Sr. Privilege Access Management (PAM) Engineer

Sr. Privilege Access Management (PAM) Engineer

Our Team:

At BNY Mellon, Cyber Security is a top priority for both technology and the business

Our Information Security Division is on constant alert using their creativity and knowledge of cybersecurity, technology, and business processes to develop and deliver solutions. In this fast-paced environment, we collaborate to respond to current risks while identifying and anticipating future threats.

Our cyber capabilities encompass the full spectrum of services from Cyber Operations (SOC, Cyber Threat Intelligence, Vulnerability Management, Cyber Incident Response, Penetration Testing & Red Teaming, Cyber Analytics & Fraud, and Insider threat) to Cyber Architecture and Engineering (Network, Platform, Cloud, and Applications Security).

We provide a robust set of cyber services that provide full scope protection and response capabilities across the BNY Mellon enterprise.

We drive an understanding of cybersecurity risk and the steps that must be taken to create and maintain a secure environment that drives innovation

The Role:

As the Sr. Privilege Access Management (PAM) Engineer you will need to provide technical expertise for the PAM Engineering team, establish and document policies, procedures, and guidelines related to the user and system access. You will be responsible for r esolving technical issues in the PAM Platform through problem tracking, diagnosis and root-cause analysis, replication, troubleshooting, and resolution for moderately complex issues.

Key Responsbilities:

• You will be responsible for developing and delivering cross-training activities and encourages a knowledge-sharing environment both within and outside the department
• Proactively identify process improvement areas and lead process improvement initiatives
• Ensure PAM tools and processes adhere to IAM governance and compliance policies
• You will need to develop and track key performance / risk indicators (KPI /KRI ) that demonstrate the current PAM platform state and any associated risk indicators
• Analyze existing and potential new PAM tools and technologies to enhance and improve processes
• Ensure that proper security settings are applied to reflect the model of least privilege
• Understand all PAM functions including but not limited to user entitlement reviews, service account life cycle management, environment hygiene, vaulting, breakglass, and conflicting combinations
• Analyze, define, and prioritize the business and functional requirements for PAM initiatives
• You will need to provide governance for the lifecycle and workflow for all enterprise Privileged accounts
• Assist with providing requirements for PAM governance that enforces applicable organization security policies and standards
• Identify control gaps and coordinate resolution
• Identify improvement opportunities in IAM/PAM governance to increase operational effectiveness and improving the bank's risk posture
• Assist in the definition of cross platform information security and/or identity management policies and procedures
• The candidate will need to serve as a contributor on departmental standard operating, procedures, processes and guidelines
• Create and maintain documentation as it relates to PAM platforms, design, configuration, support, and processes
• Performs other related duties and participates in special projects as assigned
• The individual must have a proven track record in delivering identity solutions that are functional, secure, scalable, and reliable
• As a member of a small team in a fast-paced environment, this role will require both strong intellectual agility and hands-on technical skills
• You will need to demonstrate an understanding of Least privilege and Just In Time concepts
• Extensive knowledge and hands on experience of Hitachi ID (HiPAM) and other PAM systems (e.g. CyberArk)
• Knowledge of LDAP/Active Directory, and relevant IT architecture experience
• Knowledge of relational databases (MS SQL Server, Oracle, etc.)
• Understanding of Cloud platforms such as: AWS, Azure, GCP
• Familiarity with identity and access management (IAM) concepts, such as identify lifecycle management, password policies, least privilege, Zero Trust, etc.
• Strong understanding with privileged access management controls
• Experience with designing, implementing, and maintaining an enterprise level Identity Access
• Strong interpersonal and communication skills with good stakeholder engagements

Qualifications:

• 10-12 years of experience in information security including IAM and PAM technology
• Minimum 8 years' experience as an Identity Engineer or similar role
• Bachelor's or master's degree in computer science or a related discipline, or equivalent work experience required