SEMS Identity Access Management Specialist (13770)
Brooklyn, NY

Job Description

(Those who previously applied need not re-apply)

Position Summary: The SEMS Identity Access Management Specialist is responsible for the development, planning, designing, configuring, testing, troubleshooting, integration, and security management of the system processes and procedural methodologies intended to be used for the creation, deployment, and maintenance of the Identity and Access Management (IAM) system. The SEMS Identity Access Management Specialist will serve as the technical expert responsible for managing projects culminating in the design and implementation of application and enterprise platforms within the Authentication and Identity life cycle space. In addition, this position will have administrative responsibility of the IAM program and will create/define IAM procedures to operate the IAM systems. Performs related work.

Reports to: Director of Identity and Access Management

Direct Reports: N/A

Key Relationships: Works collaboratively within the areas of Information Technology (IT), Information Security, Human Resources, Financial Systems, and Business Operations, and other internal and external entities on Identity and Access Management (IAM) projects, managing systems life cycles, and evaluating existing solutions for optimization and enhancement. Aims to achieve positive outcomes such as improved identity life cycle management, introduction of workflow-based processing for systems access, delegation of authority, and consistent auditing of user accounts by creating and maintaining IAM procedures. Provides input into enterprise technology plans, ensuring successful integration with other aspects of NYCDOE technical infrastructure.

Responsibilities

* Responds to access requests generated from an Identity Management system and provisions access according to security policy and best practices.
* Provides technical expertise and support for access requests involving protection of Windows and Directory based information.
* Provides Windows, Active Directory, and e-Directory Teams lead enterprise-wide definition, establishment, and maintenance of data, security-related infrastructure, applications, and processes.
* Provides technical support to clients, management, security administrators, and network operations.
* Automates work processes by use of scripting, specifically PowerShell and Phantom, to help streamline work and enhance processes.
* Develops, tests, and implements security products, tools, scripts, and controls for Windows, Active Directory, and e-Directory environments.
* Documents and maintains security policies and procedures.
* Provides support for security audits, risk assessments, data security procedures, and products.
* Assists team in evaluating existing and proposed security systems and technologies.
* Defines systems solutions to functional problems, conforming to established system architecture standards and practices.
* Participates in business process evaluation/improvement activities, requirements gathering, system analysis, system design, software/hardware applicability studies, and system implementation, and executes projects based on these activities.

Qualification Requirements:

Minimum

* A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or
* Education and/or experience which is equivalent to "1" above.

Preferred

* 5+ years of experience in Information Technology with a bachelor's degree in Computer Science, Information Systems, or an equivalent related field.
* 9+ years of experience in Information Technology with a four‐year high school diploma or its educational equivalent.
* 7+ years of experience managing projects through the full system development lifecycle.
* 7+ years of experience in information technology, with a focus on information security in one or more of the following areas: IAM, cyber threats, security operations, data loss prevention, threat intelligence, security architecture, or policy/governance.
* 7+ years of strong development/architecture experience in a hands-on role.
* 7+ years of experience with one or more directories such as CA Directory, Oracle Directory, AD, Ping, or IBM Directory Server.
* 7+ years of experience with federated identity and web services security concepts, e.g., SAML, Liberty ID-FF and ID-WSF, WS-Federation, Open ID, OAuth, and WS-Security.
* 7+ years of experience with development tools, e.g., Eclipse, Visual Studio, and SQL Developer.
* 7+ years of hands-on experience with Active Directory, SSO, LDAP, Web services and/or Java/JSPs.
* 5+ years of experience in deploying Identity Governance and administration, including full development of workflows, provisioning forms, custom forms, base account provisioning, password management, reports, access certifications, out-of-the-box connectors, and custom connectors.
* Familiarity of requirements gathering and deploying RPA tools with equivalent IAG solution.
* Strong PowerShell and Phantom scripting experience.
* 5+ years of experience in maintaining Identity Governance and administration and related processes and controls.
* 5+ years of experience with role mining and role-based access control with IBM Identity Governance and Intelligence.
* 5+ years of experience with one or more databases, e.g., Oracle, IBM, or MS SQL.
* 5+ years of experience with Windows, Linux, and Solaris operating systems.
* 5+ years of experience with Oracle WebLogic, JBOSS, Tomcat, Apache, or IBM WebSphere.
* Internal candidates preferred.

Salary: $78,221 - $120,000

(Internal candidates who are selected for this position and who currently hold comparable or less senior positions within the DOE will not make less than their current salary.)

Please include a resume and cover letter with your application.

Applications will be accepted through July 30, 2019, until 3:00 p.m.

NOTE: The filling of all positions is subject to budget availability.

AN EQUAL OPPORTUNITY EMPLOYER

It is the policy of the Department of Education of the City of New York to provide educational and employment opportunities without regard to race, color, religion, creed, ethnicity, national origin, alienage, citizenship status, age, marital status, partnership status, disability, sexual orientation, gender (sex), military status, prior record of arrest or conviction (except as permitted by law), predisposing genetic characteristics, or status as a victim of domestic violence, sexual offenses and stalking, and to maintain an environment free of harassment on any of the above-noted grounds, including sexual harassment or retaliation. Inquiries regarding compliance with this equal opportunity policy may be directed to: Office of Equal Opportunity, 65 Court Street, Room 1102, Brooklyn, New York 11201, or visit the OEO website at http://schools.nyc.gov/OEO