JOB DESCRIPTION

Description

The IAM Engineer - Principal is accountable for delivery and implementation of IAM and CIAM technologies across the bank.

Duties & Responsibilities:

• Ensure that Client's Identity & Access Management (Identity Federation/SSO) services are designed to be compliant with security and privacy standards and other industry standards and practices.
• Work with Portfolio Manager to deliver IAM and CIAM program strategy, roadmap, objectives, and key milestones to provide business value and sustain identity and access management capabilities.
• Consult with IAM architects, Enterprise Architects, and Application Architects to refine work needed to implement technologies in alignment with established designs and patterns.
• Consult with business units when implementing Single Sign-On, Multifactor Authentication, or enabling authentication policies for new systems.
• Collaborate with IT and development teams to ensure seamless integration of CIAM products with existing systems and applications.
• Assist with vendor relationships and any evaluation or recommendations related to new vendors and technologies.
• Provide leadership and guidance to a team of CIAM engineers.
• Foster a culture of continuous learning, skill development, and collaboration within the CIAM team.
• Lead the response to CIAM-related security incidents and implementing any necessary corrective actions.
• Other duties as assigned.

Basic Qualifications:

• Bachelor's degree in Computer Science or Information Security
• 6+ years of experience in Information Security or in management of a cross functional department.
• 6+ years of experience gathering requirements and demonstrating successful delivery.
• 6+ years of experience and understanding of various regulatory requirements and laws such as, but not limited to, Payment Card Industry (PCI), Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), Health Information Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR) and Gramm-Leach-Bliley Act (GLBA). Additionally, experience in one or more of the following is required: ISO, ITIL, NIST, CSA.
• 3+ years of experience delivering and sustaining cloud IAM lifecycle holistically throughout the enterprise including in AWS, Azure, and GCP.
• 3+ years of experience with Identity Federation/SSO specifically using Ping Identity products on-premises and/or in the cloud.
• 3+ years of experience working with application teams to integrate SAML, OAuth, and OIDC.
• 3+ years of experience administering IAM and/or CIAM systems, access controls, security, and risk management, as well as a security governance framework at scale.

Preferred Qualifications:

• CISSP, CISM
• Experience with both Agile and Waterfall working methods.
• Experience as a Product Owner for a combination or a specific aspect of Authentication technology
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Extensive knowledge of Active Directory (AD) and LDAP Directories (e.g., Oracle Directory, Novell/NetIQ eDirectory) and use of SCIM
• Experience with SSL/TLS encryption, RADIUS, privileged accounts, SoapUI, and integration of vendor application program interface (API) capabilities
• Experience with SIEM products for reporting and dashboards or previous experience with SQL or other applicable query languages.
• Experience migrating from legacy Identity and/or SSO solutions to Ping Identity products.
• Experience working with application teams to integrate Single Sign-On and Multi-Factor Authentication
• Experience with Python, PowerShell, and/or JavaScript
• Experience with PingOne Advanced Services Platform