- Working with project & team managers and stakeholders to produce high quality and detailed identity and access management business requirements as they related to information security
- Develop and enforce policies for identity and access management (I&AM) team for claims based authentication
- Define the information security policy, standards and process/procedures as required for utilizing an identity management system including: role mining, attestation, account provisioning, cloud/federated access provisioning, and others.
- Develop security policies and procedures for Roles Based Access Controls in claims based architecture
- Develop security policies and procedures for claims based architecture for Active Directory and Sharepoint
- Actively participate in assessment, planning, architecture, and design activities
- Design, document, and implement security controls for Identity and Access Management
- BizTalk, UDDI, web services, and claims based authentication experience
- Design, document, and put security governance in place for external claims based authentication
Information Security Specialist is one of the broadest, catch all terms within system security. Information security specialist is usually the title organizations use when there are so many hats to wear that its a hat store.
The Information Security Specialist Position reminds me of that old In Living Colour Skit “Hey Mon”
And Information Security Specialist is an intrusion analyst, a security analyst, a system analyst, a system security analyst, an information assurance analyst and you document findings! It seems like a way to get you to do anything they tell you without pinning the position down.
If you want to get an idea of what this job entails you REALLY, REALLY have to read the job description. The best I can do is tell you what I have done and what I have seen others do while holing this title.
When I was in the USAF I was given title information security specialist and I was an assistant firewall administrator, configured and maintained the base intrusion detection system, wrote the base policy and was acting information system security officer. So basically, I did everything.
As a contractor, they had me doing system security engineering, information system security officer and Army Information Management Officer (unit help desk guy).