IS Analyst Data Security and Access Governance

Role : IS Analyst - Data Security and Access Governance
Location : Abu Dhabi

Role Purpose:

To Support Access Governance and Data Security Governance functions under Group Information Security Department. This role will be key in performing timely access reviews and data security assessments which will help in improving the security posture of the bank.

Key Accountabilities of the role

• Perform access reviews on Business application access infrastructure application access or any other special access provided to the users
• Ensure access governance policies are applied across the all the access provided for staffs across the organization including the business applications or infrastructure applications
• Perform ad-hoc access reviews on applications based on the identified risk escalations
• Review the application matrix for business departments and highlight any unauthorized access/risky access provided based on access management principle such as Least privilege principle and segregation of duties
• Coordinate with business units HR department and ICD for identifying the unauthorized access and taking necessary remediation actions
• Govern the privileged access provided to the staffs
• Perform assessment on exceptions to the approved access matrix and highlight any identified risks
• Govern the IDAM solution and ensure access governance policies on IDAM workflows
• Govern the PAM solution and ensure access governancepolicies on PAM workflows
• Support and contribute to bank wide data classification exercise for the entire bank
• Develop and maintain DLP policies rules and exceptions
• Periodic review of data protection policies
• Maintain the updated data registers and assist in implementing DLP rules for the completed data registers
• Create data flow maps from the data registers
• Timely KPI and KRI reporting related to data security and access governance
• Participate in the Information security programs and projects
• Support information security compliance assessments audits gap analyses and remediation related to data security and access governance
  

Specialist Skills / Technical Knowledge Required for this role:

• Knowledge about Identify and Access Management Solutions and methodologies
• Knowledge of privileged management solutions DLP solution preferably Forcepoint or Microsoft Purview
• Knowledge of Information security & control frameworks regulations international standards and best practices.
• Experience in managing policy exceptions including working directly with the teams to document exceptions identify compensating controls and remediation action plans.
• Work independently without detailed guidance.
• At least one Security Risk or IT certification held or in process (i.e. CISSP ITIL CISM ISO 27001 Security)
• Bachelors degree in computer science or information security from an accredited 4-year university (Masters degree preferred)