Manager II | IAMC

Job Type

Full-Time

General Description

Responsible for the oversight and validation of the controls and operating effectiveness related to the Identity Access Management program. Scope of responsibilities will span both the US and Puerto Rician operating environments. Continuously evaluate the current state of IAM processes and identifies deficiencies or inefficiencies in current processes, data, and/or systems and recommends changes or improvements. Ensure system testing is being done to identify flaws and guarantee accuracy/performance, or that use cases are being evaluated with exceptions or issues identified. Train users on policies and procedures related to IAM. Collaborate with other departments to ensure secure access to systems and data is maintained appropriately. Documents processes and procedures and periodically reviews for quality and completeness. Escalates and resolves issues in a timely manner.

Essential Duties and Responsibilities

• Plan, implement, and manage identity and access management controls related to the solutions utilized.
• Oversee the control structures and validate effectiveness of user accounts, permissions, and access controls.
• Provide oversight of the log monitoring activity used to identify potential security incidents.
• Work with senior leadership to ensure that the program meets the needs of the business.
• Ensure processes and procedures comply with all relevant laws and regulations.
• Develop and maintain training materials related to identity and access management and periodically train end users.
• Monitor compliance with internal policies and external regulations.
• Respond to audit findings and implement remediation measures.

Essential Duties and Responsibilities (cont.)

• Handle escalated customer inquiries and support tickets and evaluate potential control deficiencies identified in the escalation process.
• Coordinate with the testing functions to create test cases to validate controls and report any defects found during testing.
• Perform secondary quality assurance, for joiner, mover, leaver processes. Oversee testing to guarantee compliance of Information Technology General Controls and standards.
• Perform quality assurance processes for access provisioning to detect over permission cases and prevent non-compliance with the Principle of Least Privilege. Ensure lessons learned are evaluated and control changes required are timely implemented.
• Perform secondary quality assurance for user and access certifications, effectively identifying potential human errors, inaccuracies, and bugs. Ensure lessons learned are evaluated and control changes required are timely implemented.
• Understands and supports the IAM general controls.
• Documents the methodology, procedures, and findings in written format.
• Supports the prevention and detection of deficiencies, conducts self-assessments, automated assessments, and resolution of identified issues. Ensures tests are being done by the 2nd line to ultimately report success or failure. (Upgrades, workflows, reports). Helps the Access areas design plans and implement the required controls to correct defects or issues found during testing.

Essential Duties and Responsibilities (cont.)

• Timely supports internal and external audit requests and complies with appropriate remediation as required.
• Collaborates with staff/management from various departments to communicate quality assurance results and potential issues.
• Manages and directs the work streams related to IT SOX Compliance covering ITGC and IT dependencies.
• Thorough understanding of ITGC domains such as Logical Access, Change Management, SDLC and Computer Operations.  Helps oversee controls in other non IAM topics, mainly those supported by the Cyber Division.
• Work with control owners and operators to ensure quality, consistency, and operability of new and existing controls.

Supervisory Responsibilities:
Carries out supervisory responsibilities in accordance with the organization's policies and applicable laws.  Coach and develop employees.  Foster a spirit of teamwork allows for disagreement over ideas as well as diversity.

Education

Experience

A combination of 3+ years of experience in Audit/GRC areas (risk management, control, compliance), 2+ years of experience in the financial and consultancy industries and 2+ years of experience with IAM Governance or programs. 

Certifications / Licenses

Some certificates and licenses may be required for several managerial positions. Professional certifications in Information Security preferred (such as CISA, CISM, CRISC, CISSP and CIAM).

Knowledge, Skills and Abilities

• Strong business acumen: ability to understand the needs and concerns of business stakeholders and colleagues and respond promptly and effectively to stakeholder requests.  Ability to conduct analysis on work procedures, business results, and recommends changes to improve the effectiveness of the business's management. Ability to integrate business acumen into communications, presentations, and negotiations. Ability to manage highly restrictive and confidential information.  
• Strong technical acumen: knowledge in analyzing, designing, and implementing IAMC initiatives to define controls and identity access management program strategy. Compliance driven – ability to balance the needs of the division against stated privacy requirements and controls.
• Analytical skills: Stays focused on main issues, prevents irrelevant issues or distractions from interfering with timely completion of assignments. Exceptional analytical, collaboration and problem-solving skills. Collects, research and complements data; ability to break down complex questions / data into well-structured analyses and synthesizes complex or diverse information. Demonstrates attention to detail; Applies design principles; Generate creative solutions. Strong critical thinking and problem-solving capabilities; quantitative, research and analytical skills. Experience with data analysis, persuasive and informative writing, workload management, and process management.
• Problem Solving: Identifies and resolves problems in a timely manner; Develops alternative solutions. Ability to work in a high priority environment. Effective people skills to lead and coach the depth and breadth of Units’ programs while strategizing and implementing new solutions through partnering with corporate-wide teams.

Knowledge, Skills and Abilities (cont.)

• Project Management: Ability to prioritize and work with multiple projects and tasks with minimum supervision; self-direct and task switch between strategic and tactical initiatives regularly. Capacity to achieve results according to plan ensuring the expected quality. Excellent organization capacity to define priorities, meet deadlines, and flexible to change. Ability to meet deadlines and manage project delivery. Knowledge on project coordination, identification of business needs, work plan, budget control, time management, resource allocation, team management and status reports.  Must demonstrate leadership, logic, and reasoning skills.
• Communication skills: effectively interact with internal and external stakeholders. Ability to foster trusting relationships with colleagues and clients.  Fully Bilingual (Spanish/English): highly develop written and verbal communications skills in English.  Presents numerical data effectively. Superior communication and interpersonal skills.  Excellent report-writing and presentation skills.  Polished in preparing presentations, executive summaries, and business reports in English for executive audiences.
• Operational/Regulations Processes: Knowledge on budget administration, resources allocation, organization’s policies, and regulations. Ability to establish, conduct and track operational processes properly, and implement changes.
• Computer and technological skills: proficient in MS Office 365 and other software’s. Familiarity with Information Security Systems, such as Active Directory are a plus. 

Region Locations

Puerto Rico

Work Schedule

Hybrid

Values

Additional Requirements

The information provided here is only a general guide as to the nature of the position and does not constitute an exact description of the goals, tasks, duties, and responsibilities of the position. The specific details of each position are described in the employee’s performance evaluation.