What we look for
Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads. An effective communicator, you'll be a confident team player with a genuine passion to make things happen in a dynamic organization.
If you're ready to take on a wide range of responsibilities and are committed to seeking out new ways to make a difference, this role is for you.
Job purpose
We have one global role, Identity and Access Management Business Senior Analyst, available in Madrid (Spain), Malmö (Sweden) or Amsterdam (Netherlands).
Reporting to the Process Security Risk Team Lead which is part of the Infosec Department, you will hold a key role in safeguarding an organization's digital assets and ensuring secure access for authorized users.
Main Responsibilities
Develop and maintain an IAM framework that allows effective monitoring, management, and mitigation aligned with business objectives associated with the operations of our organization and our technology.
Support the development of security standards, procedures, policies, and necessary modifications to existing ones regarding IAM.
Review Identity and Access Management processes, covering user lifecycle, regular recertification processes, exceptions, and approvals, in line with Verisure policies.
Understand the security needs of internal and external stakeholders, regulators, and auditors and support IAM related controls for an increasing number of regulations.
Support, perform, and control the full audit cycle over IAM controls effectiveness and compliance with all applicable directives and regulations.
Engage and interact with key stakeholders and provide strategic level advice on the cybersecurity domains to all of them.
Required Qualifications
Minimum qualifications
Bachelor's in Computer Information Systems or related discipline and 3 years of direct experience in information security, with a main emphasis on Information Security & IT risk and compliance.
Proven experience working with identity and access management concepts and a pragmatic approach developed through experience working on IAM programs: Strong knowledge of identity management standards and technical skills on access control on different technologies (e.g., Unix, Linux, Windows, Oracle, SQL, RACF, OS400, etc.).
Strong understanding of RBAC principles and experience in developing and implementing RBAC policies.
Defining, creating, and executing an IAM control framework, not only internally but also for third-party and partners.
Experience in documenting security procedures, policies, and standards with a focus on the development of workflows and documentation related to identity and access management.
Experience performing assessments and conducting compliance and maturity assessments using international standards and best practices from various industries related to IAM.
Ensuring that all risks, vulnerabilities, and non-conformities related to Identity and Access Management are actively managed, monitored, documented, and mitigated if possible.
Defining and tracking KPIs/KRIs and generating reporting adapted for different levels and stakeholders.
Work experience in a professional environment preferred, including demonstrated planning and problem-solving skills and ability to analyze complex technical issues.
Thorough understanding of market structures, including relevant regulatory compliance requirements (PCI DSS, SOC 2, NIST, GDPR, COBIT, ITIL, etc.).
Experience organizing and carrying out risk assessment and compliance projects. Ability to successfully manage audits (external, internal, and third-party ones), compile evidence, and organize audit responses.
Experience with project management and process improvement. Ability to build professional relationships and collaborate effectively with peers and stakeholders.
Effective verbal and written communication skills and be comfortable presenting to different levels within and outside of the organization.
Fluent written and verbal communication skills in English. Travel availability.
Preferred qualifications / Personal Characteristics
Relevant security certification like: ISO / IEC 27001 Lead Auditor and Implementer (Security Information Management) certification; ISACA Certified Information Systems Auditor (CISA) certification; ISACA Certified in Risk and Information Systems Control (CRISC) certification.
Proficient with MS Office, project management, and at least one GRC tool (recommended).
Familiarity with IAM tools, such as Sailpoint, CyberArk, etc., and Active Directory.
Familiarity with Information systems auditing, monitoring, controlling, and process assessment.
Familiar with current home security / smart home technologies, future developments, and understanding of business models behind them.
#J-18808-Ljbffr
