We are seeking a dynamic and experienced manager to lead the privileged access management team and ensure secure and controlled access to privileged accounts and systems. As the Manager - Privileged Access, you will be responsible for overseeing a team of Consulting Product Analysts, Sr. IAM Security Engineers, Consulting IAM Security Engineers and an Architect. In addition to personnel management, the manager is responsible for overseeing platform stewards responsible for executing on the Privileged Access Management strategic plan in addition to operating and maintaining the tools necessary to achieve a world class Privileged Access Management deployment.
The Manager - Privileged Access applies an advanced understanding of privileged access management practices and technologies to ensure that their team is efficient in addressing the information security needs of the organization and evolves as appropriate to accommodate changes in the business environment and overall security posture.
The Manager Privileged Access will work closely with their peer Foundational and Architecture PAM team, HCA’s Information Protection and Security department to support their cybersecurity initiatives relating to Identity and Access Management.
Organizational Management - Leads a team of ten individual contributors responsible for the operational support and maintenance of highly technical and complex PAM systems. These systems include credentials vaults (Hashicorp, Hitachi, Imprivata OneSign), cloud based key management systems (Azure Key Vault, Google Key Management Server), Entra ID, Privileged Identity Management features, and secure vendor remote access tools (Imprivata SecureLink).
- Applies an advanced understanding of identity and access management practices and technologies with a strong focus on principle of least privilege to ensure that their team securely addresses the information security needs of the organization through privileged access management.
Drives organizational awareness and adoption of privileged access management
Ensures privileged access is properly provisioned to a specific list of highly sensitive and regulated applications (SOX auditable) with significant business, regulatory and financial risk. Due to the sensitive nature of these systems, the specific applications are listed outside of this job description and available upon appropriate request.
Works collaboratively with team members to develop annual performance plans, provides regular (at least quarterly) feedback in the form of performance reviews, coaches alternatively for growth or improvement based on the performance review results.
Acts as a mentor for team members to assist them in identifying areas of personal growth related to career path and desires.
Assists the team members in creating a personal development plan to leverage internal and external opportunities for training and education.
Ensures that team members communicate an accurate and timely status of their current work effort through standard channels (e.g., timesheets, status reports, project status meetings, etc.)
Develops and strengthens deep relationships with business operations, key IT&S support teams, IT&S leaders, vendors, and staff. Fosters an environment that encourages information sharing, cross-training, and process improvement within the department and across business organizations.
Maintains the operational budget for the team to cover software licensing and maintenance costs, new purchases, and training. Must be able to trend and analyze software usage and license consumption on multiple systems to ensure correct budget projections.
Operational Efficiency - Continually identify opportunities to reduce service request volumes (i.e. missing documentation, improved documentation, recurring problem identification), improve departmental efficiency, and guides the develop of solutions and coordinates solution implementation.
- Ensures that a consolidated, well organized, up to date, and easily accessible library of standard operating procedures exists for all procedures associated with all services offered by the team. Ensures that each standard operating procedure document is owned by a team subject matter expert and periodic reviews to ensure accuracy and efficiency occur.
- Develop new and optimize existing processes and procedures used to operate, maintain, support, and operationally expand Identity Management systems.
- Develops and reports pertinent system metrics to drive corrective or improvement activities.
- Develop new and optimize existing processes and procedures used to operate, maintain, support, and operationally expand Identity Management systems.
- Develops and reports pertinent system metrics to drive corrective or improvement activities.
- Assists in the development and evaluation of account management processes and procedures for applications, platforms, and systems at all levels of the enterprise.
- Provides feedback to the appropriate IT&S personnel regarding additional training needed by the field user and/or site.
- Ensures that Service Level Agreements are met for all team service offerings for internal and external customers and business partners. Participates in regular operational assessment meetings and must be able to perform Root Cause Analysis for critical issues and those issues resulting in a work outage that are not resolved in a timely manner.
