DESCRIPTION

The IAM Sr. Business Analyst is responsible for supporting and collaborating in the decision making with the development and execution of the organizational Identity Access Management (IAM) project as it relates to Health Sciences (HS). Responsible for identifying/ interpreting the needs of HS by gathering comprehensive data of our access systems and creating an efficient and robust business plan. Monitor and ensures that the HS workflows and process objectives are being met. Leads the development of the long-term strategy including organic growth, and advancement of the IAM for HS. Identifies potential alliances and acquisitions that will support strategic growth initiatives between our campus colleagues and HS. Responsible for adherence to organizational policies, procedures and practices.

The IAM Sr. Business Analyst has a high degree of technical knowledge in the overall field and recognized expertise in specific areas. Plans, designs, develops, implements and maintains tools, systems and procedures to insure the integrity, reliability and security of data and systems. May manage programs that include formulating strategies and administering policies, processes, and resources; functions with a high degree of autonomy. Selects methods, techniques and evaluation criteria to obtain results.

MINIMUM QUALIFICATIONS

• Nine (9) years of related experience, education/training in relevant applications as it relates to implementing IAM; OR a Bachelor's degree in related area plus five years of related experience/training in relevant applications as it relates to implementing IAM.

• Professional experience and proven success, monitoring, detecting, protecting and maintaining the security of data, systems and networks.using IT security systems and tools.

• Thorough understanding of the risk assessment requirements and demonstrated skills to conduct, analyze and document risk assessments at the enterprise level as defined in HIPAA and HITECH.

• Advanced knowledge of IT security. Extensive expertise in security policy creation and compliance monitoring, auditing methodology, and conducting technology risk assessments. Advanced experience with web application and network/endpoint vulnerability scanning and remediation, pen testing, sensitive data discovery and data loss prevention systems.

• Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks.

• Understanding of network/host firewalls, application gateways/proxies, anti-malware, patch management, disk encryption, centralized configuration, log management, system hardening practices, etc.

• Proven skills applying security controls to computer software and hardware. Solid understanding of information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-115, PCI DSS, HIPAA, FERPA, etc.).

• Advanced experience in incident response and digital forensics including reporting. Expert knowledge of forensic processes, standards and tools.

• Broad knowledge of other areas of IT. Knowledge of networking technology.

• Advanced knowledge of data encryption technologies and experience selecting and applying appropriate data encryption technologies.

• Expert understanding of cryptography and strengths/weaknesses of various encryption ciphers and hash functions. J. Demonstrated skill at analyzing and preventing security incidents of high complexity.

• Demonstrated knowledge of secure hardware, software and network design techniques.

• Ability to give work direction, create task assignments, and give instructions to subordinate technical staff to accomplish project goals/milestones.

• Ability to effectively prioritize tasks, manage time, organize activities and deliver overall high productivity. Works with a high degree of autonomy.

• Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. Ability to quickly develop knowledge of department processes and procedures.

PREFERRED QUALIFICATIONS

• Advanced knowledge in Active Directory, ADFS, SAML, Azure AD, and other authentication mechanisms
• Experience with Identity and authentication automation systems such as ServiceNow, Quest Active Roles and SailPoint.