Key Accountabilities and Responsibilities
- Provide consultancy on IAM Best Practices (technical, governance & process) to different stakeholders/teams
- Overall responsibility for the development and maintenance of IAM policies and procedures, encompassing all human and non-human users.
- Delivery of the IAM service via our chosen software and service partners.
- Continuously improve the IAM process to enable the business.
- Provide accurate data analytics to ensure visibility of key metrics and use of this data (combined with audit procedures) to ensure least privilege of users and no toxic access.
- Identify IAM related risks and proactively work to ensure that these risks are identified, assessed and mitigated across the business
- Engagement and communication with stakeholders across JLR to ensure awareness of IAM policies and procedures
- Act as a point of escalation for any IAM alerts or issues which has been raised by other departments, or potentially from monitoring systems.
- Keep abreast of trends in information security and be able to propose proactive mitigation as appropriate
Key Interactions
- IAM SME & Product Owner (part of the IAM Team)
- CISO and the wider Information & Cyber Security Leadership Team.
- Head of Enterprise, Data & Infrastructure & ED&I Leadership Team
- Head of IT Corporate Audit
Knowledge, Skills and Experience
Essential:
- Significant prior experience as a subject matter expert within Identity and Access Management, in particular deep technical knowledge of identity management within a Microsoft Environment (Windows Operating Systems & Active Directory), Linux based operating systems (desktop & server), Core infrastructure (network, databases).
- Significant knowledge of Identity and Access Management governance principles and best practices and experience in managing information security risk relating to identity.
- Knowledge of SAML / OAUTH protocols
- Experience of working and influencing cross-functionally and managing external agencies
- Good working knowledge of industry IT compliance standards, particularly in design and implementation
- Experience of relationship management of senior stakeholders
- Strong IT skills, able to analyse data for reporting purposes and follow work instruction
- Relevant degree or equivalent experience preferred
Desirable:
- Knowledge of identity and access management within a DevOps environment, including API Management platforms, containerisation and cloud platforms (Google / Azure / AWS).
- Knowledge and experience in Information Security Auditing Techniques
- Knowledge and experience in Managing Information Security for operational technology (e.g. PLCs, embedded systems in plant machinery)
- Knowledge and experience in Managing Information Security within a manufacturing organisation
- Have an understanding of the JLR business areas such as Suppliers and Retailers and how their systems work.
Personal Profile
Essential:
- An individual with a customer first mindset who is easy to do business with and makes people feel special, driven to deliver experiences that are personalised, transparent and dependable.
- An individual who is results driven, demonstrates, tenacity, drive and perseverance, with the ability to deliver in a complex, highly demanding environment.
- An individual with the ability to combine a short term, pragmatic focus with longer term planning
- An individual who is resilient, energetic and enthusiastic, able to deliver results under pressure, whilst responding constructively to challenging new ideas and inputs
- An individual who is able to challenge existing thinking in a positive way whilst building credibility and trust through experience and personal style
- A good communicator who can communicate complex ideas
- An effective team player, actively leads, develops and supports team members
Desirable:
- An individual who enables speed in decision making through establishing alignment, clarity, appropriate resources and sense of urgency whilst bringing others along
