Identity And Access Management (IAM) Lead

BNY Mellon Data and Analytics Solutions is a public- and private-cloud-based software and content offering that builds client-centric data, technology, and content capabilities.

Operating with the skill and agility of a fintech, Data and Analytics Solutions combines the expertise and resources of the Eagle product suite, Intermediary Analytics, and other BNY Mellon technology and data assets. Moreover, the division further extends BNY Mellon’s Asset Servicing capabilities in securities and cash into the world’s most important asset class, data.

Data and Analytics Solutions helps firms to analyze their data from different vantage points and transform it into actions that can achieve higher alpha and cheaper beta, with lower costs and less risk. Offering an ecosystem of proprietary and third-party business applications, Data and Analytics Solutions helps firms manage their core investment processes and beyond.

Identity and Access Management (IAM) is a critical service within the BNY Mellon Information Security Program (ISP) and this IAM Lead role will be reporting to the Chief Information Security Officer (CISO) within the Data & Analytics Business.

What You Will Do and your Key Responsibilities

• Lead team and manage full scope Identity and Access Management (IAM) service (e.g., secure ops of multiple AD domain/forests/tenants, User/Service Principle lifecycle management including: onboarding, offboarding, recertification, least privilege enforcement)
• Collaborating with product owners, developers, technical operation teams within the both Product Development Lifecycle (PDLC) and Software Development Lifecycle (SDLC) to ensure User personas align to centralized Identity, authorization/entitlement rule engines, API key management
• Continuous improvement and service delivery of the Identity and Access Management (IAM) program, aligning staff, tools, and processes to key security metrics and controls within the PDLC/SDLC enabling timely and secure Product feature releases.
• Provide IAM security guidance and oversight across Product Management, Research & Development, and Operations teams to Influence the design and implementation of upcoming products and services with a mindset of "Security by Default"
• Responsible for overall IAM integrations, assessments, and posture through maintaining user/service and application inventories, onboarding roadmaps for centralized identity (e.g, SAML, LDAP, certificate based auth)
• Design and deploy state-of-art technology to meet the business needs and interface with business units regarding technical planning and modern IAM topics.
• Perform proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
• Perform validation of security controls to insure adherence with compliance and industry best practices.
• Perform hands on security testing and integrations of products and services to proactively Client risk and track them to resolution.
• Use a risk-based approach, advocate for and help prioritize remediation of security findings and develop/report metrics measuring the state of IAM program.

• Previous experience in information security and Identity/Authentication/Authorization/Access/Entitlement domains

• Experience working managing multiple Active Directories and Identity Federation integrations

• Experience with Modern Authentication tooling (e.g., MFA, Push event, Security Token, SAML, OAUTH, Azure AD conditional access)

• Experience with Public Cloud (e.g., Azure, AWS, and GCP) technologies

• Experience with securing containers, host, databases, and application solutions for multi-tier and microservice systems.

• Have a strong knowledge of building security into continuous integration and delivery (CI/CD) pipeline.

• Ability to understand business requirements and apply security without adversely affecting the desired functionality

• Experience with securing containers, host, databases, and application solutions for multi-tier and microservice systems.

• Relevant security certifications a plus (such as: CISSP, GSEC, GPEN, GCIH)

• High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.