EY IAM Monitoring Analyst in Argentina
IAM Monitoring Analyst
Core Business Services
Requisition # ARG001MU
Post Date Aug 09, 2018
The Identity & Access Management (IAM) Monitoring Senior Associate, for Information Security Compliance (ISC) Continuous Compliance (CC), provides internal monitoring within the IAM space. The IAM Monitoring team monitors the remediation progress of non-compliant accounts (user, privileged, application / service) within Critical Business Applications, Systems or Infrastructure, measured against EY Technology (EYT): Information Security’s Policies and Operational Procedures. The team acts as a point of contact for escalations of non-responsive remediation efforts/requests. The team compiles and distributes Key Performance Indicators (KPIs) and metrics to EYT’s Leadership. The team performs attestations for user/system accounts within Critical Business Applications/Systems pertaining to compliance or standards. The role’s remit considers such security control risk related activities as those that may result from separated users, data anomalies as well as general department validation of compliance actions among other related activities. The role is also responsible for technical tasks at a level 2 of remediation that are assigned to the team in ServiceNow, EYT’s service management tool, or through email requests to the team via the group’s shared team mailbox. The role is also responsible for facilitating and gathering needed information for policy exception requests for all security objects to the firm’s compliance mandates as determined by such regulators as by the Office of the Chief Information Security Officer (CISO). The role is an individual contributor and is managed by the IAM Monitoring Team Lead within the ISC CC team
Well defined analytical skills to conduct effective issue analysis so that key issues are properly identified and effective solutions are provided. Uses analytics to identify issues for solution as well as escalation for security issues and breaches that have wider impact.
Working knowledge of Information Technology Infrastructure Library (ITIL) to identify industry standards and procedures for Incident, Problem, Change and Knowledge as required by the role’s remit.
Working knowledge of ISO 27001 to identify industry standards and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.
Takes an active role in building and advancing knowledge of EYT’s Information Security policies and compliance directives with specific focus on Identity and Access Management within internal critical business applications and systems for security compliance.
Solid familiarity of EY’s businesses supported within the location to recognize the impact of security technology audit issues to a specific business unit and to engage and participate with confidence on escalating issues that impact a particular desktop, business or location.
Strong advanced interpersonal skills to adapt personal communication styles to the style of others, to engage, as a thought leader, with all levels of the organization, staying calm under pressure and to maintain the credibility the business has in IS Compliance technical support.
Advanced time management skills to prioritize workload and work through issues and incidents with efficiency and guide others in same
Strong oral and written communication skills in the English language to work effectively with all levels of end users and IT personal
Advanced knowledge in current and future features of aligned technology to the role’s remit including but not limited to:
EYT’s current platform technologies as used by IAM Monitoring services including Structured Query Language (SQL), SQL/Oracle database knowledge, Advanced PowerShell scripting skills, Visual Basic for Applications, Advanced PowerBroker and Splunk skills
Knowledge of data sources, Human Resources (HR) , Active Directory and Asset Management
Knowledge of Identity and Access Management (IAM) services as a means to collaborate with this group in Operations and EYT.
IT service management tool, ServiceNow, to record incidents and remediation as well as guide others in features and functions.
Qualifications, certifications and education requirements:
Bachelor's degree in computer related field or equivalent work experience
Approximately 3-5 years of experience in computer information security
Should hold one of the following or equivalent certifications
• Certified Information Systems Security Professional (CISSP)
• Global Information Assurance Certification (GIAC) in related area
• Information Technology Infrastructure Library (ITIL v2 or v3 Foundations training)