Search by job title or keyword
Identity and Access Management Specialist
Identity and Access Management Specialist
We’ve been reinventing shopping experiences for over a century. Technology has played a huge part in that, helping us transition from catalogues’ to pureplay online retail, but we’re not the finished article.
As the UK's largest integrated retail and financial services provider, we have a pretty unique position across three huge industries (retail, technology and credit) and our ambition is bold, to build the number one shopping destination for shoppers who value credit anywhere online. But we believe with our passion and track record for reinvention, we can improve how the world pays and shops for the things they love. Think you can help us? Read on...
Here you'll be responsible for the configuration, management of, and provision of Identity Access and Privilege User Access management (IAM, PUAM) processes and management strategies to maintain confidentiality, integrity, availability, and accountability, in order to protect company assets in line with applicable legislation, regulation and relevant best practice standards.
You'll have leadership in relation to access management matters and you'll work with the wider business functions and at all management levels to provide authoritative advice and guidance on the requirements for IAM/ PUAM security controls and best practices.
Here you can help implement the IAM/ PUAM strategy and governance activities across the Group, partners and third-party suppliers to ensure that IAM/ PUAM is relevant and cost-effective.
This role impacts on all areas of the Group, including: regulators, customers, all employees, 3rd parties and contractors. It involves being responsible for the implementation of new security defenses and the operation of existing in accordance with best practices and company policy.
In this role you'll interact and influence and provide Technical expert advice to a range of colleagues and stakeholders including:
Security Managers, Head of InfoSec and the wider information security team and linked I.T. departments.
The Group risk team, GLT and our Execs as required.
- An excellent broad understanding of the Information Security industry and specifically, a solid understanding of UK regulations and compliance.
- Experience of contributing and improving the Information Security agenda within a corporate organisation
- Good commercial knowledge with the ability to understand and integrate business and security strategies.
- Information Security and /or Information Technology industry qualification strongly preferred (such as CISSP or CISM) or equivalent time served
- Good understanding of networking concepts and enterprise IT systems including OS (Windows, Mac,*nix)
- Deep knowledge of Windows Active Directory and Linux identity management
- Experience with Identity management and privilege user access management in an enterprise environment
- Experience in the implementation and day to day running of IAM/ PUAM tooling
- Experience of cloud based IAM especially with AWS and Office 365
- Knowledge of MFA and its implementation would be advantageous.
- Knowledge of latest trends, technologies and threats
- Good technical understanding of development and operational platforms including the Cloud.
Day to day responsibilities:
- Leading, managing and developing IAM/ PUAM functions, and team members as assigned to your supervision by the Security Manager.
- Ensuring the business is compliant with all issues relating to IAM/ PUAM including legal and regulatory changes affecting UK financial services and engaging in professional development to maintain professional skills and knowledge essential to the position.
- Support the wider information security team as required
Policy & security architecture:
- Reviewing, updating and delivering the group wide Identity management framework and maintaining and improving the identity management policy and associated standards and guidelines.
- Protection of the group’s assets (people, physical, informational and IT systems) from identified risk by implementing and gaining assurance on appropriate security controls.
- Work with other stakeholders to identify new tooling to simplify and automate the IAM process.
Identity and access management:
- Design and maintains effective processes for the governance of access control.
- Develops the Joiners, leavers, movers process working with all stakeholders to ensure it is fit for purpose and complies with all regulatory and policy obligations.
- Give expert advice to all areas of the business around access management.
- Be a single point of contact for all identity issues.
- Develop meaningful KPI and report against these.
- Work with Security Consultants and agile teams to ensure IAM best practices are adhered to.
Security incident response & investigations:
- Assist the Security Incident Response team.
- Contribute to investigations, analysis and reviews following actual or alleged breaches of security controls, threats to the business, and manages security incidents.
- Prepares recommendations for appropriate control improvements, involving other teams as required.
- Works with IT, Legal and Fraud teams to provide investigation support.
Governance, Risk & Compliance:
- Conducts and reports on IT and Information Security policy assurance especially in the area of IAM/ PUAM.
- Assists in continuous group wide threat assessments to identify and report on risk appetite position.
- Identifies, tracks and reports IT and Information Security risk and mitigating options around IAM/ PUAM.
- Generous and competitive starting salary
- Regular salary reviews and career progression
- Flexible benefits allowance £1,000 (can take a part as salary uplift)
- Bonus up to 14%
- Matched pension at 6%
- 1x Life Assurance / Private Medical
- Brand discount up to 25%
- Cycle to work scheme
- 30 days holiday + bank holidays
- Free on-site parking *subject to post code
- Free on-site gym
- Discounted coffee houses and food outlets
- Flexible working*
How to apply.
If you're interested to find out more please contact Steven Williams in the talent acquisition team at The Very Group or apply online.
If you are an internal candidate looking to refer someone in please follow the referrals process and guidelines
Please note that the talent acquisition team are managing this vacancy directly, and if successful in securing this position, you may be required to undertake a credit, CIFAS and CRB check.
We're an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.