Associate Director, IT Security

company banner
Wolters Kluwer
Director, Access, Management, IT, Security, Computer, ISO, CISSP
Full Time
Travel not required

Job Description

As the Associate Director of Identity & Access Management (IAM), you will lead a team of information security professionals and be accountable for implementing programs to secure access to personal and confidential information at WK. In this role, you will be required to demonstrate proficiency in identity and access concepts as they pertain to every area of security management. Your role will also include interfacing with other business leaders and subject matter experts throughout the organization, leading the IAM operations team, responding to 3rd party audits, internal audits, and interfacing with internal business unit IT representatives on global information security initiatives and compliance tasks and projects.

Responsibilities:
  • Primarily responsible for end-to-end lifecycle management of identity and access solutions provided as a service to the WK enterprise, to include provisioning, maintenance throughout the lifecycle, and deprovisioning
  • Responsible for implementing Policy-Based Access Control to ensure IAM implementation supports proper separation of duties
  • Accountable for supporting compliance processes (audit support and access certification)
  • Ensures processes exist for timely emergency termination of access across all WK systems where access is maintained by the IAM team
  • Provides leadership in the area of Active Directory (AD) and other Directory services design and implementation and integration with the IAM function
  • Responsible for implementing multifactor authentication services for use in the WK enterprise
  • Responsible for implementing single sign-on (SSO) in support of enhanced user experience and centralized oversight
  • Provides access management for cloud environment through implementation of Cloud Access Security Broker (CASB)
  • In cooperation with the security operations team, develops and fields a capability for user behavioral analysis (UBA) to enhance visibility into insider threat
  • Manages vendor relationships necessary to delivering the IAM service
  • Serves as the organizational spokesman in all matters relating to Identity and Access Management and Privileged Access, providing subject matter expertise where needed
  • Advises on technology solutions implementation, global security controls selection and monitoring/reporting of performance of same
  • Provides direction based on general policies and management guidance and recommends modifications to operating policies
  • Is accountable for the performance and results of IAM delivery and sets priorities for the team to ensure task completion and coordinates work activities with other leaders
  • Reviews completed work for accuracy and adequacy in meeting Wolters Kluwer strategic security objectives
  • Contributes to the tracking and reporting on divisional and business units' metrics, results, data modelling, processing, calculating and transformation into meaningful metrics, key performance indicators (KPIs) and reports
  • Establishes operating policies and procedural plans, including business priorities, methodologies and standards for the IAM function in alignment with the overall Global Information Security Function.
  • Ensures work is compliant with WK enterprise policies and procedures, as well as local and regional requirements
  • Responds to audit and regulatory inquiries and external vendor activities to help represent the company from an information security, disaster recovery and technology risk perspective
  • Recommends and implements changes in security policies and practices in the IAM space in accordance with changes in applicable regulatory requirements.
  • Communicates corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new IAM systems, equipment, software, and other technologies.
  • Collaborates with other management resources to establish and maintain a system for ensuring that security policies related to identity and access are communicated and met.
  • Provide leadership and guidance to managers, supervisors and/or senior professionals based on organizational goals and company policy.
  • Develops functional and departmental plans in support of WK Global Information Security strategy for the deployment of information security governance and compliance projects and initiatives
  • Promotes security relationships between internal resources and external entities, including government, vendors, and partner organizations, within the boundaries of applicable WK policy and regulatory requirements
  • Ensures IAM program delivery meets and exceeds all regulatory and statutory requirements for individual regions as well as from a global perspective
  • Supports the investigation of reported security breaches and, in coordination with WK global security operations, develop procedures to respond to security incidents and assist with investigations
  • Contributes to the analysis and delivery of findings to internal customers with impactful, comparative, interpretative security analysis in a clear, consistent, and factual manner.

Skills:
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • Ability to set and manage priorities judiciously.
  • Excellent written and oral communication skills.
  • Exceptionally self-motivated with a superior analytical, evaluative, and problem-solving abilities.
  • Ability to motivate in a team-oriented, collaborative environment.

Job Qualifications:
  • Bachelor's Degree in Computer Science/MIS or equivalent
  • 10+ years of total experience in Information Technology
  • 5+ years of professional experience managing an information security function, including analyzing and applying information security risk management, and privacy practices
  • 5+ years in professional services with focus on identity and access management (IAM)
  • 4+ years of experience working with national and international regulatory compliance frameworks such as ISO 27001, SOX, BASEL II, GDPR, HIPAA, and PCI DSS
  • 5+ years' experience in planning, budgeting, and allocation
  • 5+ years of relevant work experience, including consulting and general industry experience
  • People management in projects, and direct reports in a matrixed environment
  • An ability to motivate and manage information security staff supporting the organization's goals
  • An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
  • An ability to develop consensus in support of organizational goals, both within and outside of the security organization
  • A well-developed understanding of and appreciation for business needs and a commitment to delivering high-quality, prompt, and efficient service to the business
  • Flexible working hours to support a global operation
  • Understanding of security in cloud environments and a demonstrated understanding of the technical aspects of information security, such as network security, infrastructure security, and application security
  • Understanding information security & compliance requirements, standards, and regulations
  • Excellent understanding of project management principles.
  • Strong understanding of security requirements in the application development life cycle
  • Experience in change management, awareness and training for end users, as well as acting as an internal consultant to IT leaders, architects and operations staff for planning and implementing IT initiatives
  • Strong technical skills in security assessments of external service providers, providing security guidance, and participating in mock security breach exercises
  • Strong project management in a very fast paced, complex, and demanding environment
  • Experience with GDPR and GDPR compliance implementations
  • Knowledge of computer networks, hardware, operating systems, and software including understanding of application and patch development
  • Experience and/or SME knowledge of the ISO 27001, NIST 800-53, NIST CSF and PCI DSS.
  • Preferred certifications: CISSP, CIGE, CIST, CIAM, CIMP
All Locations: USA-NY-New York-Liberty St


Company Information

We are a leading global information services company. Every day, in more than 180 countries around the world, we help our customers make critical decisions with confidence. These decisions help save lives, improve the way we do business, and shape a more transparent, just and safe society. The expert solutions we design combine deep domain knowledge and customer workflow insight–coupled with intelligent technologies. Driven by our values, we provide our talented and diverse workforce of agile, innovative professionals, with the right environment and opportunities to thrive. If you'd like to join us on our journey to shape a better future for us all, we'd love to hear from you.
Dice Id : 91008636
Position Id : R0007424
Originally Posted : 3 months ago