Authentication Control Owner - Cyber Security Operations

Full Time on W2

Are you passionate about working with the best information security team in the world? Our client is hiring top talent to join our team.

The Cyber Security Operations (CSO) function within Global Information Security is responsible for all aspects of threat intelligence and monitoring, application and network security, and insider threat. In addition, the CSO team drives out the enterprise-wide cyber exercise program.

The Authentication Control Owner will be responsible for leading, organizing, and implementing a variety of activities related to governance of authentication controls. The Authentication Controls Owner will perform key activities to provide assurance that IAM controls requirements are being adhered to across the company, have appropriate testing, are performing effectively and reporting exists for transparency to senior leaders.

The Authentication Control Owner will be a Subject Mater Expert (SME) for all things Authentication related. Responsibilities include:

• Drive Authentication Control improvement through enterprise level integration, including optimizing requirements (GIS Standard and Procedures), establishing collaborative partnerships (CSD, GIS, GT&O, and FLUs), and effectively leveraging the Enterprise Risk Framework to managing IAM-related operational risk.
• Contribute as a SME to the updates of the IAM standard, related procedures, and other connected Standards/procedures, proposing modifications to Authentication requirements to improve clarity, address control effectiveness gaps , and provide consistency with applicable laws, rules, regulations and industry best practices.
• Develop "Enterprise Control Domain Owner" capabilities for holistically assessing effectiveness of enterprise Authentication controls; reporting and escalation of issues; and driving improvement through integration with GIS policy, strategy, architecture, technology development and third party information protection organizations.
• Integrate IAM Control Management into CSD operations, focusing on establishing channels, forums, and reporting to understand the Identity and Access Management Control deficiencies that contribute to incidents and through development of proactive issue identification based on Cybersecurity Intelligence.
• Support assessments of IAM Controls by control partner organizations, including Compliance and Operational Risk, Audit, and regulatory examiners.
• Enhance IAM controls to account for the onboarding of new technologies; system architectures; and, the new risk tolerances that will align to the rollout and employment of the new capabilities.
• Work closely with the BISO and CST Architecture teams, identify emerging technologies that will be brought into the Bank's environment.
• Assess IAM Controls for new Technologies. For enterprise projects involving emerging technologies e.g. cloud-based services, drive assessments of IAM Controls/Operations applicability, identifying how/where existing IAM controls/requirements apply as-is, require some modification, or where net new controls need to be developed.
• Integrate IAM Controls Governance into Enterprise Change Management Processes (PTB/PTO, SbD, etc.) by developing standard approaches for technology organizations and supporting BISO organizations to verify adherence to IAM policy and engagement of Control Owner for introduction of any proposed new IAM technologies.
• Assess and report effectiveness of enterprise authentication services in managing risk of impersonation.
• Create annual plan for Authentication Service Assessments (ASA), including improvements to questions, selection of services to be assessed, coordination with Policy Adherence Assessment team.
• Escalate risks awareness through governance meetings with providers of authentication services that have open issues, along with their supporting BCMR, Operational Risk and Compliance and BISO partners.
• Manage the governance process for adding additional AITs to the approved Enterprise Authentication Services table.
• Develop means to detect and create findings for non-adherence to requirements to use Enterprise Authentication Services outside of the ASA.

Candidate should be:

• Familiar with Active Directory and Active Directory Federation Services (ADFS)
• Experienced with cloud-based authentication capabilities, especially Azure active directory and Azure Multi-Factor Authentication.
• Experienced with Authentication protocols such as Kerberos, LDAP, RADIUS, SAML, OAuth, OpenID Connect
• Experience with single-sign on protocols, networking, firewalls, proxy and VPN access.
• Knowledgeable of infrastructure, directory, and security best practices to be able to evaluate procedures for an efficient standards development and compliance measurement.