At Shire, we are proud and grateful to employ military veterans and thank them for their contributions to our company and our country. See where your military experience can play a role at Shire by using our military skills translator job search tool below:
Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
Ready to explore a career path? Start your journey.
Job Description:
The Identity & Access Management (IAM) Engineer’s primary responsibilities are to implement security principles to the IAM IGA(Identity Governance & Administration) platform, performs daily functions required to maintain the rules and controls, maintain security and least privileged safeguards and support align GBT IAM policies to protect data and reduce risk. This role will help drive IAM-related security and compliance requirements across all areas of IAM IGA, especially in Saviynt but also could include Okta, CyberArk and AWS. This role will be responsible for contributing to IAM component designs, IAM development, service integration, implementation, and operations. This role will report directly to the Manager of Identity Access Management (IGA).
Essential Duties and Responsibilities:
Design, implement, and manage Saviynt IAM solutions to ensure effective access controls, identity lifecycle management, and compliance. Manage user provisioning, de-provisioning, and account modifications.
Work closely with stakeholders to understand business requirements and translate them into IAM solutions.
Configure and deploy Saviynt modules and connectors for various applications, platforms, and systems.
Integrate Saviynt with other identity management and security systems to create a seamless IAM ecosystem.
Identify and assess potential security risks related to identity and access management. Implement risk mitigation strategies and ensure compliance with industry regulations.
Establish monitoring mechanisms for IAM activities and generate regular reports for audit and compliance purposes.
Investigate and respond to security incidents related to identity and access management.
Collaborate with other IAM team members seeking guidance on IAM related matters and contributing to system support.
Execute reports and gather data for metrics. Assist with tracking and producing IAM metrics including key performance indicators (KPIs).
Document changes, enhancements, and lifecycle events according to the set standards and procedures.
Assist launching Access Certifications to ensure user accounts and access aligns with their roles and responsibilities. Work with system and application owners to generate the required reports.
Promote and socialize IAM best practices, standards, and governance.
Evaluate current IAM solutions and identify areas for improvement. Implement automated processes to streamline existing tedious processes.
Performs troubleshooting of issues impacting IGA. Provides after-hours support for critical IGA related P1 issues if engaged.
Assisting in ensuring project teams comply with company IAM standards, policies, industry regulations, and Cybersecurity best practices.
Other daily and ad-hoc IAM tasks as assigned.
General task and project-level reporting.
Required Knowledge and Skills:
Minimum 5 years of professional/hands on experience and knowledge in IAM ( MUST )
Minimum 3 years of professional/hands on experience with Saviynt including understanding of security system, endpoint, entitlements, workflows, email template, analytics, certificates and connections etc. ( MUST )Minimum 6 years of experience in leading the design, implementation, and maintenance of any IGA Product (i.e. Identity Now, IdentityIQ, OIM, etc..) solutions if Saviynt skillset is not found. ( MUST )
Hands on experience in connected and disconnected application onboarding including request form, dynamic attributes, mapping and data types etc. ( MUST )
Hands on experience in REST & SOAP connector including - JSON building, mapping, reconciliation and provisioning use cases etc. is preferred
Hands on experience in SOD, technical/update rules is preferred
Experience creating static and actionable analytical reports based on complex SQL queries.
Expert knowledge of identity management principles, access controls, and security best practices.
Proficiency with Postman, Java Scripting and Power Shell scripting.
General understanding of Single Sign-On, Multi-Factory Authentications (MFA), and Authentication, Privileged Access Management (PAM) & Cloud technologies.
Experience or deep understanding CyberArk( or any other Privileged Access Management solution), Azure, AWS, Active Directory, Okta and various multi-factor authentication services is preferred.
Familiarity with industry regulations and standards (e.g. SOC2, ISO, SOX, PCI).
Excellent analytical and problem-solving skills.
Ability to comprehend and write technical documentation.
Ability to work well with people of varying levels of technical abilities.
Ability to gather, analyze, report, and present information.
Location
Mexico - Virtual Location
The #TeamGBT Experience
Work and life: Find your happy medium at Amex GBT.
Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and more.
Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.
Develop the skills you want when the time is right for you, with global tuition assistance, access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.
We strive to champion Diversity, Equity, and Inclusion in every aspect of our business at GBT. You can connect with colleagues through our global Inclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.
Wellbeing resources to support mental and emotional health for you and your immediate family.
And much more!
All qualified applicants will receive equal consideration for employment without regard to age, gender identity (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, race, color, religion, creed, national origin, disability, veteran status, citizenship or marital status. It is our policy to maintain an equal-opportunity environment free from intimidation, harassment or bias for our candidates, colleagues, clients and suppliers.
We are committed to providing reasonable accommodation to individuals with disabilities. Please, let your recruiter know if you need an accommodation at any point during the hiring process. For more details, please consult GBT Recruitment Privacy Statement (https://www.amexglobalbusinesstravel.com/gbt-recruitment-privacy-statement/) .
What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!
Click Here to Learn More (https://www.amexglobalbusinesstravel.com/careers/)