Security Engineer 1548

1. Responsibilities

User Access Review (UAR) Management

• Orchestrate and manage comprehensive user access review cycles including monthly, quarterly, and annual certification processes to ensure compliance with organisational security policies and regulatory requirements.
• Oversee the complete UAR lifecycle from initial data extraction through to final certification, ensuring accuracy and timeliness of all access review activities.
• Compile and validate access data from multiple enterprise systems, cross-referencing user permissions and validating accuracy of access rights across all applications and platforms.
• Coordinate extensively with stakeholders across the organisation to obtain timely responses and certifications, managing relationships to ensure review completion within required timeframes.
• Track and follow up on access exceptions, working closely with system owners to ensure prompt remediation of identified compliance issues and security risks.
• Maintain comprehensive documentation of UAR processes, findings, and remediation activities to support audit requirements and continuous improvement initiatives.

Privileged Access Management

• Manage privileged access reviews within CyberArk environment, ensuring appropriate oversight of high-risk access permissions and maintaining security of critical systems.
• Conduct regular assessments of privileged accounts to ensure principle of least privilege is maintained and access remains appropriate for business requirements.

IAM Audit and Compliance

• Conduct comprehensive IAM audits to assess the effectiveness of identity governance controls and identify gaps in access management processes.
• Perform detailed analysis of user access patterns, identifying anomalies, orphaned accounts, and potential security risks through systematic audit procedures.
• Prepare detailed audit reports documenting findings, risk assessments, and recommended remediation actions for management and external auditors.
• Support internal and external audit activities by providing evidence of IAM controls, access logs, and compliance documentation.
• Maintain audit trails for all identity management activities, ensuring comprehensive documentation for regulatory compliance and forensic analysis.

Identity Management Operations

• Support identity management cleanup initiatives including process review, requirement documentation, user acceptance testing (UAT), and ongoing Day 2 IAM operations.
• Collaborate with technical teams to implement identity governance improvements and automation opportunities to enhance operational efficiency.
• Participate in the design and implementation of identity management solutions that align with enterprise security architecture and compliance requirements.

Compliance and Risk Management

• Ensure all identity and access management activities comply with internal policies, regulatory requirements, and industry best practices.
• Identify and assess identity-related risks, developing mitigation strategies and working with stakeholders to implement appropriate controls.
• Support internal and external audits by providing comprehensive documentation and evidence of access management controls and processes.
• Conduct risk-based access assessments to prioritise remediation efforts and resource allocation.

Process Improvement and Documentation

• Continuously evaluate existing IAM processes to identify opportunities for automation, streamlining, and efficiency improvements.
• Develop and maintain detailed process documentation, standard operating procedures, and training materials for IAM activities.
• Collaborate with cross-functional teams to implement process improvements and technology solutions that reduce manual effort whilst maintaining security and compliance standards.
  

2. What we are looking for

Technical Experience

• Proven experience in Identity and Access Management, with particular expertise in user access reviews and privileged access management systems such as CyberArk.
• Hands-on experience with enterprise identity management platforms and access governance tools.
•  Strong understanding of identity governance principles, including role-based access control (RBAC), segregation of duties, and principle of least privilege.
• Experience with identity management lifecycle processes including provisioning, de-provisioning, and access certification.

IAM Audit and Assessment Skills

• Demonstrated experience in conducting IAM audits and access assessments across complex enterprise environments.
• Proficiency in audit methodologies and frameworks specific to identity and access management, including COBIT, COSO, and ITIL.
• Strong analytical skills with ability to identify patterns, anomalies, and potential security risks through data analysis and system reviews.
• Experience with audit tools and technologies for automated access analysis, reporting, and compliance monitoring.
• Knowledge of forensic analysis techniques for investigating access-related security incidents and policy violations.
• Ability to develop and execute comprehensive audit programmes covering all aspects of identity lifecycle management.

Process Management Skills

• Demonstrated ability to manage complex, multi-stakeholder processes with high attention to detail and accuracy.
• Experience in coordinating with diverse stakeholder groups to achieve compliance and operational objectives within tight timeframes.
• Strong project management skills with ability to handle multiple concurrent initiatives whilst maintaining quality standards.
• Experience in process documentation, improvement, and standardisation activities.

Compliance and Risk Management

• Knowledge of regulatory compliance requirements related to access management and data protection, including GDPR, SOX, and industry-specific regulations.
• Understanding of risk assessment methodologies and ability to identify and mitigate identity-related security risks.
•  Experience supporting audit activities and maintaining comprehensive audit trails for access management activities.
• Knowledge of compliance frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, and COBIT.

Documentation and Reporting

• Strong technical writing skills with ability to produce clear, comprehensive audit reports and compliance documentation.
• Experience in creating executive-level reporting and dashboards for IAM metrics and compliance status.
• Ability to translate complex technical findings into business impact assessments and actionable recommendations.
• Proficiency in data visualisation tools and techniques for presenting audit findings and compliance metrics.

Communication and Stakeholder Management

• Excellent interpersonal and communication skills with ability to work effectively with stakeholders at all organisational levels.
• Strong problem-solving abilities with experience in exception handling and issue resolution.
• Ability to translate technical concepts into business language for non-technical stakeholders.
• Experience in managing audit relationships and coordinating with external auditors and regulatory bodies.

Additional Qualifications

• Relevant certifications in identity and access management (such as CISSP, CISM, CISA, CGEIT, or vendor-specific certifications) would be advantageous.
• Professional audit certifications such as CIA (Certified Internal Auditor) or CISA (Certified Information Systems Auditor) would be highly beneficial.
• Experience with automation tools and scripting to improve operational efficiency would be beneficial.
• Knowledge of Singapore Government security standards and compliance frameworks would be an added advantage.
• Familiarity with GRC (Governance, Risk, and Compliance) platforms and audit management systems would be preferred.