Identity & Access Analyst Lead

SWBC•San Antonio, TX

About The Position

SWBC is seeking a talented individual to serve as an information security team leader to analyze and execute an enterprise-wide identity and access management (IAM) controls to provide secure authentication, authorization, and accounting controls for information systems, applications, and data; oversees IAM analysts, programs, and processes supporting information security duties; monitor and update access controls according to standards, best practices, SWBC policy, and business needs; review and approve access requests based on employee identities and need to access to applications, local and remote network resources, computer systems, mobile devices, and information collections; and applies access control policy and technologies to protect assets. Essential duties include the following: Executes programs and processes and oversees co-workers to quickly provide, modify, or revoke access to SWBC-owned or controlled information systems and data across a heterogeneous technology environment; oversees IAM Analysts' workload and reviews work product. Communicates with business managers and internal and external stakeholders within an enterprise-wide user access provisioning process to create, manage, and remove users and groups, and use permissions to allow and deny local and remote access to SWBC-owned or controlled resources; and reviews, interprets, and applies information security policies. Consults with business managers and system and network administrators to determine, create, and manage role-based access control groups to ensure only the minimum number of employees or authorized third parties have access to information systems, applications, and data as required by SWBC policy; and reviews requests from IAM Analysts. Recommends the allocation of access accounts to employees and authorized third parties on a need-to-use and event-by-event basis; and monitors account access to ensure necessary for an employee/authorized third party to complete duties; and reviews requests from IAM Analysts. Supports access control audits and periodic access reviews of directory services, access control lists, employee, contractor, vendor, service accounts, and other access control management systems to enforce least privilege, separation of duties, and compliance requirements; and consolidates responses from manager-level reviews. Recommends new or changes to existing policies to limit access to and govern the use of information, information systems, and facilities. Monitors access controls to protect source code, applications, and other intellectual property from loss, unauthorized use, release, and modification. Supports Disaster Recovery, Business Continuity, and Incident Response plans and processes; and supports efforts to achieve and maintain a single set of credentials (single sign-on) for each user, device, or application to use throughout the enterprise.

Requirements

Bachelor’s Degree in Information Systems, Computer Science, Cybersecurity, or related field or equivalent
At least three to four (3-4) years in identity and access management, systems administration, or information technology support
Strong working knowledge of Microsoft Active Directory, AS-400, and UNIX
Strong knowledge in foundational information security concepts
Proficient computer and accurate keyboard skills in utilizing computer applications such as MS Word and Excel
Excellent and effective communication skills, both verbal and written
Working knowledge of general office equipment such as phone system, copier, scanner, and the like
Service Desk skills preferred
Security+ CE or SSCP certification or obtain Security+ CE or SSCP certification within six (6) months of date of hire
Able to sit for long periods of time performing sedentary activities
Able to lift up to 20 lbs. of files, supplies, documents, or other related items
Able to travel locally, state-wide, and/or nationally

Responsibilities

Executes programs and processes and oversees co-workers to quickly provide, modify, or revoke access to SWBC-owned or controlled information systems and data across a heterogeneous technology environment
Oversees IAM Analysts' workload and reviews work product
Communicates with business managers and internal and external stakeholders within an enterprise-wide user access provisioning process to create, manage, and remove users and groups, and use permissions to allow and deny local and remote access to SWBC-owned or controlled resources
Reviews, interprets, and applies information security policies
Consults with business managers and system and network administrators to determine, create, and manage role-based access control groups to ensure only the minimum number of employees or authorized third parties have access to information systems, applications, and data as required by SWBC policy
Reviews requests from IAM Analysts
Recommends the allocation of access accounts to employees and authorized third parties on a need-to-use and event-by-event basis
Monitors account access to ensure necessary for an employee/authorized third party to complete duties
Reviews requests from IAM Analysts
Supports access control audits and periodic access reviews of directory services, access control lists, employee, contractor, vendor, service accounts, and other access control management systems to enforce least privilege, separation of duties, and compliance requirements
Consolidates responses from manager-level reviews
Recommends new or changes to existing policies to limit access to and govern the use of information, information systems, and facilities
Monitors access controls to protect source code, applications, and other intellectual property from loss, unauthorized use, release, and modification
Supports Disaster Recovery, Business Continuity, and Incident Response plans and processes
Supports efforts to achieve and maintain a single set of credentials (single sign-on) for each user, device, or application to use throughout the enterprise