Senior Identity and Access Management (IAM) Analyst

The Company

Common Securitization Solutions (CSS) is seeking an experienced Senior Identity and Access Management (IAM) Analyst to join our team of talented professionals.This position is being offered as full-time remote.

Common Securitization Solutions (CSS) is a joint venture owned by Fannie Mae and Freddie Mac representing the largest and most efficient securitization service in the world. Through the use of advanced technology, CSS created the Common Securitization Platform (CSP) which serves as the resilient engine for our securitization administration business activities. CSS is an indispensable business partner creating profound value for Fannie Mae and Freddie Mac by managing the issuance of their Uniform Mortgage Backed Security (UMBS) and complex REMIC securitization structures. CSS manages the disclosure process for new and ongoing securitization issuance, the deal modeling and analysis of complex securitization frameworks, bond administration activities and tax preparation and reporting.

Today CSS manages over 1 million securities backed by 27 million mortgage loans for approximately $5 trillion in outstanding principal balances. As an entrepreneurial, forward thinking enterprise, CSS brings together a confluence of industry leading talent and business science in a technology enabled, client focused team approach to create solutions that permit our clients to capitalize upon market opportunities, and/or address internal business, operations and technological challenges in an expeditious and effective manner.

CSS prides itself on its ability to attract industry leading talent from a variety of diverse business sectors including global capital markets, technology, business sciences, operations, risk and compliance, and finance. We work together as “one team” with an intense sense of community, innovation and creativity as we create and deliver value for our clients.

Job Information

We are looking for an Identity and Access Management (IAM) Senior Analyst to help the Identity and Access Management program at CSS align with new technology and new business goals. The primary area of responsibility will be supporting the CSS Identity and Access Management program, both in the cloud and at several remote locations by executing controls and leading efforts to improve them. The individual will ensure identity and access management controls in CSS are effective in their operation and will identify control improvements that reduce risks and increase efficiency.

Individual should be detail oriented, thorough in executing IAM operational processes across a multitude of systems including MS Active Directory Domain Services, Azure AD, Office 365, AWS IAM, other AWS resources and SaaS applications. The selected individual will have demonstrated the ability to collaborate with a variety of teams in all areas of an organization in order to achieve objectives. Individual will be responsible for accurately documenting and maintaining operational and business continuity procedures

Key Job Functions

• Monitor, facilitate and operate all identity and access lifecycle management controls.
• Familiarity with implementing and operating NIST 800-53 Rev4 controls to achieve IAM goals in AWS, for applications in running in AWS and for SaaS and other services.
• Manage, report, and facilitate certification of access for all in-scope resources (including SaaS, AWS, Azure, CSS managed applications, tools, and systems).
• Operate directory-based provisioning system based on MS Active Directory Domain Services, Azure Active Directory and AWS IAM Services.
• Manage end user accounts, user access groups and entitlements using applicable tools and applications.
• Manage changes to accounts (user and system), user access groups and entitlements and ownerships based on requests.
• Ensure privileged identity lifecycle management tools are properly used and processes are followed.
• Continuously monitor all CSS identity and access management controls for effective operation.
• Provision CSS user access to SaaS cloud-based services when required based on business needs.
• Meet internal audit and third-party assessment teams in order to respond to their requests to walk through control processes and to gather and present evidence of control operation.
• Review and analyze the production readiness of technology components and provide IAM governance support and coordination on projects.
• Improve IAM operations efficiencies, accuracy, and compliance by investigating and solving control issues with a focus on automation.
• Participate in Cyber Security Incident Response Processes, incident investigations and audit reporting requests.
• Support a 24/7 coverage schedule when needed as part of a rotation including weekends.
• Assess and leads IAM readiness in the development and support of the Disaster Recovery Management Plan while participating and supporting Disaster Recovery exercises.
• Develop, maintain, and enhance IAM strategies, policies, standards, and guidelines. With a customer-centric approach communicate broadly and consistently with stakeholders.

Education

• BS degree or equivalent experience in an IT related field

Minimum Experience

• Minimum of 5 years’ experience in Identity and Access Lifecycle Management Operations and Controls.
• Minimum of 2 years’ experience supporting and operating AWS IAM Services (Access Management, Roles, Policies and Access Reporting)
• Minimum of 2 years’ experience supporting MS Active Directory Domain Services, Azure Active Directory, ADFS and Active Directory Connect.
• Minimum of 1-2 years’ experience supporting Privileged Identity Management Tools (Thycotic, AWS SS, and others)
• Minimum of 1-2 years’ experience in scripting (PowerShell, JSON, and Python etc.).
• Experience with operating controls aligned with ISO 27001/2, FISMA or National Institute of Standards and Technology (NIST) 800-53 Rev4 guidelines is essential.
• Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. CSS does not offer H-1B sponsorship for this position.

Specialized Knowledge & Skills

• Candidate will be part of on call rotation for after hours and weekend support.
• Candidate should have a working knowledge of common OS and domain structures, servers, services, and their use of directory services.
• Experience with DR/BCP planning for IAM services desired
• Candidate should have experience with Windows, Linux, Red Hat, etc. hosts, operating systems and applications.
• Candidate should have a solid understanding of information security policies, standards, and industry leading practices.
• Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals and initiatives
• Ability to manage multiple priorities – projects, deliverables, and stakeholders
• Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives
• Willingness to learn new technology, tools and create new processes to meet control objectives.
• CISSP, CISA, Microsoft, AWS certifications or equivalent designation desired.
• Hands on experience with Oracle and SQL Server is a plus
• Experience using IGA/IAM and PIM tools is a plus.
• Experience with operating controls aligned with ISO 27001/2, FISMA or National Institute of Standards and Technology (NIST) 800-53 Rev4 guidelines is essential.
• Secondary mortgage market or equivalent financial services experience is a plus.

Employment

As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to pass a pre-employment drug screen and to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.

Common Securitization Solutions is an Equal Opportunity Employer.

INDHP