The IAM security architect position will provide guidance on the design, implementation and development of solutions for all aspects of information security, with a focus on identity governance and access management. This role will have a very broad understanding of all aspects of security and technology – including policies, standards and regulatory requirements. The solutions shall be designed to mitigate and/or reduce business exposure to information security risks. Risks may include, but not limited to, cyber security, information security, data loss prevention, intrusion prevention, and the availably of information systems. This role will lead virtual groups and projects.
The security architect will advocate for security requirements and objectives, while ensuring that security architectures and practices do not impede the needs of the business. The security architect will evaluate new services, vendors, applications and security tools, among other items, from a technical perspective, and translate the risk characteristics of these activities and functions into enterprise risk terms.
What will be my duties and responsibilities in this job?
Key Objectives
• Implement solutions that comply with Assurant Information Security Policies and Standards
• Lead virtual projects and technical teams on implementing security solutions across the enterprise
50% Strategy
• Aligns IAM processes across the organization, and develops and documents standards for organizational use
• Identifies and develops remediation plans for IAM technical debt
• Co-leads an IAM selection process, evaluates existing and emerging technologies and tools in the selection of an IAM service offering for the business units
• Participate in the development of departmental strategic roadmaps and strategies
• Guide information security implementations & policy enforcement throughout Assurant
• Provide security architecture or governance recommendations and guidance to senior security leaders and stakeholders
• Design gap remediation strategies as directed by senior security leaders
• Investigate the potential impact of emerging technologies and architectures and communicate findings to senior security leaders
• Design technology platforms and infrastructures in alignment with Assurant security standards and strategic roadmaps
30% Operational/Process
• Conduct security architecture reviews for internal and external clients and business partners at the request of the senior security leaders and/or Information Security Office.
• Ensure requirements are aligned to information security policies, standards and align to best practices
• Promote and help remediate gaps in regard to security architecture.
• Provide support for mergers, acquisitions and divestitures.
• Assess current state and maturity levels of existing security infrastructures, frameworks, methodologies, platforms.
• Coordinate and participate in the testing of security solutions.
• Conduct security architecture reviews and produce detailed documentation for Assurant’s technology platforms and supporting solutions
• Assist in incident response process as required
20% Leadership
• Manage and lead security projects and/or initiatives
• Provide technical and governance leadership for business security initiatives
• Provide technical and strategic mentorship for security engineers, analysts and administrators
• Participate in staff training and development exercises
• Educate peers and security personnel about security platforms, technologies, governance and architectures (both existing and emerging)
Financial Responsibility
• Will evaluate the financial costs of recommended technologies. Specifically, the security architect will need to quantify purchasing and licensing options, estimate labor costs for a given service or technology, and estimate the total cost of operation (TCO), the ROI, or the payback period for services or technologies replacing existing capabilities.
• Will develop business case and justification for information security project & operations related expenditures
What are the requirements needed for this position?
• 7+ of experience the field of IT, Information Security, Compliance, Audit or Risk (with a broad range of exposure to all aspects of business continuity, systems analysis, risk management, application development and information security)
• 5+ years of experience in technology implementation, including: 3+ years in developing, implementing and architecting information systems, and 3+ years technical architecture experience integrating identity management, access management and access governance software into clients’ infrastructure and applications
• Identity management proficiency in one or more of the following areas: single sign-on (SSO), privileged access management, data management, identity federation, enterprise directory architecture and design, including directory schema, directory services, namespace and replication topology experience, resource provisioning, ITIL, and process integration.
• Identity and access governance proficiency in one or more of the following areas: role-based access control, access request and certification, user life cycle management processes, and organizational change management.
• Direct experience designing IAM technologies and services:
• Active Directory / Microsoft Entra ID
• OKTA
• Lightweight Directory Access Protocol (LDAP)
• Amazon Web Service (AWS) IAM
• Federated Identity / OAUTH
What other skills/experience would be helpful to have?
• Bachelor's or Master’s degree in Business, Computer Science, Engineering or related discipline or equivalent experience.
• Familiarity with Ruby, Python, PHP, PowerShell, SQL and/or shell scripting.
• Expert understanding of IAM concepts, including federation, authentication, authorization, access controls, access control attacks, identity and access provisioning life cycle.
• Expert understanding of web security standards, architecture, web security best practices and application security best practices
• Expert understanding of information security task automation and tool integration
• Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
Regulations, Standards and Frameworks
• NIST (SP) 800-63-3
• NIST Cybersecurity Framework (CSF)
• ISO 27001/2
• Payment Card Industry Data Security Standard (PCI-DSS)
• Sarbanes-Oxley
• General Data Protection Regulation (GDPR)
• Privacy Practices
Appropriate Certification Preferred
• Certificated Information Systems Security Professional (CISSP)
• Certificated Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• Certificated Information Security Manager (CISM)
• Certified Cyber Forensics Professional (CCFP)
• Desired, but not Required: Certification in one or more public cloud platforms, such as Azure, AWS or Google Cloud
#AssurantProudJR
Pay Range
$99,200.00 - $165,600.00
Any posted pay range considers a wide range of compensation factors, including candidate background, experience and work location, while also allowing for salary growth within the position.
Expected application deadline is
04/21/2024
If date is blank then this is a pipeline requisition, and we will continue to collect applications on an ongoing basis.
Helping People Thrive in a Connected World
Connect with us. Bring us your best work and your brightest ideas. And we’ll bring you a place where you can thrive. Learn more at jobs.assurant.com.
For U.S. benefit information, visit myassurantbenefits.com. For benefit information outside the U.S., please speak with your recruiter.
What’s the culture like at Assurant?
Our unique culture is a big reason why talented people choose Assurant. Named a Best/Great Place to Work in 13 countries and awarded the Fortune America’s Most Innovative Companies recognition in 2023, we bring together top talent around the world. Although we have a wide variety of skills and experiences, we share common characteristics that are uniquely Assurant. A passion for service. An ability to innovate in practical ways. And a willingness to take chances. We call our culture The Assurant Way.
Company Overview
Assurant is a leading global business services company that supports, protects, and connects major consumer purchases. A Fortune 500 company with a presence in 21 countries, Assurant supports the advancement of the connected world by partnering with the world’s leading brands to develop innovative solutions and deliver an enhanced customer experience through mobile device solutions, extended service contracts, vehicle protection services, renters insurance, lender-placed insurance products, and other specialty products.
Equal Opportunity Statement
Assurant is an Equal Employment Opportunity employer and does not use or consider race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity, or any other characteristic protected by federal, state, or local law in employment decisions.