Job Description IDENTITY GOVERNANCE SENIOR OFFICER - ( 240000ZK )
Description
JOB PURPOSE:
To support the information security controls team by ensuring the proper enforcement of the developed identity related security policies in alignment with the set identity access management & governance security strategy and roadmap. In addition to enforce a proper governance model for the Identity and Access Management across the different applications, infrastructure and systems, including monitoring of identity related policy violations, as well as handling of the different identity access security approvals and reviews. KEY ACCOUNTABILITIES:
1. Conduct the annual review and update of the area’s processes, procedures and policies with the adherence to the developed SLAs. This includes mainly the review of the People & Human Resources Security Policy, the Physical & Environmental Security Policy and the Identity Related Access Management Procedures.
2. Design and Develop the Identity and Access Management (IAM) Governance program and ensure proper management of the IAM governance activities including developing the different applications’ security matrices, mapping the different IT roles to their relevant business activities, identifying sensitive access, segregation of duties policies, … etc.
3. Liaise with the different business departments to develop an inventory of business activities, mapped to the relevant applications’ roles, through which sensitive and critical business activities are identified and setup on the IAM platform with appropriate risk ratings.
4. Develop a comprehensive segregation of duties policy across the different business activities and ensure the same is maintained on the IAM platform to control SOD access violations and alert on the same.
5. Liaise with IT Security IAM team to conduct annual review over the applications’ security matrices to reflect any changes on the matrix and ensure access is granted according to the conducted business activity with no segregation of duties policy violations.
6. Ensure the proper management of the bank’s identities according to the developed Human Resources and Physical & Environmental Security Policies through liaising with IT Security Identity & Access Management for the effective utilization and proper setup over the Identity & Access Management, the Privileged Access Management and the Security Access Management platforms.
7. Monitor and track the violations to the developed identity related security policies to ensure the necessary disciplinary actions take place. This includes unjustified Local Admin Privileges, Segregation of Duties Policy Violations, unacceptable use of the bank’s resources, etc.
8. Maintain the standard operating procedures (SOP), for the different access management approvals and ensure proper adherence to the set SLA.
9. Provide security controls approvals over identity related access requests, similar to VPN Access, Sensitive Applications’ Access, Local Admin Privileges, to ensure proper business justification is in place and according to the defined process and SLA.
10. Support the implementation of the key strategic business initiatives and projects through the development of the necessary security access matrix mapped to the staff’s job titles and business activities.
11. Define the necessary physical access controls for CIB’s headquarters, buildings and branches and work with the relevant teams to ensure proper implementation and enforcement of the same.
12. Support the different HR Re-Structure activities to update the different security access matrix mapped to the staff’s new job titles and business activities.
Qualifications
Qualifications & Experience § Bachelor’s degree of Engineering, Computer Science, Information Security or equivalent
§ Officer: Minimum 4 - 6 years of experience in IT, Information Security and/or Governance, Risk and Compliance
§ Senior Officer: 6 - 8 years of experience in IT, Information Security and/or Governance, Risk and Compliance
§ Risk management background
§ Recommended Certifications:
o SANS Global Information Assurance Certification (GIAC)
o CISM
§ Mandatory Certifications:
o ISO 27001:2013 Lead implementer
Skills
§ Very Good command of English and Arabic languages
§ Very Good Communication skills
Very Good Time Management skills
Primary Location
: Egypt-Giza-SMART VILLAGE BLDG. 2
