Offers “Ernst & Young”

Expires soon Ernst & Young

Identity & Access Compliance Analyst

  • Wrocław, POLAND
  • IT development

Job description



EY Global Delivery Services means 31.000 specialists providing globally IT, HR, finance, project management and strategic business services to EY member firms. In addition we deliver support and solutions to clients from all over the world.

The opportunity:

The Identity & Access Compliance (IAC) Senior Associate, for Information Security Compliance (ISC) Continuous Compliance (CC), provides internal monitoring within the Identity & Access Management space.  The IAC team monitors the remediation progress of non-compliant accounts (user, privileged, application / service) within Critical Business Applications, Systems or Infrastructure, measured against EY Technology (EYT): Information Security’s Policies and Operational Procedures. The team acts as a point of contact for escalations of non-responsive remediation efforts/requests.  The team compiles and distributes Key Performance Indicators (KPIs) and metrics to EYT’s Leadership.  The team performs attestations for user/system accounts within Critical Business Applications/Systems pertaining to compliance or standards.  The role’s remit considers such security control risk related activities as those that may result from separated users, data anomalies as well as general department validation of compliance actions among other related activities.  The role is also responsible for technical tasks at a level 2 of remediation that are assigned to the team in ServiceNow, EYT’s service management tool, or through email requests to the team via the group’s shared team mailbox.  The role is also responsible for facilitating and gathering needed information for policy exception requests for all security objects to the firm’s compliance mandates as determined by such regulators as by the Office of the Chief Information Security Officer (CISO).  The role is an individual contributor and is managed by the IAC Team Lead within the ISC CC team.

Your Key responsibilities:

· 
Provide global compliance and remediation services through the performance of security controls, audits and specific monitoring of internal critical business applications and systems for security compliance or noted risks as determined by EYT’s Information Security and Operational policies as well as by the Office of the Chief Information Security Officer (CISO).

· 
Recognizes and applies the prescribed methodologies to monitor and maintain appropriate security controls that may result from the separation of users, anomalies in data variables, as well as a general validation of EYT department activities that can result in security issues

· 
Utilizes EY’s Global Information Security Policy: Code of Connection to identify adherence to the Firm’s current compliance processes and procedures

· 
Utilizes industry frameworks such as the International Organization for Standardization (ISO 27001)  to examine compliance requests referred to IAC by EYT’s teams such as the Global Service Desk to identify opportunities for operational efficiencies and risk mitigation

· 
Performs root cause analysis and other due diligence activities to gather necessary information, document policy exceptions or request for same from the affected business groups and to provide details for review and approval by the Information Security Team

· 
Provides appropriate response to internal requests identified via EYT staff as well as requests escalated from the Global Service Desk in ServiceNow on such matters as policy exceptions to the firm’s compliance mandates

· 
Performs various departmental security monitoring to ascertain appropriate steps to return to compliance with the firm’s standard for security compliance including but not limited to:

· 
Performs reporting and monitoring activities, such as the identification of separated users to validate that system access privileges were removed on a timely basis in compliance to firm directives

· 
Identifies opportunities to streamline processes and/or procedures to strengthen security control measures

· 
Identifies, analyzes and escalates noted patterns in incidents associated with EY security mandates to recognize trends and identify training opportunities utilizing reports and metrics generated from the ServiceNow application

· 
Assists, as part of a team of skilled technicians, in technical support tasks at a level 2 of remediation and other activities for compliance security improvements in response to specific EY identified mandates or to align the compliance security to industry standards and best practices

· 
Guides more junior members of staff on best practices to perform tasks or activities that require such specific guidance to guide their success

Analytical/Decision Making Responsibilities:

The role requires advanced analytical skills to probe for understanding and addressing as appropriate both common and more complex EYT staff and end-user incidents escalated from the Global Service Desk or received by e-mails to the team.  The role is expected to make sound decisions to address non-compliant risks that may affect portions of or entire business units.  The role needs to drive the priority and time management of their own efforts to support/resolve assigned activities and communicate results and findings to end users and management as necessary.

 

Skills and attributes for success:

Well defined analytical skills to conduct effective root cause / risk analysis so that key risks are properly identified and effective solutions are provided.  Uses analytics and data visualizations to identify potential risks for solution as well as escalation for security issues and breaches that have wider impact.  

• Working knowledge of Information Technology Infrastructure Library (ITIL) to identify industry standards and procedures for Incident, Problem, Change and Knowledge as required by the role’s remit. 

• Working knowledge of ISO 27001 to identify industry standards and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

• Working knowledge of CIS Top 20 Critical Controls and how to apply them within the IAM realm.

Takes an active role in building and advancing knowledge of EYT’s Information Security policies and compliance directives with specific focus on Identity and Access Management within internal critical business applications and systems for security compliance.

• Solid familiarity of EY’s businesses supported within the location to recognize the impact of security technology audit issues to a specific business unit and to engage and participate with confidence on escalating issues that impact a particular desktop, business or location. 

• Strong advanced interpersonal skills to adapt personal communication styles to the style of others, to engage, as a thought leader, with all levels of the organization, staying calm under pressure and to maintain the credibility the business has in IS Compliance technical support.

• Advanced time management skills to prioritize workload and work through issues and incidents with efficiency and guide others in same

• Strong oral and written communication skills in the English language to work effectively with all levels of end users and IT personal

• Advanced knowledge in current and future features of aligned technology to the role’s remit including but not limited to:

 - o EYT’s current platform technologies as used by IAC including Structured Query Language (SQL), SQL/Oracle database knowledge, SQL Server advanced skills, Advanced PowerShell scripting skills, Visual Basic for Applications, Advanced PowerBroker and Splunk skills

 - o Knowledge of data visulazation tools such as SpotFire and Microsoft PowerBI

 - o Knowledge of data sources, Human Resources (HR) , Active Directory and Asset Management

 - o Knowledge of Identity and Access Management (IAM) services as a means to collaborate with this group in Operations and EYT.

 - o IT service management tool, ServiceNow, to record incidents and remediation as well as guide others in features and functions

Supervision Responsibilities:

The role is generally an individual contributor managed day to day by the ISC CC IAC Team Lead

 

Other Requirements:

The role may also require the periodic allocation of additional time on the job during usual working hours to ensure multiple demands and escalating issues are managed in a timely manner to restore services.  Additionally, to maintain services 24/7, the role will be required to be “on call” during off hours for the location on a rotational basis and to perform off hours work outside of the usual working hours to restore services. 

Qualifications, certifications and education requirements:

Education:

Bachelor's degree in computer related field or equivalent work experience.

Experience:

Approximately 3-5 years of experience in computer information security.

 

Certification Requirements:

Should  hold one of the following or equivalent certifications:

•  Certification of Chief Information Security Officer (CCISO)

•  Certified Information Systems Security Professional (CISSP)

•  Global Information Assurance Certification (GIAC) in related area

•  Information Technology Infrastructure Library (ITIL v2 or v3 Foundations training)

 
What working at EY GDS offers:
 

In EY GDS you can count on stable employment and upgrading your career. You will meet people and gain important knowledge and insights that will stay with you throughout your professional life.

 

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

Make your mark.

Apply now.

Make every future a success.
  • Job directory
  • Business directory