Access Management Analyst

Role       : Access Management Analyst
Location : Abu Dhabi                           

Role Purpose:

To Support Access Governance and Data Security Governance functions under Group Information Security Department. This role will be key in performing timely access reviews and data security assessments which will help in improving the security posture of the bank. 

KEY METRICS:

• % of Access reviews performed as per the annual review plan.
• % of access exceptions reviewed and remediated.
• % of unauthorized access reviewed and remediated.
• % of KPIs achieved with satisfactory result.
• Percentage of annual objectives achieved with “satisfactory” or above rating.
      
   

Key Accountabilities of the role      

• Perform access reviews on Business application access, infrastructure application access or any other special access provided to the users.
• Ensure access governance policies are applied across the all the access provided for staffs across the organization including the business applications or infrastructure applications.
• Perform ad-hoc access reviews on applications based on the identified risk escalations.
• Review the application matrix for business departments and highlight any unauthorized access/risky access provided based on access management principle such as Least privilege principle and segregation of duties.
• Coordinate with business units, HR department and ICD for identifying the unauthorized access and taking necessary remediation actions.
• Govern the privileged access provided to the staffs.
• Perform assessment on exceptions to the approved access matrix and highlight any identified risks.
• Govern the IDAM solution and ensure access governance policies on IDAM workflows.
• Govern the PAM solution and ensure access governance policies on PAM workflows.
• Support and contribute to bank wide data classification exercise for the entire bank. 
• Develop and maintain DLP policies, rules and exceptions.
• Periodic review of data protection policies.
• Maintain the updated data registers and assist in implementing DLP rules for the completed data registers. 
• Create data flow maps from the data registers.
• Timely KPI and KRI reporting related to data security and access governance.
• Participate in the Information security programs and projects. 
• Support information security compliance assessments, audits, gap analyses, and remediation related to data security and access governance.
   

Specialist Skills / Technical Knowledge Required for this role:

• Knowledge about Identify and Access Management Solutions and methodologies.
• Knowledge of privileged management solutions, DLP solution preferably Forcepoint or Microsoft Purview.
• Knowledge of Information security & control frameworks, regulations international standards and best practices.
• Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.
• Work independently without detailed guidance.
• At least one Security, Risk, or IT certification held or in process (i.e., CISSP, ITIL, CISM, ISO 27001, Security+).
• Bachelor’s degree in computer science or information security from an accredited 4-year university (Master’s degree preferred).

Previous Experience:

• 3-5 years of experience in the information security, information technology, enterprise risk or compliance field preferably in banking and finance industry.