Sr. Analyst, Privileged Access Management

Invesco Ltd.•Charlottetown, PE

2d•CA$85,000 - CA$90,000•Hybrid

About The Position

As part of Global Security’s Information Security organization, the Identity & Access Management team protects Invesco against a dynamic threat landscape and advances Invesco’s purpose by empowering and enforcing secure access to drive desired business outcomes and digital experience goals. We collaborate and partner with Business Units, Technology and Security to address IAM risks, provide IAM platform / solution services, standardize IAM processes and support evolving business needs in the areas of Governance, Operations, Technical Enablement and Transformation. Invesco’s Privileged Access Management (PAM) program aims to prioritize the protection of the most critical assets and applications by establishing efficient, scalable processes and tools while maximizing security for its privileged accounts. We’re seeking a Senior Analyst to join a fast-paced team working with Business and Technology clients across the globe in relation to their Identity and Access Management (IAM) needs, specifically Privileged Access Management. You will serve as an Identity and Access Management (IAM) team member within the IAM Governance team responsible for supporting activities within the IAM program to increase security posture by ensuring information security standards and controls specific to IAM have been implemented appropriately across Invesco, specifically supporting our Privileged Access Management Program. You will contribute to driving the standards and controls to manage privileged access risks, assist with solution requirements to design and operationalize PAM controls, and measure and report on risks related to privileged access. You will guide and monitor for quality, efficiency, and effectiveness of the IAM program in meeting security objectives and reducing risk across the organization. You will also work closely with our partners in Risk and Controls, SOX and Internal Audit to help our business partners remediate access management related risks to our organization.

Requirements

5+ years Information Technology and/or Information Security experience
Current and in-depth knowledge and understanding of IAM and PAM security concepts
Experience with IAM capabilities including access provisioning and deprovisioning, identity lifecycle management, role-based/attribute-based access control, authoritative sources, access certification
Experience with PAM capabilities including discovery and analysis, inventory and classification, vaulting, credential management, session monitoring,
Experience with federation/cloud access, authentication, including MFA and single sign-on.
Experience with SailPoint IdentityIQ, Identity Security Cloud, Machine Identity Security or related IAM platform solutions; experience with CyberArk;
Experience with Windows, Unix, Active Directory, Azure/Entra, AWS, SQL, Oracle environments
System administration and access administration, including Active Directory, experience highly desired
Experience with applying technology and/or access-related general controls and an understanding of various regulatory requirements (Sarbanes-Oxley, GDPR, etc.)
Understanding of security frameworks and standards (NIST, ISO 27001, etc.)
Experience in project management as a team member, workstream lead, as well as use of PM methodologies and tools (Waterfall, Agile, Jira, Confluence)
Strong communication skills; proven ability to effectively sell ideas and build consensus.
Possesses diplomacy and cooperative style necessary to interface effectively with all personalities and across functional disciplines
Effective presentation skills for technical and non-technical groups at all levels within the organization.
Experience creating visual content via slides, graphs, dashboards articulating messages and key points using various tools (PowerPoint, PowerBI, spread sheets)
Strong analytical skills with ability to define, collect, analyze data, establish facts, draw valid conclusions, and make fact-based decisions.
You can bring clarity to chaos and you’re comfortable working with ambiguity (e.g. imperfect data, loosely defined concepts, ideas, or goals) and translating these into more tangible outputs
Enjoy challenging and thought-provoking work and have a strong desire to learn and progress
Ability to manage multiple tasks and requests and react positively under pressure to meet tight deadlines.
Structured, disciplined approach to work, with attention to detail.
Flexible – able to meet changing requirements and priorities
Motivated self-starter, strong problem-solving skills, with positive attitude, team focused, with ability to work independently and remotely with limited supervision

Nice To Haves

A Bachelor’s Degree in Business, Management Information Systems or Computer Science is preferred or commensurate relevant work experience is preferred.
Relevant industry certifications obtained or current within past 3 years preferred (CRISC, GSLC, CISM, CISSP, CISA)

Responsibilities

Serve as a senior representative and advisor to the IAM Governance Team Manager; assist in mentoring other team members; represent Manager when needed; assist Manager with team strategic direction.
Own and manage assigned IAM workstreams end-to-end; coordinating and implementing work efforts; providing updates on progress to PAM working groups and/or IAM Steering Committee.
Lead or drive requirements and design discussions providing input in the design of Privileged identity and access policies, standards, controls, roles and processes globally while ensuring consistency regardless of technologies in use.
Maintaining PAM processes and procedures documentation in repository. Coordinating refresh and development of processes and procedures documentation, knowledge articles as new capabilities are introduced. Providing advisement on process and procedures to align with best practices and perform peer reviews. Standardizing procedures and provide oversight of onboarding of privileged accounts to our vaulting, identity governance and inventory solutions in order to enhance owner experience associated with onboarding and password management.
Enforcing IAM and PAM policies, procedures, and configuration standards through monitoring for compliance; Engaging with teams and facilitating remediation upon ad-hoc notification of issues or non-compliance with policies and standards. Support documentation of exceptions and deferred PAM remediation with justifications and mitigating controls for applications that cannot be integrated with Invesco PAM Systems
Lead and produce IAM and PAM metrics, reporting, and insights
Liaising with internal and external audit teams for all IAM related controls, operational effectiveness and evidence during testing. Assisting with management responses and remediation activities; assisting Technology and auditors in periodic assessments of the IAM solution and its components; Lead or drive requirements and design discussions, develop and update training and security awareness content for adoption of Invesco PAM Systems for onboarded privileged accounts and to raise awareness of PAM
Act as primary IAM point of contact for audit and compliance, responding to inquiries related to IAM policies, platforms, tools and appropriate use, including for Privileged Access Management.
Partnering with IAM Onboarding, IAM Solutions and IAM Operations teams to design and deliver PAM solutions and related processes for the enterprise in a highly complex environment with a blend of legacy and innovation platforms.