Role and Access Manager
The Role and Access Manager is responsible for the development and maintenance of the Role Based Access Control (RBAC) framework for the corporation. In conjunction with business leadership and IT technical personnel, they will ensure that access controls are consistent, scalable, and auditable across the organization. This position will interface with the user and technology communities to understand their security needs and implement access controls to accommodate them, employing a least-privileged model for access control. They will act as an advisor to business units during routine reviews of system security and will participate in the continuing creation, modification, and retirement of roles within the business.
Responsibilities
- Understand/Analyze/Document the goals and scenarios for roles (requirements)
- Understand how regulatory and policy statements impact roles and entitlements (HIPAA, PII, CDE, etc.)
- Work with Cybersecurity for on-going discovery and audit of user accounts and access resource groups
- Document access control matrices
- Participate in discussions to refine existing RBAC structures and role rationalization.
- Ensure application onboarding and decommissioning processes address changes to RBAC roles or entitlements.
- Proactively facilitate the management of permissions and entitlements, drive efficiencies in role entitlements
- Serve as Liaison for RBAC/IAM issues.
- Manage Role Based Access controls, including role management, role mining, role remediation, and role re-certifications.
- Maintain user role definitions while maintaining naming conventions and updating entitlements as needed.
- Change contexts, constraints, purpose, and hierarchies that feed RBAC rationale.
- Manage discovery and audit of user accounts and access resource groups.
- Work with IT Security Audit personnel to monitor access to critical systems and infrastructures such as Active Directory, E1, Cognos, TMA, etc. (Splunk alerting – analysis of who is requesting what types of entitlements in key applications, etc.)
- Conduct change impact assessments (example: departmental re-structuring)
- Participate in Sprint Planning meetings or review meeting outcomes to review significant System/Software configuration changes across technology infrastructure and business applications for change management.
- Participate and review User Acceptance Testing and Quality Assurance post RBAC deployment
Requirements
- Bachelor’s degree or equivalent work experience.
- 6 years of business analysis, identity management, or IT audit experience in large, complex corporate environments
- Advanced experience with identity management or access control methodologies and solutions.
- Strong understanding of identity lifecycle management, operating environments (such as Microsoft Active Directory, Azure cloud, etc.), privileged access management, and third party, remote access security.
- Knowledge of network authentication methods, such as user IDs, passwords, MFA, certificates, Kerberos, etc.
- Excellent ability to analyze and understand business processes and functions.
- Ability to interact with business leadership and drive the adoption of process change. Strong written and oral communication skills including documentation.
- Ability to work with little direct supervision, and to foster a team environment.
- Ability to seek out and implement ways to help other team members to be successful.
