Senior Cyber Security Engineer – IAM

The Senior Cyber Security Engineer is responsible for ensuring that the Firm designs and implements appropriate identity and access management controls. The Senior Engineer operates a focused, thematic risk and control program that sets expectations for all identity and access management topics, including physical and logical authentication for employees and clients, access control, entitlements and re- certifications, privileged user access, and identity proofing. This is a highly technical role with requires hands-on, collaborative work with stakeholders and IT implementers.

Duties and Responsibilities

• Defines, documents, and manages the Access Management security oversight programs, including charters, roadmaps, plans, and milestones for risk assessments and control implementations.
• Works with process and asset owners to ensure program goals are being achieved. This role will work with the Physical Security Operations, Risk Operations, Information Technology Services, Information Resource Services, Human Resources, and the Practice Services and Support teams.
• Regularly reports on program progress to the CISO and other senior stakeholders as appropriate, using defined Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to highlight control adoption gaps, identify areas of strong or weak performance, or quantify risks, respectively.
• Develop review processes for on-boarding new users to downstream application platforms.
• Evaluate and manage identities across complex applications.
• Perform other duties as assigned.

Qualifications

• Bachelor's degree in Computer Science or Engineering preferred; advanced degree and CISSP certification preferred.
• Requires 15+ years' experience in cybersecurity, with 5+ years’ experience executing security advisory or oversight programs.
• Expert working knowledge in password managers, privileged user credential management systems, entitlement review systems, authentication technologies such as biometrics or hardware tokens, single sign-on (SSO) technologies such as SAML and OIDC, access brokers, physical access and/or identity proofing systems.
• Advise business and technology teams in matters of Identity Management including authentication, authorization, token management, API validation, and more.
• Exceptional interpersonal skills; success in the role requires the ability to influence and persuade.
• Effective written and oral communications skills.
• Position requires access to equipment, software, or technology that is subject to U.S. export controls. To be granted access pursuant to US Export Control laws, candidate must be either (a) a United States citizen or national; (b) a person lawfully admitted for permanent residence of the United States (i.e., “Green Card” holder); or (c) an INSapproved refugee or asylum holder who has applied for naturalization within six months of the date the individual first became eligible; and if not yet naturalized, is still actively pursuing naturalization if 2 years have passed since the date of application to be granted access pursuant to US Export Control laws. Candidates will be required to submit appropriate documentation to determine whether access can be granted before proceeding further through the application process.