MetLife

Position Summary

 The team performs the MetLife’s User Access Certification by running campaign as per certification cycle due on Access Central tool. Compliant to IT Risk and Security by providing access to users limited to their job profile. Participate in SOX/ SAS 70 audits for artifacts validation and clearance. Manage and answer emails received in the mailbox related to all Governance activities run under IAM and access Central Tool navigation.

 * Testing of users and entitlements across all the applications used in MetLife
 * Participate in SOX/ SSAE18/ SOC2 audits for artifacts validation and clearance
 * Segregate users of these applications into various risk categories
 * Certify their access for appropriateness For Audit 
 * Create Segregation of Duties (SOD) Matrix for each application
 * Deleting users with inappropriate access from the application
 * Performing check on all the terminated users and their access to various applications
 * Perform testing across all platforms/ infrastructures and for Brighthouse and DXC users

 Job Responsibilities

 * Responsible for gathering correct information from application owner / contact to create security profile for the application used in MetLife
 * Conducting meetings to achieve the requirement for Global Governance Review
 * Prepare and upload the certification workbook on Access Central and send email to certifying managers for user certification decisions ( Keep / Delete )
 * Creation of Segregation of Duties (SOD) matrix post receiving certification decisions from certifying managers 
 * Identification of system, functional and duplicate accounts in the application and perform certification campaign for their certification 
 * Timely follow up with the certifying managers to provide certification decision in time to avoid revocation of access
 * Prepare and share Evidence Summary File with the application owner and seek approval if deemed appropriate before the campaign ends
 * Open and keep track of archer finding for greater than read access users in the application

 Knowledge, Skills and Abilities

 Education

 * IT Graduate 
 * IT Risk and Security knowledge 
 * MS Office

Experience

 * ·       3 years of Experience of IT Risk & Security Audit & Compliance 
 * ·       Hands on work experience in User Entitlement Certifications

 * Must process problem solving, planning, and analytical skills to drive continuous improvements

 Knowledge and skills (general and technical)

 * ·       Thorough knowledge of User Entitlement and Certifications
 * ·       Exposure to IT Archer Findings 
 * ·       Exposure to Active Directory Console and Quest
 * ·       Exposure to enterprise share-point 
 * ·       Intermediate MS Office skills

Other Requirements (licenses, certifications, specialized training - if required)

 * Certified Identity Management Professional (CIMP) preferred
 * Cloud Identity and Access Manager (CIAM) Certification desirable

 Working Relationships

Internal Contacts

(and  purpose of relationship):

 * All Internal GOSC Stake Holders

 External Contacts 

 (and purpose of relationship) - If Applicable

 * Stateside Client/ Engineers from different regional Security teams (Such as Country/Regional Head for Monitoring/Containment)