Mainframe Security Lead (RACF / RBAC Decoupling)

Job Description – Mainframe Security Lead (RACF / RBAC Decoupling)

Location: Pune / Noida / Bangalore (Hybrid)

Experience: 8–14 Years

Employment Type: Full-Time

Role Summary

We are seeking an experienced Mainframe Security Lead to drive the decoupling of legacy RACF-based access controls and enable the transition to a modern RBAC-driven access model.

The role focuses on analysing and restructuring mainframe security, translating legacy access constructs into enterprise RBAC models, and leading controlled transition of provisioning ownership from mainframe systems to centralised platforms.

Key Responsibilities (High-Level)

• Lead detailed discovery and analysis of RACF/mainframe security profiles, including users, groups, datasets, and access structures.
• Analyse and document existing access patterns and security constructs to support RBAC design.
• Define mapping strategies to convert RACF constructs into role-based access models.
• Design RBAC roles for Active Directory-integrated applications using defined automation frameworks (e.g., LogiPlex or similar).
• Design RBAC roles for enterprise applications such as Cognos and Oracle EBS aligned to mainframe security logic.
• Replicate and validate mainframe access constructs in the target RBAC model to ensure functional equivalence.
• Drive transition of provisioning ownership by disabling legacy mainframe-driven provisioning mechanisms.
• Plan and execute controlled decoupling and production cutover, with validation checkpoints and stakeholder sign-offs.
• Define validation and reconciliation strategies to ensure accuracy of access migration.
• Collaborate with downstream application, AD, and platform teams to ensure smooth access transition.
• Contribute to reusable patterns, frameworks, and best practices for mainframe decoupling initiatives.

Technical Skills & Experience

Core (Mandatory):

• Strong hands-on experience in mainframe security, including:
• RACF (Resource Access Control Facility)
• z/OS security architecture and access controls
• Proven experience in analysing and restructuring legacy access models
• Experience in mapping security constructs (users, groups, permissions) into structured RBAC models
• Strong understanding of mainframe provisioning mechanisms and security administration
• Experience working with enterprise applications such as:
• Active Directory
• Cognos
• Oracle E-Business Suite (EBS)
• Experience in large-scale system transformation or legacy decoupling programs

Good to Have:

• Exposure to Identity and Access Management (IAM) concepts:
• RBAC modelling
• Identity lifecycle management
• Access governance
• Familiarity with IAM tools such as SailPoint IdentityIQ (IIQ) or similar platforms

Testing & Cutover Responsibilities

• Define and drive system integration testing (SIT) and user acceptance testing (UAT) for RBAC implementations
• Validate access mapping accuracy between RACF and target RBAC models
• Support regression testing for impacted systems
• Lead controlled production cutover, including validation, tracking, and final approvals

Soft Skills

• Strong stakeholder management and communication skills
• Ability to lead discovery sessions and design workshops
• Strong analytical and problem-solving abilities
• Ability to coordinate across mainframe, application, and enterprise platform teams
• Experience working in global, cross-functional environments

Preferred Certifications

• RACF / Mainframe Security certifications
• IAM / SailPoint certification (good to have)

Working Model

• Hybrid work model
• Locations: Pune / Noida / Bangalore
• Flexibility to work with global teams and stakeholders