Senior Information Security Business Analyst

Company Description:

As a leading global investment management firm, AB fosters diverse perspectives and embraces innovation to help our clients navigate the uncertainty of capital markets. Through high-quality research and diversified investment services, we serve institutions, individuals and private wealth clients in major markets worldwide. Our ambition is simple: to be our clients' most valued asset-management partner.

With over 4,400 employees across 51 locations in 25 countries, our people are our advantage. We foster a culture of intellectual curiosity and collaboration to create an environment where everyone can thrive and do their best work. Whether you're producing thought-provoking research, identifying compelling investment opportunities, infusing new technologies into our business or providing thoughtful advice to clients, we're looking for unique voices to help lead us forward. If you're ready to challenge your limits and build your future, join us.

IT Group Description:

The Infrastructure Risk Management (IRM) is a department within Global Technology and Operations that operates an enterprise-wide integrated infrastructure risk management program which employs a holistic approach to manage cybersecurity, information security, data privacy, physical security and business continuity led by the Chief Security Officer.

IT Job Description:

We are seeking a Nashville based Senior Information Security Business Analyst to join our Infrastructure Risk Management team in Global Technology & Operations.

Describe the role:

The Senior Information Security Business Analyst is a key enterprise role, reporting directly to the Chief Information Security Officer, for AllianceBernstein helping advance the provisioning of enhancements and automation required to support the firm's identity and access management program used to operate and govern access control and information barriers.

Describe the applications and business or enterprise functions the role supports:

The senior security business analyst will work with corporate IT, compliance assurance, global security operations, IRM functions' leadership and other business units.

The key job responsibilities include, but are not limited to:

• The subject matter expert for integrating application accounts and entitlements into the firm's central entitlements management system used to certify application access. The role is essential in streamlining and simplifying the application integration practices.
• Identification of enhancements required to support identity and access management and advance the operation and governance (i.e., audit, compliance, entitlement re-certifications) of access controls.
• Handle intake of new/modified application integrations, collecting necessary data for the development team to execute, and coordinating testing for certification. Certification process working with diverse technical teams to ensure access reporting for each resource meets AB's central security standards.
• Enable continuous process of identifying and securing open access to sensitive AB corporate, client and employee data (e.g., personally identifiable information, intellectual property).
• Assist in production of staff file access and handling reports in support of internal investigations commissioned by Legal & Compliance and Human Capital.
• Maintain the JIRA issue tracking instance used to log and track cybersecurity, information security, corporate security, and data privacy internal investigations and incidents.
• Assist with changes to entitlements that are complex in nature and request-management support during potential high-volume processing of access requests (e.g., application access, folder access).
• Partner with Corporate Technology, ServiceNow teams on workflow certification for applications and systems integrations.
• Collaborate with internal teams such as Governance, Architecture and Information Security to ensure application, integration and system level functionality compliance into identity management system.
• Provide and maintain due-diligence responses for questionnaires from internal and external inquiries regarding the four IRM domains, for review and approval by the CSO
• Consolidate, track and report on aligned metrics, KPIs for the IRM program to the CSO.

What makes this role unique or interesting (if applicable)?

• This is a role for someone that likes to work across teams, roll up their sleeves to develop and maintain good processes, work with technology, is analytical with foundational knowledge in information security, show pride in process, data and deliverables produced and of course have fun in a global company.

What is the professional development value of this role, i.e., what learning and professional growth does the role offer the candidate?

• This role will provide the successful candidate future growth opportunities within IRM department and the broader GTO organization as their business acumen, tech skills and experience develop within AB's technology and operations areas.

Job Qualifications (The ideal candidate should have the following):

• Experience working on application integration with identity governance or provisioning systems
• Excellent problem-solving and decision-making skills
• Ability to communicate clearly to several levels of management (including executive management), across various business units in the organization
• Ability to represent data in meaningful graphical form
• Excellent verbal and written communication skills. Ability to cater communication to a wide range of technical, clinical, and cultural backgrounds
• General understanding of Security Compliance, Risk Management, and Information Security principles
• Able to think and operate independently with limited guidance

Qualifications, Experience, Education:

• Excellent program management, prioritization, and organizational skills
• 3 to 5 years of relevant experience as a business analyst (or similar role) supporting company information security departments

Skills:

• Experience working with and managing JIRA or similar platforms
• Experience working with and managing Varonis DatAdvantage or similar platforms
• Experience creating, collecting, and assembling metrics for reporting
• Familiarity and some experience with ServiceNow workflows
• Experience working with on-prem and Cloud technology platforms and applications

Special Knowledge (if applicable):

• Experience with global security and privacy standards and regulations such as ISO 27001, NIST CSF, GDPR or CCPA
• Degree in IT, data analytics, information security or similar
• Industry certifications in information security field is a plus

Nashville, Tennessee