דרושים Management Analyst ב-United States, Massachusetts, Boston

LOB Overview:

• Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies, and addresses vulnerabilities and operates global security operations centers that monitor, detect, and respond to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.

Responsibilities:

• Support the implementation and ongoing management of access provisioning solutions across enterprise platforms, ensuring alignment with security policies and regulatory requirements.

• Apply working knowledge of Active Directory , Microsoft Azure, Amazon Web Services (AWS), and Mainframe , Oracle and SQL databases , file systems , and enterprise storage , with a focus on enforcing least privileged access .

• Assist in maintaining access control policies , group structures , and role-based access models to support scalable and secure provisioning.

• Collaborate with application owners and infrastructure teams to implement access requirements for new and existing systems.

• Participate in automation initiatives to streamline provisioning and de-provisioning workflows , integrating with identity governance platforms and HR systems and IAM controls.

• Conduct periodic access reviews , entitlement audits , and certification campaigns to ensure compliance and identify access anomalies.

• Investigate and remediate access-related incidents, working closely with cybersecurity and risk teams to address vulnerabilities and improve controls.

• Stay current with emerging IAM technologies, regulatory changes, and industry best practices to continuously enhance the access provisioning program.

• Prepare metrics, reports, and recommendations to senior leadership and audit teams regarding access provisioning effectiveness and risk posture.

LOB Summary:

• Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies, and addresses vulnerabilities and operates global security operations centers that monitor, detect, and respond to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.

Role Description:

• This role will be responsible for designing and implementing modernized processes that optimize Identity and Access Management workflows and cross-functional integration with systems that are deeply interconnected with identity management (i.e. HR, IT, Security). The ideal candidate will possess strong organizational, leadership, and communication skills, with the ability to engage senior leaders and teams across the enterprise. In this role, you will partner with stakeholders in Global Information Security (GIS) and the bank to drive end-to-end identity processes aligned with strategic organizational goals. You will ensure transparency in work activities, alignment with business and technology strategies, and establish governance structures for effective delivery oversight.

• Responsibilities include leading end-to-end process reviews with the Identity and Access Management and upstream/downstream teams to identify process gaps and risks. Using data-driven analysis, you will recommend strategic improvements with measurable outcomes. You will also provide thought leadership with respect to identifying inefficiencies, document current and future state processes, and develop user guides and metrics to translate identity insights into to optimal user experience while meeting the bank’s security standards.

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities, and operates a global security operations center that monitors, detects, and responds to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.

What you can expect in Identity & Access Management:

In today’s highly connected world, managing and securing the identity of users is essential to the safety and success of our workforce. The Identity & Access Management (IAM) team works within Global Information Services (GIS) and in close participation with all other LOB teams as well as second and third line of defense partners. This role is highly visible and requires frequent interaction with senior management and key stakeholders.

The Senior IAM Information Security Controls Lead will analyze, strengthen, and secure the company's IAM systems and overall risk posture for end user, application and privileged access management. The individual in this role will be a leader in the IAM innovation space, working with senior leaders to implement new technologies and frameworks. This role requires collaboration with technology peers to modernize the IAM ecosystem for securing evolving technologies and identities.

The role also applies knowledge of laws, rules, regulations, and information security frameworks (e.g., NIST, COBIT, ISO) to establish and maintain policies, validate alignment of processes and controls to requirements, report on adherence to policy requirements, and maintain governance programs related to IAM Standard controls. Expectations include leveraging data analytics, governance process management, and cross-functional partnerships to verify policy compliance, identify gaps, and support remediation activities.

Responsibilities:

• Define and steer IAM standards including designing enterprise appropriate adherence models, and related measures for governance, controls and effectiveness management.

• Drive application/platform IAM modernization approach and program for information & data synchronization/management, moving from legacy manual to modernized identity automation solutions, such as connector frameworks.

• Collaborate with partner cybersecurity, engineering, and compliance teams to develop and align controls with industry standards, to mitigate known threat vectors, adopt best practice principles and meet regulatory requirements.

• Drive optimization & adoption of innovative and transformational strategies including but not limited to tooling integrations with enterprise platforms such as Active Directory, Mainframe and Public Cloud.

• Drive requirements, modernization and derisk efforts for processes, controls, systems and platforms, reducing technical debt, improving identity hygiene and supporting continual risk reduction efforts.

• Interacting with examiners and partners within control oversight organizations such as Audit, Compliance, Operational Risk, Regulators, and independent assessment organizations to represent IAM.

• Manage, liaise with and oversee currency of documentation, governance routines, and QA processes to capture, drive and improve alignment with standards and controls.

• Drive access management product and systems requirements for solutions, platforms and application-level integrations.

• Influence technology decisions and vendor strategies to support IAM objectives.

Access Control Management

• Implement and maintain security administration and access policies using RACF, ACF2, or Top Secret.

• Enforce least privilege and role-based access control (RBAC).

• Ensure multi-factor authentication for privileged users.

• Ensure that privileged access and encryption policies are enforced.

Compliance & Auditing

• Align security administration and access controls with regulatory frameworks (SOX, UCAL and PWC applications).

• Maintain detailed logs and audit trails for all access request and administrators provisioning activities.

• Utilize tools such as Vanguard Resource Administrator (VRA) for forensic analysis and Report Analyzer for reporting.

Security Governance

• Monitor for unauthorized access and potential data leakage.

• Conduct regular access reviews and security assessments.

• Integrate with Identity and Access Management (IAM) systems for centralized governance.

Team Management

• Lead and mentor a team of mainframe security analysts.

• Ensure team proficiency in RACF, Top Secret, and z/OS environments, including by participating in learning opportunities and communicating with vendors

• Promote automation of repetitive provisioning tasks to enhance efficiency.

