Wolters Kluwer Associate Director, IT Security - Identity & Access Management in Des Moines, Iowa
Wolters Kluwer Global Business Services (GBS) is designed to provide services to the business units in the areas of technology, sourcing, procurement, legal, finance, and human resources. These global centers promote team collaboration using best practices around a specific focus area to drive results and enhance operational efficiencies. There is a constant endeavor to benchmark against best-in-class industry standards to improve the quality of deliverables, increase cost savings, enhance productivity and reduce time to market for products and applications.
We have an amazing opportunity for an Associate Director of Identity & Access Management, available within our Global Business Services division! This position has been created due to growth! The Associate Director will be responsible for managing a team and working closely with project teams as well as internal / external groups to protect and enhance the confidentiality, integrity, and availability of Wolters Kluwer assets.
As the Associate Director of Identity & Access Management (IAM), you will lead a team of information security professionals and be accountable for implementing programs to secure access to personal and confidential information at WK. In this role, you will be required to demonstrate proficiency in identity and access concepts as they pertain to every area of security management. Your role will also include interfacing with other business leaders and subject matter experts throughout the organization, leading the IAM operations team, responding to 3rd party audits, internal audits, and interfacing with internal business unit IT representatives on global information security initiatives and compliance tasks and projects.
Primarily responsible for end-to-end lifecycle management of identity and access solutions provided as a service to the WK enterprise, to include provisioning, maintenance throughout the lifecycle, and deprovisioning
Responsible for implementing Policy-Based Access Control to ensure IAM implementation supports proper separation of duties
Accountable for supporting compliance processes (audit support and access certification)
Ensures processes exist for timely emergency termination of access across all WK systems where access is maintained by the IAM team
Provides leadership in the area of Active Directory (AD) and other Directory services design and implementation and integration with the IAM function
Responsible for implementing multifactor authentication services for use in the WK enterprise
Responsible for implementing single sign-on (SSO) in support of enhanced user experience and centralized oversight
Provides access management for cloud environment through implementation of Cloud Access Security Broker (CASB)
In cooperation with the security operations team, develops and fields a capability for user behavioral analysis (UBA) to enhance visibility into insider threat
Manages vendor relationships necessary to delivering the IAM service
Serves as the organizational spokesman in all matters relating to Identity and Access Management and Privileged Access, providing subject matter expertise where needed
Advises on technology solutions implementation, global security controls selection and monitoring/reporting of performance of same
Provides direction based on general policies and management guidance and recommends modifications to operating policies
Is accountable for the performance and results of IAM delivery and sets priorities for the team to ensure task completion and coordinates work activities with other leaders
Reviews completed work for accuracy and adequacy in meeting Wolters Kluwer strategic security objectives
Contributes to the tracking and reporting on divisional and business units' metrics, results, data modelling, processing, calculating and transformation into meaningful metrics, key performance indicators (KPIs) and reports
Establishes operating policies and procedural plans, including business priorities, methodologies and standards for the IAM function in alignment with the overall Global Information Security Function.
Ensures work is compliant with WK enterprise policies and procedures, as well as local and regional requirements
Responds to audit and regulatory inquiries and external vendor activities to help represent the company from an information security, disaster recovery and technology risk perspective
Recommends and implements changes in security policies and practices in the IAM space in accordance with changes in applicable regulatory requirements.
Communicates corporate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new IAM systems, equipment, software, and other technologies.
Collaborates with other management resources to establish and maintain a system for ensuring that security policies related to identity and access are communicated and met.
Provide leadership and guidance to managers, supervisors and/or senior professionals based on organizational goals and company policy.
Develops functional and departmental plans in support of WK Global Information Security strategy for the deployment of information security governance and compliance projects and initiatives
Promotes security relationships between internal resources and external entities, including government, vendors, and partner organizations, within the boundaries of applicable WK policy and regulatory requirements
Ensures IAM program delivery meets and exceeds all regulatory and statutory requirements for individual regions as well as from a global perspective
Supports the investigation of reported security breaches and, in coordination with WK global security operations, develop procedures to respond to security incidents and assist with investigations
Contributes to the analysis and delivery of findings to internal customers with impactful, comparative, interpretative security analysis in a clear, consistent, and factual manner.
An ability to effectively influence others to modify their opinions, plans, or behaviors
An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
Ability to set and manage priorities judiciously.
Excellent written and oral communication skills.
Exceptionally self-motivated with a superior analytical, evaluative, and problem-solving abilities.
Ability to motivate in a team-oriented, collaborative environment.
Bachelor's Degree in Computer Science/MIS or equivalent
Minimum 10 years of total experience in Information Technology
Minimum of 5 years of professional experience managing an information security function, including analyzing and applying information security risk management, and privacy practices
Minimum 4 years in professional services with focus on identity and access management (IAM)
Minimum 3 years of experience working with national and international regulatory compliance frameworks such as ISO 27001, SOX, BASEL II, GDPR, HIPAA, and PCI DSS
Minimum 3 years' experience in planning, budgeting, and allocation
Minimum 4 years of relevant work experience, including consulting and general industry experience
People management in projects, and direct reports in a matrixed environment
An ability to motivate and manage information security staff supporting the organization's goals
An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
An ability to develop consensus in support of organizational goals, both within and outside of the security organization
A well-developed understanding of and appreciation for business needs and a commitment to delivering high-quality, prompt, and efficient service to the business
Flexible working hours to support a global operation
Understanding of security in cloud environments and a demonstrated understanding of the technical aspects of information security, such as network security, infrastructure security, and application security
Understanding information security & compliance requirements, standards, and regulations
Excellent understanding of project management principles.
Strong understanding of security requirements in the application development life cycle
Experience in change management, awareness and training for end users, as well as acting as an internal consultant to IT leaders, architects and operations staff for planning and implementing IT initiatives
Strong technical skills in security assessments of external service providers, providing security guidance, and participating in mock security breach exercises
Strong project management in a very fast paced, complex, and demanding environment
Experience with GDPR and GDPR compliance implementations
Knowledge of computer networks, hardware, operating systems, and software including understanding of application and patch development
Experience and/or SME knowledge of the ISO 27001, NIST 800-53, NIST CSF and PCI DSS.
Preferred certifications: CISSP, CIGE, CIST, CIAM, CIMP
- Occasional Domestic or International Travel, up to 25%
The above statements are intended to describe the general nature and level of work being performed by most people assigned to this job. They re not intended to be an exhaustive list of all duties and responsibilities and requirements
EQUAL EMPLOYMENT OPPORTUNITY
Wolters Kluwer U. S. Corporation and all of its subsidiaries, divisions and customer/business units is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
- Wolters Kluwer Jobs