It Applications Governance Analyst

Company Overview

Who is Costa Farms? We’re one of the world’s largest horticultural growers—but without an ego to match our acreage. Our headquarters are in Miami, Florida, where we were founded in 1961. Costa Farms started on just 30 acres, and over the last 60 years, we’ve grown to more than 5,000 acres around the world. We have farms in North and South Carolina, Central and South Florida, and the Dominican Republic, plus an office in China. Costa Farms now employs nearly 6000 engineers, marketers, accountants/analysts, human resources professionals, and of course, growers and plant scientists!  

Here at Costa Farms, we live by the values of H3: being Humble, staying Hungry, and always Hustling. The team rallies to the mission of being a lean, green, growing machine dedicated to enriching the world by bringing plants into everyone’s life. 

True to that mission, we grow more than 1,500 plant varieties. Driven by the spirit of innovation, the team is always testing new plants and developing new solutions to make it easier for retailers and plant parents to enjoy plants. We’re also continuously testing different ways of growing our plants to increase quality and improve their ecological footprint as one aspect of our many sustainability efforts. 

We cultivate plants, as well as a winning culture. Join the team, and you’ll find opportunities to learn and grow. You’ll collaborate with other driven, determined people who together keep Costa Farms an industry leader. You’ll support and be supported by a team that cares about each other, our customers, our consumers, and our community.  

You’ll also find right away that Costa Farms is committed to providing a diverse environment. We’re proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetic information, disability, age, military status, marital status or veteran status, or any other group status protected by federal, state, or local law. 

DESCRIPTION

The Access Management Engineer is a critical role in safeguarding user access and confidential information across the enterprise. Reporting to the IT Director of Compliance, the Access Management Engineer will establish and manage a Role Based Access Control (RBAC) framework and associated business processes, build relationships across the organization to define access roles, and partner with the People team and Infrastructure team to implement, maintain and administer RBAC throughout the user access lifecycle. Ensure compliance to IT user access policy, Segregation of Duty (SoD), Sarbanes-Oxley Act (SOX), and any other governance requirements. This role may change over time depending on business need.

PRIMARY DUTIES

• Scope includes both Azure/Active Directory (AD) controllable resources and non-AD controllable resources such as on-line portals, Sage X3 ERP software, other software provisioned by IT, and software provisioned by business stewards.
• Lead and collaborate with stakeholders to understand business requirements and design access solutions to meet both current and future needs.
• Lead efforts to design, develop, implement, and maintain an RBAC framework.
• Analyze data for role discovery and SoD compliance.
• Define, document, and implement standard processes and procedures for new provisioning, role changes, user departures including non-employee access.
• Ensure practices align with industry best practices and compliance standards.
• Train business application stewards on access management practices, policies, and procedures.
• Manage Sage X3 ERP user access roles. (ERP Help Desk personnel will assign roles to users.)

• Evaluate access requests to determine how best to grant the access and prepare for approval by the manager and IT Director when the access falls outside established RBAC.

• Establish periodic review of user access procedures to ensure compliance and recommend improvements.
• Establish periodic review of user access privileges to ensure user accounts are in good standing and provisioned access is appropriate to the job role and that privileges are aligned with approved RBAC.
• Work closely with internal and external auditors to meet security and compliance requirements.

WORKING CONDITIONS & PHYSICAL REQUIREMENTS

• Full time – 8am to 5pm US Eastern Time zone, may occasionally require extra time.
• Hybrid – remote/in-office as needed to develop relationships and gather information.
• Travel – occasional travel within USA, mostly in the southeast.
• Work in a fast paced and diverse environment.
• Eye/hand coordination, typing, handling, & wrist motion continuously.

QUALIFICATIONS

• Bachelor’s degree in a technology or equivalent field; master’s degree is a plus.
• Experience with active directory, Azure active directory, PowerShell.
• Experience with user management applications, and RBAC principles.
• Experience selecting and implementing RBAC software.
• Experience designing RBAC schemes.
• Understanding of database management systems, network, and IT system architectures.

• Understanding of Segregation of Duties, SOX compliance and related user access governance.
• Capable of aligning access rights with business needs and security requirements.

• Skills to generate comprehensive reports and conduct in-depth data analysis associated with user access with tools such as SQL queries, PowerBI, PowerShell, etc.
• Experience implementing standard processes for provisioning access and role management.
• Experience planning, testing, and managing security for data protection and access control.
• Experience troubleshooting user access issues.
• Experience conducting user access audits and implementing audit recommendations.
• Experience working with internal and external auditors.
• Experience in a manufacturing or distribution enterprise.
• Sage X3 User Access experience is a plus.

COMPETENCIES

• Humble: personify servant leadership, be authentic, value diversity, collaborate with peers, help others be great.
• Hungry: passionately strive to be your best, constantly seek learning, develop deep understanding of our business and systems.
• Hustle: be nimble, act with urgency and purpose, deliver solutions, exemplify perseverance, think innovatively.
• Complexity and Details: make sense of complex problems with attention to detail.
• Communication: promote and maintain clear lines of communication with team members and stakeholders.
• Negotiation: negotiate access and evaluate risk across the enterprise.
• Independence: ability to work independently, prioritize tasks, and manage multiple projects simultaneously.

All applicants must be work authorized. Costa Farms will not sponsor any visa for this position.

After applying, follow us on LinkedIn to stay up to date on what’s happening around Costa Farms and to start becoming part of our family. Come Grow with Us™!   

Costa Farms offers competitive wages and benefits, including:  

• 401(k) Plan  
• Company 401(k) Matching Contributions  
• Health Savings Account  
• Care on Demand Telemedicine  
• Health Insurance  
• Dental Insurance  
• Vision Insurance  
• Supplemental Insurance (Aflac)  
• Virtual workplace for certain roles  
• Growth Opportunities  
• Challenging and exciting work environment  
• Costa Farms Scholarship  
• Employee discounts on plants  

Costa Farms also has:  

On-site gym with showers  

On-site cafeteria and dry cleaning  

Love Where You Work activities throughout the year