Project Oversight - Provides input for scheduled projects and proposes projects to develop and deploy solutions for business issues when applicable. Provides level of effort resource estimation for the proposed project to assist in the project management governance and approval process.
- Works collaboratively with project managers to identify correct team resources and resource utilization for project tasks related to team service offerings. Ensures that resources are utilized properly and resource utilization for project and operational activities are reflected accurately in enterprise tools.
- Tracks software and certificate usage and license consumption to ensure that all systems remain in contractual compliance and operate at acceptable levels. Organizational Management
- Ensures that Service Level Agreements are met for all team service offerings for internal and external customers and business partners. Participates in regular operational assessment meetings and must be able to perform Root Cause Analysis for critical issues and those issues resulting in a work outage that are not resolved in a timely manner.
- Maintains the operational budget for the team to cover software licensing and maintenance costs, new purchases, and training. Must be able to trend and analyze software usage and license consumption on multiple systems to ensure correct budget projections.
- Tracks software and certificate usage and license consumption to ensure that all systems remain in contractual compliance and operate at acceptable levels.
- Works collaboratively with project managers to identify correct team resources and resource utilization for project tasks related to team service offerings. Ensures that resources are utilized properly and resource utilization for project and operational activities are reflected accurately in enterprise tools.
- Tracks software and certificate usage and license consumption to ensure that all systems remain in contractual compliance and operate at acceptable levels.
Organizational Management - Ensures that Service Level Agreements are met for all team service offerings for internal and external customers and business partners. Participates in regular operational assessment meetings and must be able to perform Root Cause Analysis for critical issues and those issues resulting in a work outage that are not resolved in a timely manner.
- Maintains the operational budget for the team to cover software licensing and maintenance costs, new purchases, and training. Must be able to trend and analyze software usage and license consumption on multiple systems to ensure correct budget projections.
- Tracks software and certificate usage and license consumption to ensure that all systems remain in contractual compliance and operate at acceptable levels.
- Works collaboratively with project managers to identify correct team resources and resource utilization for project tasks related to team service offerings. Ensures that resources are utilized properly and resource utilization for project and operational activities are reflected accurately in enterprise tools.
- Tracks software and certificate usage and license consumption to ensure that all systems remain in contractual compliance and operate at acceptable levels.
Technical Expertise - Provides identity and access management subject matter expertise for new projects and initiatives deploying systems and solutions requiring PAM controls. Helps guide the development of processes and procedures to enable secure and highly efficient implementation of least privileged principle.
- Provides oversight and guidance to engineers and analysts involved in the process of supporting or operationally expanding PAM solutions.
- Provides technical advice to IT&S architects and management. Understands business drivers, governance requirements, and provides creative alternatives to complex technical situations.
- Represents the Identity & Access department. Can speak authoritatively concerning identity and account management current state processes and procedures, guidelines and best practices within the context of the organization (e.g. participating in meetings to establish technical standards).
- Represents Identity & Access to all internal and external customers, partners, and vendors.
- Speaks authoritatively concerning all platforms, systems, and applications supported, including current state architecture, business value, primary customer base, upstream and downstream dependencies regarding technical processes and support groups, and processes and procedures employed in the support of those platforms, systems, and applications.
- Recommends control measures to improve information security (including evaluating and selecting products and services) and leads testing efforts between departments.
Security/Audit Compliance - Investigates alleged IT security breaches utilizing the tools and auditing capabilities of the tools supported by the department.
- Develops responses to audit findings for platforms, systems, and applications supported or managed by the Privileged Access Management team.
- Assists the Identity & Access Leadership Team in the development of remediation plans to address identified deficiencies in response to audit findings from internal and external audits.
- Interprets IT security requirements from external bodies, such as government agencies and standard-setting bodies and helps to develop security policies, standards, guidelines, procedures, and other elements of an infrastructure to support IT security.
- Monitors developments in the IT security field to identify new opportunities and new risks.
- Performs other duties as assigned
- Practices and adheres to the “Code of Conduct” philosophy and “Mission and Value Statement.”
|