OverviewThis position manages specific Governance, Risk, and Compliance (GRC) services within the Identity and Access Management (IAM) organization. Reporting to the Global Head, IAM Operations, the GRC Risk Manager is a cybersecurity leader who will own all aspects of Operations for the Access Management and Authentication (Auth), Customer Identity and Access Management (CIAM), and Cloud Identity (CI) competences for all First Citizens Bank (FCB) entities (CIT, Silicon Valley Bank, Boston Private, etc.). A deep, end-to-end knowledge of the Authentication, CIAM and Cloud security operational processes is a necessity for this role.Develops and maintains the strategic mission of the IAM Authentication, CIAM and Cloud Security GRC functions. Assists in the development, implementation and monitoring of processes used in support of delivering GRC services throughout the bank. Helps establish and maintain influential relationships with IT management, regulators, internal audit, and business partners. Manages the people, process and technology supporting the IAM Governance Program, including Auth, CIAM and Cloud security compliance, vendor due diligence, and training and awareness efforts.ResponsibilitiesAccess Management and Authentication responsibilities include:Establishing and maintaining operational procedures for Access Management and Authentication, in accordance with GRC IAM controlsEnsuring proper and consistent implementation of Single Sign-on across FCB entitiesEnsuring implementation governance of multi-factor authentication (MFA) across FCB entitiesPartnering with engineering teams to recast certificate management across FCB entitiesCIAM responsibilities include:Establishing and maintaining CIAM operational controls and proceduresPartnering with business and engineering teams to establish strategic CIAM direction and roadmaps.Responsible for joint solutioning of customer access and authentication patternsEstablishing the CIAM Voice-of-the-Customer, providing inputs to business and engineering teams for future enhancementsDesigning and implementing a customer identity warehouse for business, technology, and security teamsEnsuring implementation governance of client-side multi-factor authentication (MFA) across FCB entitiesCloud Identity Operations responsibilities include:Developing modular access patterns for each AWS serviceEngineering IAM resource guardrails within Terraform SentinelBuilding self-service monitoring reportsConnecting IAM Cloud reporting databases to additional IAM resourcesAutomating control and compliance resource remediationExpanding IAM management to additional cloud providersGeneral ResponsibilitiesBusiness Strategy – Defines technology, process, standards, and procedures utilized by team. Builds strong partnerships with industry peers, government agencies, and risk management communities. Monitors industry for emerging techniques and technology applicable to Bank operations. Drives continuous improvement of program capabilities by designing and implementing new security products, services, andProgram Oversight – Manages GRC capabilities that identify, analyze, and mitigate risk for various information security, technology, and business units. Leads the development and reporting of security metrics and risk information to executive leadership. Coordinate security efforts and audits by both internal and external parties. Responsible for program budgets andManagerial Functions – Establishes and monitors expectations to achieve company and department goals. Makes appropriate changes to team policies, procedures, and efficiencies in order to meet objectives. Manages the performance, training, and evaluation of assigned staff. Maximizes department achievements by providing professionalTraining – Develops, implements, and manages the IT security awareness and training program. Develops internal training curriculum and builds security awareness. Ensures awareness of and compliance with all security policies and standards.The base pay for this position is relative to your experience but the range is generally$123,143 to $213,447 per year.QualificationsBachelor’s Degree and 8 years of experience in Information Technology Security, Operations, Risk Management, or Audit OR High School Diploma or GED and 12 years of experience in Information Technology Security, Operations, Risk Management, or AuditSkill(s): Ability to develop and implement information security strategies in large, complex, Effective at communicating audience-appropriate information to technical, management, and executive , Proficiency in assessing risk and risk management , Knowledge of IT policies, standards, and procedures frameworks as well as their development and , Knowledge of standard risk management or control frameworks such as COBIT, ISO, and ITIL, Knowledge of regulatory requirements and guidelines
ISO standards authentication CI/CD Information technology (IT) COBIT itil Amazon Web Services (AWS) amazon-iam multi-factor-authentication