Identity Access Manager

Manager: CISODepartment: Cyber SecurityDivision: Enterprise Information Technology ServicesLocation: London, HybridMain Purpose:Identity is a core security component in any modern IT estate, ensuring the right people, machines, and software components have access to the correct resources at the appropriate time, while preventing unauthorised access and maintaining a secure environment.The Identity and Access Manager role heads up this crucial security function within the Cyber Security Team and will• Lead strategic development and operational management of identity services.• Develop and manage identity and access related tooling and processes to ensure mature, efficient, and secure working practices.• Be an advocate for best practices in Identity and Access Management.• Ensure compliance and risk management standards are met.Main Responsibilities:• Lead the Identity and Access function within the Cyber Security team, including: o Access Management o Identity Governance and Administration o Role Based Access Control o Privileged Access Management o Identity Threat Detection and Response o Access Certification o Identity Data Management & Analytics• Ensure that only authorised identities have access to the relevant data and systems. Working with department Heads, team leads, and system owners to establish the appropriate levels of access.• Develop and maintain the IAM roadmap to deliver key initiatives whilst working with Enterprise Architects to ensure identity security principles are built into everything we do by design.• Work with and manage external suppliers to mature identity security, testing on a regular basis that processes are operating effectively.• Work with the Cyber Security and wider Enterprise Information Technology Services (EITS) operations teams to ensure the smooth running of identity security operations and investigations into identity security events.• Provide regular MI and reporting on the current state of identity related risks and controls, whilst managing a programme of work to continually reduce identity and access risks.• Keep abreast of emerging and developing security threats, tactics and techniques. Helping the senior leadership team understand potential security problems including those that might arise from acquisitions or other business initiatives.• Oversee management and development of identity security tooling.• Assist the CISO, as required, in the wider management Cyber Security.Skills and Experience:• Proven experience in a similar role within a mid/large sized organisation, preferably in the Financial Services or Insurance sectors.• Strong technical skills and experience with IAM technologies such as, Sailpoint, CyberArk, & Entra ID.• In-depth knowledge of identity and access management concepts, such as RBAC, Conditional Access and Zero Trust.• Experience of streamlining processes, including the introducing of automation.• Cyber security subject matter expert. with relevant certifications such as CISSP, CISM, CSSP, or equivalent.• Extensive experience of consulting on projects, building in security requirements and ensuring services go-live with minimal security risk.• Good understanding of new and emerging cyber threats and technologies.• Knowledge of relevant legislation and relations within the UK Insurance and Financial Services market.• Strong analytical and problem-solving skills with a strategic mindset and attention to detail.• Excellent written and verbal communication skills, with the ability to articulate complex concepts to non-technical stakeholders.Personal Qualities:• A strong collaborator:excellent relationship building and communication skills with the ability to engage people from diverse cultures and different levels.• Able to adapt and respond to the changing cyber landscape, and corporate objectives.• Able to work on own initiative while also working with project teams to tight timescales.You may have experience in the following: IAM Manager, Identity Security Manager, Access Management Lead, Cyber Security Manager, Information Security Manager, Identity Governance Manager, Privileged Access Manager, Security Architecture Manager, etc.REF-