The access manager is responsible for developing, maintaining and improving all access related policies and duties within the group IT landscape. He or she is responsible to ensure compliance to laws and regulations and compliance to internal policies.
– Ensure that access rights of individuals are in line with the requirements defined in Group policies and access rights granted do not violate the principle of segregation of duties
– Define system-independent access control operational standards (process-level and procedural details on enforcing access controls and managing exceptions)
– Monitor compliance with logical access policies, standards and effectiveness of controls
Privileged user management (technical, business):
– Approve only access rights individuals require to perform their functional role (principle of least privilege)
– Establish / improve regular re-certification of entitlements and roles and ensure adequateness of access rights granted on a continuous basis.
– Define risk based approach for access review
Access lifecycle/ workflows:
– Facilitate the definition / modification / decommissioning of roles and access rules, including helping business units define cross-functional roles
– Design and implement SoD rules in close collaboration with the responsible BISO as well as other access managers or stakeholders who may be affected by these rules and review regularly. Assess and remediate SoD violations and ensure that compensating controls are in place and exceptions are handled appropriately
– Act as the single point of contact for the divisions or functions or other stakeholders with regard to any SoD related questions or issues in their area of responsibility
Authentication, session security and credential management:
– Recommend technology solutions (vendor, architecture, etc.)
– Bachelor/Master degree in Information Technology
– Minimum of 3 years’ experience in information security, experience in IAM is a plus, within the financial services
– Fluent in German and English
– Knowledge about relevant regulations such as BaFin, CSSF, MAS, SEC etc.
– Optional: CISSP, CISM or comparable certifications
– Strong, proven problem-solving skills
– Strong facilitation skills and a ability to build strong relationships
– Excellent communication skills