Access Governance Analyst

Summary:

You will work closely with business management, IT and internal stakeholders to support the delivery of WTW Access Governance Team. This includes working closely with members of the Access Governance Team and other business units, supporting them to complete the Quarterly User access recertifications (UAR) not limited to WTW but all the subsidiaries of WTW’ integrated along with the regulatory timelines.

Responsibilities:

• Prepare and implement strategic and operational plans of actions to ensure timely User Access reviews 
• Act as an IAM SME, consistently researching new ways to improve IAM operations and overall strategy
• Ensure adherence to Security Controls, Policies and Standards with a focus on automation and control.
• Derive themes from identified gaps and recommend appropriate remediation measures to mitigate risk associated with gaps
• Identify improvement opportunities to enhance existing controls and overall IAM governance program 
• Analysis and monitoring of data to provide key metrics, to ensure least privilege and no toxic access in conjunction with our Audit teams
• Risk management and mitigation for IAM, identify opportunities for automation and driving efficiencies.
• Ensure full auditability of recertification operations for SOX, SOC2, NYDFS and HIPPA, etc. process compliance. 
• Engagement and communication with stakeholders across business to ensure awareness of IAM policies and procedures
• Responsible for managing and maintaining the operational health of UAR platform SailPoint IdentityNow
• Participate in recurring support review meetings, presenting challenging cases and new ideas to the support team.
• Review application integration requests and assist support team during the onboarding process.

Additionally, you will;

• Support the team leads to co-ordinate and effectively manage daily operational team activities to ensure a smooth and effective running of the recertification service.
• Be proactive to see opportunities and deliver process improvements.

Communication & Relationships:

• Report status regularly to Access Governance Team Lead
• Communicate and ensure execution of Sox and non-Sox Critical Application Recertification
• Deliver ongoing status updates to WTW Access Governance Team Management and Service Owners on the Weekly Calls
• Provide challenge and escalate risk and issues where appropriate. 

Requirements:

Qualifications:

• 5+ years of information security, access governance and/or identity access management domain experience is preferable. 
• Keen knowledge of Access Governance best practices and experience with Identity Access Management technology.
• Practitioner knowledge of key IS and Cyber regulations and how organizations achieve compliance.
• Be interested in developing skills and knowledge in information security.
• Formal training in security will be added advantage.
• Experience & Knowledge in at least one specific IAM tool.
• Strong IT skills, able to analyze data for reporting purposes and follow work instruction.
• Relevant degree or equivalent experience preferred.

Skills:

• Strong IT and analytical skills
• Proactive rather than reactive
• Team player with good interpersonal skills
• Knowledge and experience in Information Security Auditing Techniques
• Ability to work under pressure to tight timelines
• Organized and methodical
• Willing to challenge and desire to learn
• Good communication skills, both orally and in writing

Knowledge/Experience:

• An understanding of the tools we use (e.g. SailPoint, CyberArk, Active Directory and Azure Active Directory) would be a must pre-requisite
• Knowledge and understanding of Access Governance and IT Applications.
• Knowledge and understanding of Application Support and Customer Service Background.
• Experience working as part of a business support function such as IT, risk or compliance.
• Experience in a business-facing (rather than purely IT facing) role
• Experience of delivering to tight timescales.
• Qualified to degree level, preferably in a business, IT or security related subject

Regulatory Requirements:

• Audit and Compliance Reviews of Critical Applications as identified by the Information Security Committee
• SOX Requirements for Access Governance Monitoring and Controls