Manager, Identity & Access Management

Posted:
11/10/2024, 5:42:46 PM

Location(s):
Lower Providence Township, Pennsylvania, United States ⋅ Pennsylvania, United States

Experience Level(s):
Senior

Field(s):
Customer Success & Support

Flexible Work Arrangement: Hybrid

Lead the strategic and tactical activities of the Identity and Access Management function reporting to the Sr. Director, Client Services. The role has ownership of the access management compliance program that includes all NERC CIP and SOC1 access related requirements and control objectives.
Ownership includes (1) the primary responsibility to define, maintain, operate and improve the program, including its documentation, processes, and supporting technology; (2) staff the program appropriately with qualified employees, contractors and matrixed support from ITS and other divisions as needed; and (3) ensure the program is meeting the requirements set by governing organizations as well as PJM by: analyzing processes, documentation, metrics, and workflows through interviews with staff performing security and human resource related duties, developing gap analyses and identifying and prioritizing process improvements based on current risk. The identity and access management program scope includes PJM on-premise and cloud systems for all PJM personnel.
As required by advances in technology, internal business needs, and changing control requirements, make upgrades and improvements to processes and systems to achieve objectives using the department's operating budget and PJM's capital portfolio process.
Establish appropriate service-level targets for systems and staff to meet compliance and customer service objectives. Provide reporting of program operations through routine reports or presentations and achieve other deliverables as needed. Works with other divisions and departments to ensure access and identity management activities are performed to ensure compliance and meet customer service objectives.


Essential Functions:

  • Oversee the administration, analysis, and execution of a compliance strategy including development of specific activities related to all aspects of compliance; including but not limited to: access management team, personal risk assessment (PRA), onboarding and off-boarding of personnel, and other in-scope NERC CIP and SOC1 related activities, requirements and control objectives.

  • Define, maintain, implement a formal program to enhance and centralize the Identity and Access Management (IAM) function, and improve department programs, including its documentation, processes, and supporting technology (specifically includes PJM’s Access Management program and Identity Manager technology and all systems that are used for access and account management work)

  • Ensure PJM meets its corporate and governmental compliance requirements in the areas of cyber and physical access, personnel risk assessment (PRA), mandatory training and policy creation and enhancement.

  • Provide security technical expertise and project leadership for the Identity and Access Management department.

  • Review projects, new applications, and existing user access for appropriate security controls

  • Analyze, define, and prioritize the business functional specifications for IAM initiatives. Help to develop project scope, charter, constraints and assumptions for IAM projects

  • Staff department programs appropriately with qualified employees, contractors and matrixed support from ITS and other divisions as needed. Provide leadership and management to department staff in the execution of departmental responsibilities, providing appropriate opportunities for development, ensuring staff are trained in necessary skills and competencies, and staff performance is managed to accomplish departmental goals

  • Understand and remain current on all IAM functions including but not limited to user entitlement reviews, centrally managed user security and entitlement reviews and certifications, personnel onboarding and separation procedures, personnel transfers, access request requirements and responsibilities for each functional area within the IAM department.

  • Oversee the creation of documents and retrieval of data and related evidence for NERC, FERC and I-9 audits and data requests.

  • Oversee all employee system access requests to include the following procedures: employee access authorization initiations and changes, personnel changes in responsibilities and reduced access, employee terminations and temporary disablements and employee access re-establishments and re-enablements.

  • Oversee the creation and delivery of training across the organization for policies, procedures, processes, and system operations related to the access management program

  • Oversee the Privileged Account role management, access authorization and retirement procedure.

  • Oversee all access reconciliations and re-certifications. Ensure all access reconciliations and re-certifications are aligned with governmental compliance regulation timeframes.

  • Manage the quality of automated access security services delivered under the Access Management Program by monitoring metrics and KPI’s to ensure compliance and customer satisfaction objectives.

  • Foster a high-performance culture and team by developing team member skills by working directly with them on individual development plans (IDPs)

  • Ensure compliance with SOC1/SSAE-16 control activities related to access and account management.

  • Periodically and regularly review evidence of compliance with PJM’s control activities.

