EBRD - European Bank for Reconstruction and Development

EBRD London

Requisition ID

32764

Office Country

United Kingdom

Office City

London

Division

Information Technology

Contract Type

Fixed Term

Contract Length

3 years

Posting End Date

Purpose of Job

The Principal Identity & Access (IAM) Management is responsible for ensuring the process, people, partners and tooling are designed, implemented, operated and governed for Identity & Access management for all IT Services at the EBRD.

Accountabilities & Responsibilties

  • In conjunction with the Bank IT Architecture the role is responsible for the IAM Technology strategy and roadmap – both in its own right, and ensuring IAM standards are implemented in new technologies.
  • Works with Information Security, Information Governance, IT Risk, Operational Risk, Internal Audit in developing, operating, reviewing the Internal Control Framework in respect to those related to Identity.
  • Accountable for the definition & consolidation of the work flow, process, tooling of User & Privileged Access including Role Based Access Control, common User Profile, Segregation of Duties, Toxic Combinations.
  • Acts as the design authority & provides advisory services for Identity as part of the implementation and operation of all EBRD technologies.
  • Accountable for the strategy, operation and improvement of core Identity & Privileged access management technology (e.g. MS Authentication, RSA, Okta, BeyondTrust)
  • Accountable for the correct provision of access to EBRD users and IT users.
  • Accountable for using IAM to reduce friction and enable colleagues to access IT Services more efficiently, effectively and securely.
  • Accountable for the approach and delivery of Single Sign On, Multi Factor Authentication, IDaaS, Cloud Federation, Identity Analytics, Credential Management, Public Key Infrastructure
  • Support the Bank in delivering ISO27001, Cyber Essentials+ and seeking to increase the adoption of other Standards or Accreditations that increase the maturity of our IAM service
  • Accountable for the operation of specific IAM controls inc. Quarterly Access Review
  • Act as the EBRD SME for IAM best practices, tools, technologies and stays abreast of changing market approaches.
  • Working alongside the Architecture team, this role will provide technical advisory services to projects.
  • Be the product and domain knowledge expert in Identity and Access Management solutions to the bank and our internal customers
  • Work with our suppliers to gather and document requirements for their IAM solution, including running requirements gathering workshops
  • Working with the supplier Architects to review and approve Solution Designs and Specifications
  • Provide oversight and co-ordination of the implementation of any / all new IAM solutions including acting as the Banks escalation point for any issues
  • Provide assistance with technical solution design running proof of concept’s or approving solution proposals
  • Accountable for policy and standards definition
  • Ensure suppliers carry out post implementation activities such as technical training for the customer’s support teams and technical resources, following up on support issues and warranty

  • Working with auditors to monitor compliance objectives

Knowledge, Skills, Experience & Qualifications

  • Good understanding of ITIL framework and all associated ITIL processes
  • Significant experience in Security principles, including: Role Based Access Control, Segregation of Duties, Least Privilege, Information Owners, Authorisation and Authentication, Multifactor Authentication, Conditional Access, and Auditing.
  • In depth knowledge of Active Directory, Azure AD, Microsoft Authenticator, ADFS and synchronisation Services
  • Experience of managing 3rd parties and 3rd party delivered services
  • Extensive experience in the field of Identity and Access Management
  • Experience of directing a minimum of three end to end IAM / PAM projects
  • “Hands on” experience in assisting in development of Requirements, Strategy and Roadmap
  • Experience of supporting and inputting into Solution Design
  • Foundational understanding of SAP (ie ECC, CRM, SRM, BI, etc.)
  • In-depth understanding of Role Based Access Control , Attribute Based Access Control
  • Knowledge of vendor security models, such as SAP and ServiceNow
  • Hands on experience in Identity and Access Management implementation and worked on products like Saviynt / Sailpoint (example)
  • Understanding of Azure cloud deployments, including Azure Security Centre and Azure AD security
  • Experience on Privilege Access Management and worked on products like CyberArk / Beyond Trust
  • Good understanding of overall security architecture
  • Formal security qualifications such as CISSP beneficial
  • Knowledge of Microsoft PowerShell and associated modules to facilitate additional functionality and enhancements in support of Business requirements

What is it like to work at the EBRD?

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people’s lives and help shape the future of the regions we invest in.

The EBRD environment provides you with:

  • Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
  • A working culture that embraces inclusion and celebrates diversity;
  • An environment that places sustainability, equality and digital transformation at the heart of what we do.

Diversity is one of the Bank’s core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.

Tags: active directory, advisory services, architect, information security, information technology, internal audit, new technologies, powershell, technical training