Job Description Summary

　　As a staff risk analyst, you will work on control monitoring process improvements and ensuring regulatory controls are met for in-scope applications, users and systems. You will drive day to day analysis on gaps of control adherence, ensuring the SOPs are updated/followed, applications (OS, DB, App) are following all the regulatory controls around identity and access management use cases. Partner with IT controllership, finance controller ship, internal audit, external audit as well DT system owners to ensure proper governance and adherence is in place.

　　Job Description

　　Essential Responsibilities:

　　Collaborate with stakeholders, reporting, collaborating with senior team members in preparing documentation for internal audits and SOX requirements, collecting, or gathering artifacts as needed for internal and external audits as it relates to regulatory audit requirements.Collaborate with internal SOX and GRC teams to define current and future quarterly SOX scope.You will also support knowledge transfer with the objective of providing value-adding consulting solutions that enable our clients to meet the changing needs of the global landscape.Help scope, design, implement, continually evaluate, and improve clients Identity and Access Management controls in relation to regulatory requirements such as SOX and CMMCWork closely with internal stakeholders to help them understand controls for their systems and provide recommendations and guidance for implementation and operation.Perform internal control assessments and assist with continuous monitoring activities and help remediate any control deficiencies or findings.Help plan and manage external audits and assessments, including meeting with internal stakeholders to prepare, coordinating walkthroughs, providing evidence to external auditors, and responding to findings and recommendations.Assist with ongoing SOX related functions, such as performing vendor reviews, user access reviews and risk assessments.Participate in audit, risk and compliance assessments of Identity and Access Management (IAM) activities.Serve as a key IAM audit and compliance contact, explaining the internal assessment processes and scope, keeping IAM management apprised of IAM key risks and issues, and effectively delivering assessment results to Identity Products VPAssist in the design and drive the execution of IAM audit readiness efforts and key advisory reviews performed by our IAM compliance team.Process Joiner, Mover, leavers (JML) request and User Access Revalidation (UAR) activities as per pre-defined sets of procedure and within agreed Service Level Agreements (SLA), resolve problem tickets and assist other security analysts as needed.Participate in planning, scoping, and driving the execution of IAM related assessments and advisory reviews.Assess the design and operating effectiveness of complex IAM areas/controls including the performance of detailed walkthroughs with IAM Subject Matter ExpertsFurthermore, provide recommendations that improve the design, effectiveness, and efficiency of IAM control or processProduce detailed IAM controls design and operating effectiveness testing related work papers that can be shared with internal and external auditors.Assess audit findings /gaps including control weaknesses with an appropriate degree of professional skepticism, seeking to fully understand risks to the firm.Assist IAM delivery leaders with the development and the implementation of Management Action Plans to mitigate weaknesses, providing thought leadership on the appropriateness of the Plan.Provide IAM control consulting and advisory services to management to assist in redesign efforts that improve the IAM control environment.Promote new ideas and new ways of executing projects and internal infrastructure enhancements.Partner with key business stakeholders with relevant IAM Processes to improve the IAM compliance posture.Identify automation opportunities and assist in creating scripts to automate and streamline existing access management controls.Provide support for out daily, weekly, quarterly, and yearly SOX compliance.

　　Qualifications/Requirements:

　　Bachelor's degree in Engineering from accredited university or college with minimum of 5 years of professional experience OR Associates degree with minimum of 8 years of professional experience OR High School Diploma with minimum of 10 years of professional experience.Note: Military experience is equivalent to professional experience.

　　Desired Characteristics:

　　Leadership:

　　Proactively identifies and removes obstacles or barriers on behalf of the team.Defines immediate priorities to help the team focus and deliver critical initiatives.

　　Personal Attributes:

　　Energetic and self-motivated individual with ability to work effectively and cooperatively in a complex organization.Uses critical thinking skills and disciplined approaches to help leaders and leadership teams resolve issues and define solutions.Influences and energizes others toward the common vision and goal in the face of unfavorable odds and setbacks.Able to work under minimal supervision.

　　Technical Expertise:

　　Understanding of various directory structures and configurations (LDAP, Active Directory, etc.).Working knowledge of APIs or other forms of application integrations.Understanding of cloud hosting and processes (AWS and Azure - basic knowledge is a must)Extensive knowledge of Identity Management technologies such as Okta, Ping, Oracle, ForgeRock.Understanding of PCI, SOX, HIPAA, EU-GDPR regulations for IAM.Working knowledge or better of industry standard IGA tools such as SailPoint, Saviynt and/or Sun/Oracle.Advanced knowledge and experience with the Microsoft Directory Stack and Azure and supporting components.General understanding of SOX, HIPAA and/or other global data regulations.Working knowledge of PowershellExperience with Mergers and Divestitures preferred.Strong troubleshooting and root cause analysis experienceRecognizes patterns and complexity in problems. Extracts decomposition algorithms, and strategically plans how to execute programs by understanding how best to decompose to expose / protect against risk.Thorough knowledge of Software Development Life Cycle principles.Strong analytical and strong problem-solving skills. Communicates in a clear and succinct manner and effectively evaluates information / data to make decisions, anticipates obstacles and develops plans to resolve, creates actionable strategies and operational plans. Change oriented - actively generates process improvements, champions and drives change initiatives, confronts difficult circumstances in creative ways, balances multiple and competing priorities and executes accordingly.

　　Location: Remote/Flexible. Global applicants encouraged to apply.

　　Additional Job Description

　　Additional Information

　　Compensation Grade

　　LPB1

　　Relocation Assistance Provided: No