Risk RACF Specialist

Role : Risk RACF Specialist

Location: Columbus, OH

Duration: 6+ Months

MOI : Telephonic & MS Teams

Primary Skills: RACF

We are seeking candidates with a Minimum of 9 Years of Experience. This is an Onsite/Hybrid Model.

"Please note that all candidates must be able to work on Sunray's W2 only .

Job Description:

• We are seeking a highly skilled Risk RACF Specialist to lead the security and risk management efforts within our mainframe environment.
• The successful candidate will be responsible for comprehensive awareness centered around the configuration, maintenance, and monitoring of RACF (Resource Access Control Facility) to ensure the secure management of user access, system resources, and data protection.
• A core focus of this role is identifying and mitigating security risks, ensuring regulatory compliance, and proactively addressing potential vulnerabilities.
• The ideal candidate will possess in-depth technical knowledge of RACF and a solid understanding of risk management and information security practices within a z/OS mainframe environment.

Key Responsibilities:

RACF Security Management & Risk Mitigation:

• Design, implement, and manage RACF security policies, including user profiles, group definitions, and resource access permissions, to minimize security risks.
• Proactively identify vulnerabilities and security risks associated with RACF configurations and user access.
• Conduct periodic audits of RACF settings to ensure compliance with internal security policies and industry regulations (e.g., GDPR, HIPAA).
• Implement and monitor security controls to protect sensitive data and critical system resources.
• Work closely with the cybersecurity team to align RACF policies with broader organizational security and risk management strategies.

Risk Assessment & Incident Response:

• Perform risk assessments on RACF access controls and configurations to identify potential threats or weaknesses in the system.
• Respond to security incidents involving RACF, investigating root causes, and implementing corrective actions to prevent recurrence.
• Collaborate with the Incident Response Team to ensure the timely resolution of security breaches, unauthorized access, and other security incidents related to RACF.
• Maintain documentation of security incidents, risk mitigation strategies, and post-incident reviews.

Compliance & Audit Support:

• Ensure that RACF settings and policies comply with industry regulations, corporate security standards, and audit requirements.
• Work with internal and external auditors to provide evidence of RACF security controls, processes, and audit trails.
• Develop and maintain detailed documentation of RACF security policies, access controls, and incident response protocols.
• Provide support during security audits by preparing reports on RACF compliance, user access reviews, and risk assessments.

Access Control Monitoring & Reporting:

• Monitor and analyze RACF logs for suspicious activity, unauthorized access attempts, or policy violations.
• Generate regular reports on RACF security status, including access control violations, policy exceptions, and risk analysis.
• Present findings and recommendations for risk mitigation to senior management, security teams, and other stakeholders.

Continuous Improvement & Training:

• Stay current with developments in mainframe security and RACF best practices and apply new techniques to improve risk management processes.
• Develop and conduct training programs for technical staff on RACF security policies, access controls, and risk management strategies.
• Lead efforts to automate risk management processes in RACF, including user access reviews and security policy enforcement.

Experience:

• 5+ years of experience working with RACF in a z/OS mainframe environment.
• Strong experience in risk management and security within a mainframe environment, particularly related to RACF access controls and policies.
• Demonstrated expertise in conducting security audits, risk assessments, and implementing corrective actions.
• Experience working in regulated industries (e.g., finance, healthcare) with a focus on compliance.

Technical Skills:

• Deep understanding of RACF architecture, security policies, and risk management techniques.
• Expertise in analyzing and managing security vulnerabilities, risks, and incidents related to mainframe access controls.
• Proficiency with RACF administration tools and utilities for managing users, groups, and resources.
• Knowledge of the IBM z/OS environment and related mainframe security tools.
• Strong skills in log analysis, security monitoring, and reporting.

Preferred Certifications:

• IBM Certified Specialist in RACF or z/OS Security.
• CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or equivalent certifications in information security.
• Experience with IT governance frameworks such as ISO 27001, NIST, or COBIT is a plus.