SOW88v3.Row30_PAM - Migration SME - 7- MS

Key Responsibilities

• IAM/PAM/IGA Strategy and Architecture for Migration Projects: Define and implement IAM, PAM, and IGA strategies tailored to the requirements of application migration, ensuring robust access management during and after migration.
• Assess current access controls and recommend improvements to align with security best practices and compliance standards during migration.
• Design and oversee secure frameworks for identity management, privilege escalation, and governance in new application environments.
• Access Control Implementation and Management: Deploy and configure IAM/PAM/IGA solutions (such as Okta, CyberArk, SailPoint) within sprint cycles, ensuring seamless integration with migrated applications.
• Develop and enforce role-based access control (RBAC), least privilege principles, and secure access protocols across applications and data assets.
• Manage privileged accounts by implementing PAM practices that protect critical resources during migration to cloud or hybrid environments.
• Application Migration Support within Agile Sprints: Work closely with Agile teams to ensure IAM/PAM/IGA requirements are integrated into sprint planning, execution, and testing phases.
• Provide expertise on managing access controls and governance requirements in short sprint cycles, ensuring they align with migration milestones.
• Act as an advisor to development teams, ensuring that IAM/PAM/IGA practices are consistently implemented in each sprint and across each application migration.
• Risk Mitigation and Compliance: Ensure that access management processes adhere to regulatory requirements (e.g., SOX, GDPR) and industry standards, such as NIST and ISO.
• Conduct risk assessments specific to access management within the migration project, identifying vulnerabilities and implementing controls.
• Document IAM/PAM/IGA configurations and processes, providing reports to support audits and compliance verifications.
• Cross-Functional Collaboration and Training: Collaborate with cybersecurity, application, and infrastructure teams to align IAM/PAM/IGA solutions with broader security requirements.
• Train team members and stakeholders on IAM/PAM/IGA best practices, tools, and configurations specific to migration and Agile environments.
• Serve as a subject matter expert, offering guidance on IAM/PAM/IGA issues related to application migration projects and Agile sprint schedules.
• Continuous Improvement and Incident Management: Regularly evaluate IAM/PAM/IGA solutions to ensure they are up-to-date and capable of addressing new security risks and compliance needs.
• Respond to security incidents related to access management, working with incident response teams to mitigate impacts and prevent future occurrences.
• Support continuous improvement initiatives by refining access management policies and processes, leveraging lessons learned from previous sprints and migrations.

Required Skills and Qualifications:

• Bachelors degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Advanced certifications such as CISSP, CISM, CISA, or specific IAM/PAM/IGA certifications (e.g., CyberArk, SailPoint) are preferred.
• Minimum of 7-10 years of experience in IAM/PAM/IGA roles, with a strong focus on application migration and Agile sprint cycles.
• Technical Proficiency: In-depth knowledge of IAM/PAM/IGA tools (e.g., Okta, CyberArk, SailPoint, ForgeRock) and hands-on experience with implementing these tools in cloud and hybrid environments.
• Knowledge of Agile and DevOps: Experience working within Agile sprint cycles and knowledge of DevOps practices related to secure access management during application migration.
• Problem-Solving and Analytical Skills: Ability to assess security needs, identify risks, and recommend effective access management controls.
• Communication Skills: Strong communication skills for interacting with technical and non-technical stakeholders, conveying complex IAM/PAM/IGA concepts clearly.
• Attention to Detail: Precision in configuring and managing access controls to prevent unauthorized access and ensure compliance.