Short Description:
Contract resource with senior Information Security Analyst skillset, with focus on Identity and Access Management (I&AM), risk analysis, and information security policy, standards and procedure development.
Complete Description:
The Department of Transportation is seeking a short-term contractor to implement and maintain information security best practices within the NCDOT environment related to Identity and Access Management (I&AM) as well as other information security risk assessments, analysis and consultation for various IT systems. Identity and Access Management (I&AM) is responsible for designing, developing and supporting a suite of agency wide shared services that primarily focus on identity, authentication, authorization, request management, provisioning, and certification. The staff is part of the IT Information Security Office (ISO), with end-to-end responsibility for the agency-wide information security policy and standards. The candidate should be an information security analyst with extensive information security operational experience, that also understands enterprise architecture, policy, standards and procedure and can consult with support, implementation and architecture teams.
Responsibilities will include:
- Working with project & team managers and stakeholders to produce high quality and detailed identity and access management business requirements as they related to information security
- Develop and enforce policies for identity and access management (I&AM) team for claims based authentication
- Define the information security policy, standards and process/procedures as required for utilizing an identity management system including: role mining, attestation, account provisioning, cloud/federated access provisioning, and others.
- Develop security policies and procedures for Roles Based Access Controls in claims based architecture
- Develop security policies and procedures for claims based architecture for Active Directory and Sharepoint
- Actively participate in assessment, planning, architecture, and design activities
- Design, document, and implement security controls for Identity and Access Management
- BizTalk, UDDI, web services, and claims based authentication experience
- Design, document, and put security governance in place for external claims based authentication
The position will be responsible for documentation of security standards, security patterns, processes and procedures related to securing of web services and interoperability of all systems for the 3C and Data Services project. The individual will educate application development teams on those standards and processes from an information security perspective.