligence (Cti), Cyber Threat Management, Cyber Vulnerabilities, Decision Making Skills, Influencing Skills, Information Security Risk Management