IAM Risk Manager

DescriptionYou'll be a subject matter expert in IAM solutions that will balance the need for speed and flexibility of cloud and on-premises infrastructure while ensuring Huntington is protected against ongoing and potential security threats. Seeking an individual who has supported financial services and help assess and help develop their cloud strategy, information security/cybersecurity and IT risk management programs against regulatory requirements and industry best practices. This person will be influential in our transition to our hybrid cloud computing platforms and help build compliant cloud governance programs.Responsibilities• Develop and implement strategies related to IAM to ensure alignment with the organization’s overall security objective and business goals.• Define the IAM framework, policies and standards based on industry best practices and regulatory requirements.• Define, assess, and partner to implement access control policies, procedures, and guidelines to govern the provisioning, de-provisioning, of user (and none-user) access rights.• Ensure compliance with access control standards, such as least privilege, role-based access control (RBAC) and segregation of duties (SOD).• Ensure IAM practices comply with relevant regulatory requirements, industry standards, and internal policies.• Partner and participate in IAM-related audits, assessments, and finding.• Conduct regular reviews and assessments of IAM controls, processes, and technologies to identify areas of improvement.• Ensure appropriate control design are sustainable and not susceptible to test/production failure.• Develop and update best practice documentation to support best in class risk assessment and control evaluation/substantiation activities.• Develops and maintains strong working relationships with business line management through continuous and proactive communications.Basic QualificationsBachelor’s degree in computer science, cyber security, information technology, computer engineering or equivalent.5 years of any of the combined experience listed below:• 2 years’ experience with IAM platforms, NetIQ, Oracle, Evidian, SailPoint, BeyondTrust or other IAM management platforms.• 2 years’ experience with vaulting solution such as CyberArk, Delinea or similar.• 2 years’ experience with SSO, MFA, 2FA, SAML, Privileged Access Management (PAM)• 2 years’ experience with AD, Azure AD, Ping, Okta or other LDAP directories• 2 years’ experience with RBAC, entitlement management, and access views.• 2 years’ experience with IAM/RBAC supporting cloud service providers.• 2 years’ experience with NIST 800-53, NIST 800-63, NIST Cyber FrameworkPreferred Qualifications• Excellent communication skills required to negotiate internally, often at a senior level.• Some external communication may be necessary.• Understanding of FFIEC guidance, COBIT and NIST framework• Willingness to learn, able to learn on the job and a desire to continually learn and develop new technical skills Strong written and oral communication skills.• Organized, responsive, and highly thorough problem solver demonstrable cyber risk knowledge based on working in real-world environments & situations.• Understanding of security requirements, best practices, and execution in various cloud implementation scenarios: IaaS, PaaS, SaaS Mid-level professional with 5-10 years of experience in consulting, financial services, technology/fintech or government regulatory agency with an IT risk-related role.• Master’s degree or relevant professional qualifications with Risk / Security management.• CISSP, CISM, CRISC, CISA, GIAC, CIPP/US or other security/privacy certifications preferred, but not required.Exempt Status: (Yes = not eligible for overtime pay) (No = eligible for overtime pay)YesWorkplace TypeHybridHuntington is an equal opportunity and affirmative action employer and is committed to providing equal employment opportunities for all regardless of race, color, religion, sex, national origin, age, disability, sexual orientation, veteran status, gender identity and expression, genetic information, or any other basis protected by local, state, or federal law.Tobacco-Free Hiring Practice: Visit Huntington's Career Web Site for more details.Agency Statement: Huntington does not accept solicitation from Third Party Recruiters for any position