  • Ensure that all findings of undocumented and unauthorized accounts are remediated on a timely basis. Drive responsible parties to make process and procedural changes for repeat undocumented account findings.

  • Ensure that documented standards and procedures for the Access Management Team are accurate and updated in a timely manner.

  • Ensure PJM’s compliance with mandatory corporate and regulatory training such as Code of Conduct and Standard of Business Ethics, NERC/FERC training and annual harassment prevention training for employees and management.

  • Lead related IAM audit activities to ensure compliance with control activities and objectives for NERC CIP, SOC1 and support the PJM Internal Audit teams annual audit plan

  • Assist the Director in the establishment and implementation of long-range programs in the areas of compliance and mandatory training.

  • Manage the department's operating budget.

  • Formulate and maintain, in collaboration with Director and senior management, compliance policies and processes which support company and regulatory requirements.

  • Educate and inform managers and supervisors of compliance policies and processes which support company and regulatory requirements.

  • Possess and maintain a general understanding of the following technologies and their IAM security features: Microsoft SQL, Linux, Oracle, Active Directory, SailPoint, CyberArk, Multi-factor Authentication (RSA).

  • Stay current on developments within the Identity and Access Management space and implement ways to innovate, automate, improve user experience, and deliver services more efficiently

  • Periodically provide reports to the executive team (ET) and other senior leadership on IAM program metrics and project status.


Characteristics & Qualifications:

Required:

  • BS degree in Computer Science, Information Technology or at least 5 years of experience Information Technology systems administration & operations, IT/cyber security systems operations and administration, identity and access management technology systems administration and operations, Identity and Access Governance processes and tools, IT or Cyber Security system governance.

  • At least 5 years of experience Information Technology systems administration & operations, IT/cyber security systems operations and administration, Identity and access management technology systems administration and operations, Identity and Access Governance processes and tools, Governance, Risk & Compliance (GRC) IT or Cyber Security system governance.

  • 2-5 years of leadership experience in a managerial/supervisory role. Leading teams with responsibilities for one or more of the following functions: Identity and Access Management, Information Technology, Governance, Risk & Compliance (GRC), Cyber Security

  • Experience in quantitative and qualitative analysis

  • Ability to solve problems that proactively address customer needs and requirements with innovative, creative, and cost-effective solutions

  • Ability to understand business needs, while establishing and maintaining a high level of customer trust and confidence

  • Ability to develop strong relationships with multiple departments and divisions

  • Ability to use Microsoft Office Suite (MS-Word, MS-Excel and MS-PowerPoint)

  • Ability to communicate effectively with management, peers, and customers

  • Experience using effective verbal and written communications skills

  • Ability to develop and maintain policies and procedures to reflect the most current state of business processes and technologies

  • Experience developing policies, procedures, standards or manuals

  • Experience documenting and improving business processes

  • Ability to give and receive tough messages

  • Ability to collaborate, influence, and partner with business units

  • Ability to lead an organization in trouble shooting and problem solving

  • Ability to select, organize, lead, participate in and facilitate a team to produce results

  • Experience managing both full-time employees as well as contract staff understanding co-employment implications and risks

  • Experience creating division/department vision, strategy, goals and objectives

  • Ability to coach and evaluate the performance of others

  • Experience with internal or external auditors


Preferred:

  • MA degree in Information Technology or 5-10 years of leadership experience in a managerial/supervisory role.

  • Leading teams with accountability for processes, tools and teams in the core area of governance, risk and compliance (GRC) OR in cyber security.

  • Experience in setting and executing strategies and establishing enterprise-wide programs in GRC or cyber security.

  • 5-10 years of leadership experience in a managerial/supervisory role.

  • 5-10 years of leadership experience in a managerial/supervisory role. Leading teams with responsibilities for one or more of the following functions: Identity and Access Management , Information Technology, Governance, Risk & Compliance (GRC), Cyber Security

  • Ability and desire to build relationships and interact with a wide range of stakeholders and staff to maintain and enhance PJM’s customer service reputation

  • Experience with PJM operations, markets, and planning functions

  • Experience with evolving industry regulatory and technical issues as they apply to the PJM system and the role of PJM as an ISO/RTO