We are seeking a highly skilled Information Security Specialist to serve as the lead Identity and Access Management (I&A) subject matter expert. You will play a critical role in ensuring that new and evolving applications and infrastructures are secure by design and compliant with security controls. In this role, you will focus on reviewing I&A control areas, providing recommendations, and participating in the approval process. Additionally, you will act as the technical lead for the I&A SDA team, coordinating activities and handling escalations.
Position: IAM Specialist
Location: Bucharest, Romania
– Security Review: Review security application design documentation provided to the SDA, with a focus on identifying weaknesses in I&A control areas.
– Guidance: Provide guidance and recommendations on addressing identified weaknesses in areas such as Identity Lifecycle Management, Authentication, Authorization, and Privileged Access Management.
– Voting: Cast a vote (approved or not approved) for each reviewed application, accompanied by a justification for the vote.
– Collaboration: Collaborate closely with other SDA voting members, ensuring clear separation and effective communication with teams like Cryptographic Architecture and Global Network Services.
– Non-compliance Resolution: Advise projects on formally assessing and accepting residual risks for non-compliance issues that cannot be remediated before the application go-live.
– Technical Leadership: Assume the role of the technical lead for the I&A SDA team, coordinating activities, managing escalations, and ensuring the team’s effectiveness.
– Education: Degree-level qualification in IT and/or information security, preferably related to Identity and Access Management (IAM) or cryptography.
– Experience: A minimum of 5 to 7 years of hands-on experience in IT security and governance.
– Extensive knowledge of IAM disciplines, including identity management, access request and approval processes, provisioning, recertification, authentication using single and multiple factors, authorization in RBAC and ABAC scenarios, Privileged Access Management, secrets management, and IAM governance and analytics.
– Basic understanding of network communication techniques and cryptographic methods/tools to assess the effectiveness of IAM solutions.
– Proficiency in reviewing the security context of information systems at both application and infrastructure levels, with a strong ability to navigate complexity and read between the lines.
– General awareness of IAM threats, vulnerabilities, protection strategies, and commonly used technologies to mitigate risks.
– Familiarity with IT management/control frameworks, such as ISO/IEC 27000-series, Control Objectives for Information Technology (COBIT), NIST Standards, or Cloud Controls Matrix.
– Basic knowledge of regulatory frameworks relevant to financial institutions, such as the General Data Protection Regulation (GDPR), Payment Service Directive (PSD2), TRM Guideline of the Monetary Authority of Singapore (MAS), or Payment Card Industry Standard (PCI).
– An overview of agile Software Development Life Cycle (SDLC) approaches and familiarity with automated deployment techniques like “infrastructure as code” and “policy as code” in contemporary Cloud environments (e.g., Azure, Google).
– Strong communication skills in English, both written and verbal, enabling effective communication with senior management.
– Ability to work well within teams and independently with a “can-do” attitude.
– A proactive attitude towards self-paced learning and career development, setting an example for new employees.