This Job Vacancy has Expired!

Access Assurance Operations Senior Analyst

Source Technology

Posted on Jan 12, 2022 by Source Technology

Dublin, Ireland
Immediate Start
€80k - €120k Annual

As a direct report to the Principal of Data Defense and Access Assurance within Business Operations Protection, you will be a part of the team responsible for Enterprise Data Defense and Access Assurance Operations. The Data Defense and Access Assurance team within the clients Global Security Organization is responsible for engineering, deploying, testing and monitoring their global infrastructure footprint to validate data inventory, access and protection across their vast infrastructure of data center, SaaS and IaaS. Your team will be responsible for the deployment, execution and monitoring to ensure they are successful in understanding, at any point in time, the state of their data and who can access it. As the Access Assurance Senior Analyst, you will be responsible for supporting the Principal Data Defense Engineer in developing the technologies, processes, and people that will manage access to the clients systems & data, establish enforcement of access policies, and enable protection of the clients consumer data, intellectual property, and proprietary code.

In your capacity as a key contributor and team leader within Enterprise Data Defense and Access Assurance Operations, you are part of a team that manages the security of the clients data through access management processes and controls across the entire data life cycle, from creation to destruction. This will include developing the process for granting and removing access based on the principles of least privilege and need to know, as well as oversight to your team as they manage access to data. Further, you and your team will oversee policies and procedures for managing access based off enterprise policy and other international regulatory requirements (eg, data residency), and your team will ingest organizational policies to create enforcement mechanisms. This will entail understanding requirements, designing controls, and ultimately managing the on-going operation of those controls. Your team will also be responsible for investigating and resolving incidents that involve unauthorized and inappropriate access or transactions.

The candidate must be skilled in conducting technical analysis of access policies, rules, and permissions as well as evaluating appropriateness of roles and transactions. The candidate must also have the ability to communicate well, motivate and lead cross-functional and individual contributor teams independently, participate in coordinating response and defensive actions as it relates to identity and access assurance, and disseminate security information as appropriate in support of the clients critical business, go to market, and operational infrastructure needs. The candidate will develop, select, and motivate highly effective employees to execute TikTok's business model.

Tasks and Responsibilities

-Define strategy for the execution of Access Assurance program

- Guide the development and selection of access management technologies to meet business objectives and operational efficiencies

- Design global access management program that addresses data residency and fine-grained, role-based access requirements and controls as necessitated by business need and regulations

- Apply appropriate security measures, controls, and protections in the design and selection of identity and access management tools and technologies

- Design and implement access management and assurance programs (people, process, and technology) to mitigate security threats and risks related to access that may impact business data through a holistic global program-oriented approach

- Develop and maintain policies and procedures that support access assurance (eg, identity management, access monitoring, authentication requirements)

- Design and implement the access review process, ensuring that access is reviewed regularly both for appropriateness of access as well as privilege levels for all users

- Implement and enforce mechanism to proactively monitor, respond and report on inappropriate data access events

- Guide the team in developing use cases and integrating access management technologies with related cybersecurity technologies (eg, security incident and event management, data classification, vulnerability management)

- Support interactions with Risk and Compliance to understand control requirements and provide information to support findings for non-compliance with internal security policies

- Responsible for designing and reporting key metrics and visualizations for weekly, monthly and bimonthly cadences across multiple audiences

Knowledge and Skills:

- Excellent analytical and problem-solving skills

- Excellent communication skills (verbal and written), ability to influence without authority

- Works well under pressure within time/budget constraints to solve problems, adjust quickly to shifting priorities, and make decisions with limited information

- Ability to balance risks in ambiguous and complex situations

- Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and cross-functional teams

- Highly motivated to contribute and grow within a complex area of emerging importance

- Ability to communicate technical concepts to a broad range of technical and non-technical staff

Strong understanding of:

- Access management tools, processes, and procedures
- User access administration and policy-based access controls, including identity management, provisioning and de-provisioning access
- Privileged access management (PAM) tools
- Access reviews for appropriateness and authorization
- Interpretation of numeric data and statistical principles
- Industry standard frameworks

Minimum Qualifications:

- Bachelors' Degree or industry equivalent work experience in cybersecurity, international security architecture, and/or engineering in a converged security program

- 5+ years applicable experience

- High degree of integrity and trustworthiness and the ability to lead and inspire change

- Demonstrate ability to quickly assimilate to new knowledge and remain current on new developments in cybersecurity capabilities and industry knowledge

- Experience building and growing a team to meet strategic and tactical objectives; mentoring and coaching staff

- In-depth experience in designing and deploying access management technologies and controls in enterprise-class organizations, including the following:

- Access management on Windows and Linux operating systems

- Database access management across multiple types (eg, MySQL, Redis, MongoDB)

- Access monitoring, remediation, and escalation

- Role-based access policies based on principle of least privilege

- Access permission retrieval and analysis

- Configuration of access permissions/roles

- Provisioning, modifying, and de-provisioning account access

Preferred Qualifications:

- CISSP, SSCP, CAP, CCSP, CISM or applicable experience in the Information Security field

- Familiarity with securing access to data across multiple geographical locations

- Familiarity with applications built on a microservices architecture

- Familiarity with securing identity across SaaS and IaaS cloud platforms (eg, AWS, Google Cloud Platform)

- Be able to deliver both detailed technical reports to enable access remediation and business friendly reports to demonstrate progress and track risk

- Be able to write scripts, configure tools, work with APIs and databases (eg, MySQL, PostgreSQL, Redis)

- Be able to handle ambiguity and collaborate with a global team

- Be comfortable communicating with business executives and technical teams

- Be able to motivate junior staff and contractors

Reference: 1460354974

Set up alerts to get notified of new vacancies.