Job Information
WTW CyberArk Privileged Access Management SME in Taguig, Philippines
WTW has embarked on a multi-year programme to embed its physical and digital information security standards across the business. That is, ensuring clients, business partners and internal information is protected appropriately at all times. The Information Security Programme (ISP) covers all areas of the Willis business and aims to deliver prioritized and fit for purpose enhancements for each Willis business globally.
Privileged Access Management (PAM) is one of several initiatives which will deliver a series of changes over the ISP lifecycle.
You will work closely with business management, IT and internal stakeholders to support the delivery of WTW PAM. This includes working with members of the PAM Team and other business units, supporting them to manage Elevated access and passwords using the PAM strategic tool ‘CyberArk’.
Principal Duties/Responsibilities
Lead the PAM team on a daily basis
Manage daily PAM / CyberArk activities. Requests for access to safes and accounts
Make sure legacy and current CyberArk structure is aligned to policy / Best practice
Perform as an IAM PAM SME, consistently researching new ways to improve our IAM operations and overall strategy target
Ensure adherence to Security Controls, Policies and Standards with a focus on automation and control.The
Derive themes from identified gaps and recommend appropriate remediation measures to mitigate risk associated with gaps
Work closely with senior leadership to Identify improvement opportunities to enhance existing controls and overall IAM governance program
Analysis and monitoring of data to provide key metrics, to ensure least privilege and no toxic access in conjunction with our Audit teams
Risk management and mitigation for IAM
Engagement and communication with stakeholders across LoBs and IT platform leads to ensure awareness of IAM policies and procedures
Knowledge transfer to the new team members
Communications and Relationships
Report status regularly to Head of IAM
Communicate and ensure execution of Sox and non-Sox Critical Application privileged accounts
Provide challenge and escalate risk and issues where appropriate.
Qualifications:
5+ years of Information security and/or Identity Access management domain experience
SME level knowledge of PAM and CyberArk best practices and experience with Identity Access Management technology.
Practitioner knowledge of key IS and Cyber regulations and how organizations achieve compliance
Be interested in developing skills and knowledge in information security.
Formal training in security will be added advantage
Experience & Knowledge of CyberArk key
Strong IT skills, able to analyze data for reporting purposes and follow work instruction
Relevant degree or equivalent experience preferred
Skills:
Strong IT and analytical skills
Proactive rather than reactive
Team player with good interpersonal skills
Knowledge and experience in Information Security Auditing Techniques
Ability to work under pressure to tight timelines
Organized and methodical
Willing to challenge and desire to learn
Good communication skills, both orally and in writing
Knowledge/Experience:
5+ Years CyberArk knowledge from a BaU level
‘Best practice’ level knowledge of PAM
Regulatory Requirements:
Audit and Compliance knowledge identified by the Information Security Committee
SOX Requirements for Privileged Access Monitoring and Controls
Equal Opportunity Employer