Address
Form of work
The Company
Common Securitization Solutions (CSS) is seeking an experienced Identity Access Management (IAM) Analyst II to join our team of talented professionals. This is a full-time remote opportunity.
CSS built and operates the largest and most advanced mortgage securitization platform in the world, supporting the Uniform Mortgage-Backed Security (UMBS) of Fannie Mae and Freddie Mac.
Supporting 70% of the mortgage-backed securities in the market, CSS provides best-in-class single-family issuance, bond administration, disclosure, and tax services. We support a broad portfolio of products for our clients with full lifecycle management.
Our market-leading, cloud-based, end-to-end platform executes transactions on an extraordinary scale which has bolstered liquidity in the secondary mortgage market, one of the largest and most important financial markets in the world. Our unique approach to securitization combines the best minds in financial services with the know-how, flexibility, and innovation of leading technologists.
RESPONSIBILITIES
Job Information
We are looking for an Identity and Access Management (IAM) Analyst II to help the Identity and Access Management program at CSS align with new technology and new business goals. The primary area of responsibility will be supporting the CSS Identity and Access Management program, both in the cloud and at several remote locations by executing controls and leading efforts to improve them. The individual will ensure identity and Access Management controls in CSS are effective in their operation and will identify control improvements that reduce risks and increase efficiency.
Individual should be detail oriented, thorough in executing IAM operational processes across a multitude of systems including MS Active Directory Domain Services, Azure AD, SailPoint IdentityNow, Okta, Office 365, AWS IAM, other AWS resources and SaaS applications. The selected individual will have demonstrated the ability to collaborate with a variety of teams in all areas of an organization in order to achieve objectives. Individual will be responsible for accurately documenting and maintaining operational and business continuity procedures.
Key Job Functions
- Monitor, facilitate and operate all identity and access lifecycle management controls.
- Familiarity with implementing and operating NIST 800-53 Rev5 controls to achieve IAM goals in AWS, for applications in running in AWS and for SaaS and other services.
- Manage, report and facilitate certification of access for all in-scope resources (including SaaS, AWS, Azure, CSS managed applications, tools and systems).
- Operate directory-based provisioning system based on MS Active Directory Domain Services, Azure Active Directory and AWS IAM Services.
- Manage end user accounts, user access groups and entitlements using applicable tools and applications.
- Manage changes to accounts (user and system), user access groups and entitlements and ownerships based on requests.
- Ensure privileged identity lifecycle management tools are properly used and processes are followed.
- Continuously monitor all CSS identity and Access Management controls for effective operation.
- Provision CSS user access to SaaS cloud-based services when required based on business needs.
- Meet internal audit and third party assessment teams in order to respond to their requests to walk through control processes and to gather and present evidence of control operation.
- Review and analyze the production readiness of technology components and provide IAM governance support and coordination on projects.
- Improve IAM operations efficiencies, accuracy and compliance by investigating and solving control issues with a focus on automation.
- Participate in Cyber Security Incident Response Processes, incident investigations and audit reporting requests.
- Support a 24/7 coverage schedule when needed as part of a rotation including weekends.
- Assess and leads IAM readiness in the development and support of the Disaster Recovery Management Plan while participating and supporting Disaster Recovery exercises.
- Develop, maintain, and enhance IAM strategies, policies, standards, and guidelines. With a customer-centric approach communicate broadly and consistently with stakeholders.
QUALIFICATIONS
Education
- Bachelor's degree or equivalent experience in an IT related field.
Minimum Experience
- A minimum of 2 years' experience in Identity and Access Lifecycle Management Operations and Controls.
- A minimum of 2 years' experience supporting and operating AWS IAM Services (Access Management, Roles, Policies and Access Reporting)
- A minimum of 2 years' experience supporting MS Active Directory Domain Services, Azure Active Directory (MS Entra ID), Azure Web Federation and Active Directory Connect.
- A minimum of 1 years' experience supporting Privileged Identity Management Tools (Thycotic, AWS SS, and others)
- A minimum of 1 years years' experience in scripting (PowerShell, JSON, and Python etc.).
- Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. CSS does not offer H-1B sponsorship for this position.
Specialized Knowledge & Skills
- Experience with operating controls aligned with ISO 27001/2, FISMA or National Institute of Standards and Technology (NIST) 800-53 Rev5 guidelines is essential.
- Candidate must have experience working across teams and effectively deliver IAM services across business lines.
- Candidate should have a working knowledge of common OS and domain structures, servers, services, and their use of directory services.
- Experience with DR/BCP planning for IAM services desired
- Candidate should have experience with Windows, Linux, Red Hat, etc. hosts, operating systems and applications.
- Candidates must possess excellent interpersonal skills, presentation skills, and verbal / written communication skills with an ability to document and explain processes and procedures to both business and technical stakeholders.
- Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives
- Candidate should have a solid understanding of information security policies, standards, and industry leading practices.
- Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives
- Candidate must demonstrate organizational skills with respect to time management and work production.
- Ability to manage multiple priorities - projects, deliverables, and stakeholders
- Willingness to learn new technology, tools and create new processes to meet control objectives.
- CISSP, CISA, Microsoft, AWS certifications or equivalent designation desired.
- Hands on experience with Oracle/SQL server and/or SailPoint IdentityNow/SailPoint Identity Cloud is a plus.
- Experience using IGA/IAM and PIM tools is a plus.
- Candidate will be part of on call rotation for after hours and weekend support.
- Secondary mortgage market or equivalent financial services experience is a plus.
Pay Range $94,250 to $107,500
CSS's pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) a candidate's qualifications, skills, competencies, and experience, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. CSS offers a competitive total compensation package, which includes a performance bonus, 401k match, healthcare coverage, PTO, and a broad range of other benefits.
Employment
As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.
Common Securitization Solutions is an Equal Opportunity Employer.
##LI-Remote
Employment Type: FULL_TIME