• Oversee ticketing systems integrated with IAM workflows for request tracking, Quality Assurance validation for efficiency and remediation.

Training & Development

• Provide ongoing training on evolving security threats and compliance requirements, process changes.

• Set Global Information Security goals and encourage professional certifications (e.g., CISSP, Certified RACF and Vanguard Specialist).

Operational Best Practices

• Ensure 24/7 monitoring of access provisioning activities.

• Establish and maintain incident response protocols for access-related events.

• Design scalable provisioning processes to support organizational growth.

Required Qualifications:

• 10+ years of progressive experience in Identity and Access Management, with a strong focus on access provisioning across enterprise environments.

• 10+ Years of experience in RACF, ACF2 and zOS systems

• Drives Mainframe Modernization and work in close partnership with the CTO Mainframe team to provide SME security leadership.

• Deep technical expertise in Mainframe RACF, Vanguard and Microsoft Azure AWS, Databases DB2 and VMSecure and enterprise storage platforms.

• Proven ability to design, implement, and manage access provisioning solutions that enforce least privileged access and align with regulatory and internal compliance requirements.

• Strong understanding of IAM governance frameworks, platforms (e.g., ForgeRock Single Sign- On SSO, Adaptive Authentication) role-based access control (RBAC), group policy management, and privileged access management (PAM) tools, CyberArk, Hashi Corp and Beyond Trust.

• Experience with automated provisioning/de-provisioning workflows, including integration with HR systems to demonstrated proficiency in scripting and automation (e.g., PowerShell, Python) to support scalable access provisioning and audit processes.

• Familiarity with cloud infrastructure security and access controls in hybrid environments, particularly within Microsoft Azure AWS and Oracle Cloud.

• Ability to conduct access reviews, entitlement audits, and risk assessments to identify and remediate access-related vulnerabilities.

• Excellent analytical, problem-solving, and communication skills, with the ability to collaborate across technical and business teams.

• Bachelor’s degree in computer science, Information Security, or a related field; advanced degree or certifications (e.g., CISSP, CISM, Microsoft Certified: Identity and Access Administrator Associate) preferred.

• BS/BA Engineering degree or equivalent experience

Desired Skills:

• Understanding or have experience with agile and lean philosophies.

• Strong critical thinking and problem-solving skills with clear communication

• Ability to collaborate with different roles to achieve common goals.

• Ability to think critically and question the status quo.

• Understand how to identify software security vulnerabilities and recognize and communicate their associated impact to the business.

• Demonstrate awareness of secure software design principles such as least privilege, defense in depth, or designing secure user interfaces

Job Summary:

Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies and addresses vulnerabilities and operates a global security operations center that monitors, detects and responds to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.

What you can expect in Identity & Access Management:

In today’s highly connected world, managing and securing the identity of users is essential to the safety and success of our workforce. The Identity & Access Management (IAM) team works within Global Information Services (GIS) and in close participation with all other LOB teams as well as second and third line of defense partners. This role is highly visible and requires frequent interaction with senior management and key stakeholders.

• Global Information Security (GIS) is responsible for protecting bank information systems, confidential and proprietary data, and customer information. GIS develops the bank’s Information Security strategy and policy, manages the Information Security program, identifies, and addresses vulnerabilities and operates global security operations centers that monitor, detect, and respond to cybersecurity incidents. Within GIS, Identity and Access Management (IAM) is a security discipline that enables the right individuals to access the right resources at the right times and in the right context. IAM addresses the mission-critical need to ensure appropriate access to the resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.

Role Description:

• We are seeking a highly experienced and technically proficient Senior Identity and Access Management (IAM) Specialist to lead access provisioning initiatives across a complex enterprise environment. This role is critical to ensuring secure, compliant, and efficient access to systems and data, with a strong emphasis on enforcing least privileged access principles that eliminate excessive permissioning.

• The ideal candidate will bring deep expertise in IAM technologies and platforms—including Active Directory , Microsoft Azure, Amazon Web Services (AWS), and Mainframe , Oracle , SQL , and various file and storage collaboration systems, password secure controls including keys and tokens —and will be responsible for designing and implementing scalable access provisioning solutions to integrate IAM processes across cloud services. This is a hands-on technical leadership role that requires strategic thinking, cross-functional collaboration, and a commitment to continuous improvements in identity governance and access platforms and controls.

Responsibilities:

• Lead the design, implementation, and ongoing management of access provisioning solutions across enterprise platforms, ensuring alignment with security policies and regulatory requirements.

• Serve as the subject matter expert for Active Directory , Microsoft Azure, Amazon Web Services (AWS), and Mainframe , Oracle and SQL databases , file systems , and enterprise storage , with a focus on enforcing least privileged access .

• Develop and maintain access control policies , group structures , and role-based access models to support scalable and secure provisioning.

• Collaborate with application owners, infrastructure teams, and business stakeholders to define and implement access requirements for new and existing systems.

• Drive automation initiatives to streamline provisioning and de-provisioning workflows , integrating with identity governance platforms and HR systems and IAM controls.

• Conduct periodic access reviews , entitlement audits , and certification campaigns to ensure compliance and identify access anomalies.

• Investigate and remediate access-related incidents, working closely with cybersecurity and risk teams to address vulnerabilities and improve controls.

• Provide technical leadership and mentorship to junior IAM team members, fostering a culture of security-first thinking and operational excellence.

• Stay current with emerging IAM technologies, regulatory changes, and industry best practices to continuously enhance the access provisioning program.

• Prepare and present metrics, reports, and recommendations to senior leadership and audit teams regarding access provisioning effectiveness and risk posture.