JOB DESCRIPTION

ASET is seeking an Identity Management Information Security Analyst with strong background in Identify and Access Management (IAM) to play an essential role in protecting the confidentiality, integrity, and availability of State information and systems. This position ensures that the appropriate identity, account management, and cryptographic key security controls and audit procedures are in place to protect confidential information used by the State from known and unknown internal and external threats, including data loss; and cyberattacks that cause downtime and unauthorized system access

KNOWLEDGE, SKILLS, & ABILITIES

Desired candidate will possess a Bachelor's degree plus 6 years' experience in information security or identity management systems (or an equivalent experience). Certified Information Security Systems Professional preferred. Extensive knowledge and experience in provisioning role-based accounts and granular access accounts in an enterprise environment. Desire candidate with strong familiarity with directory structures and file system permissions.

Knowledge and Experience with:

LDAP and AD authentication accounts

Enterprise Identity and Account management life cycles

Cloud SSO & IAM solutions such as Okta (preferred).

Cloud-based solutions such as G Suite by Google Cloud or Microsoft Azure / Office 365 (preferred).

z/OS, RACF, Vanguard (a plus).

Must have strong customer service skills with the demonstrated ability to build strong relationships inside and outside the organization. Excellent interpersonal communication skills, both written and oral, with the demonstrated ability to develop and write technical documentation a must.

ESSENTIAL TASKS:

Establishes and administers user identity and access in a secure fashion and in accordance with Statewide Information Security Policies and Standards for multiple information systems; including validation, establishment, modification, and revocation of standard and privileged user identities / accounts, role based and granular access, and management and mitigation of account and access related exceptions per established processes.

Validates conditions for role-based membership and access authorizations (i.e., privileges) and other attributes (as required) for each account;

Administers role-based access scheme that organizes and allows for information system access and privileges into predefined roles.

Tracks managers and/or supervisors that provide authorization for privileged system accounts;

Monitors the use of information system accounts in accordance to Statewide Information Security Policies and Standards.

Grants privileged access to the information system based on:

A valid access authorization;

Intended system usage; and

Other attributes as required by the organization or associated mission and business functions;

Change privileged access to information system based on:

A valid access change authorization;

When access accounts requirements change, or access is longer required;

When users are transferred or roles change; and

When individual information system usage or need-to-know changes;

Revokes privileged access to information system based on:

A valid access revocation authorization;

When accounts are no longer required;

When users are terminated, or transferred; and

When individual information system usage or need-to-know changes;

Reviews accounts for compliance with account management requirements. Establishes processes for reissuing shared/group account credentials (if deployed) when individuals are removed from the group.

Produces monthly management reports for account auditing and control purposes.

Other duties as assigned