Identity & Access Security Consultant - LL6

Job Description

• Provide consultancy on IAM Best Practices (technical, governance & process) to different stakeholders/teams
• Overall responsibility for the development and maintenance of IAM policies and procedures, encompassing all human and non-human users.
• Delivery of the IAM service via our chosen software and service partners.
• Continuously improve the IAM process to enable the business.
• Provide accurate data analytics to ensure visibility of key metrics and use of this data (combined with audit procedures) to ensure least privilege of users and no toxic access.
• Identify IAM related risks and proactively work to ensure that these risks are identified, assessed and mitigated across the business
• Engagement and communication with stakeholders across JLR to ensure awareness of IAM policies and procedures
• Act as a point of escalation for any IAM alerts or issues which has been raised by other departments, or potentially from monitoring systems.
• Keep abreast of trends in information security and be able to propose proactive mitigation as appropriate

• IAM SME & Product Owner (part of the IAM Team)
• CISO and the wider Information & Cyber Security Leadership Team.
• Head of Enterprise, Data & Infrastructure & ED&I Leadership Team
• Head of IT Corporate Audit

Knowledge, Skills and Experience

Essential:

• Significant prior experience as a subject matter expert within Identity and Access Management, in particular deep technical knowledge of identity management within a Microsoft Environment (Windows Operating Systems & Active Directory), Linux based operating systems (desktop & server), Core infrastructure (network, databases).
• Significant knowledge of Identity and Access Management governance principles and best practices and experience in managing information security risk relating to identity.
• Knowledge of SAML / OAUTH protocols
• Experience of working and influencing cross-functionally and managing external agencies
• Good working knowledge of industry IT compliance standards, particularly in design and implementation
• Experience of relationship management of senior stakeholders
• Strong IT skills, able to analyse data for reporting purposes and follow work instruction
• Relevant degree or equivalent experience preferred

Desirable:

• Knowledge of identity and access management within a DevOps environment, including API Management platforms, containerisation and cloud platforms (Google / Azure / AWS).
• Knowledge and experience in Information Security Auditing Techniques
• Knowledge and experience in Managing Information Security for operational technology (e.g. PLCs, embedded systems in plant machinery)
• Knowledge and experience in Managing Information Security within a manufacturing organisation
• Have an understanding of the JLR business areas such as Suppliers and Retailers and how their systems work.

Personal Profile

Essential:

• An individual with a customer first mindset who is easy to do business with and makes people feel special, driven to deliver experiences that are personalised, transparent and dependable.
• An individual who is results driven, demonstrates, tenacity, drive and perseverance, with the ability to deliver in a complex, highly demanding environment.
• An individual with the ability to combine a short term, pragmatic focus with longer term planning
• An individual who is resilient, energetic and enthusiastic, able to deliver results under pressure, whilst responding constructively to challenging new ideas and inputs
• An individual who is able to challenge existing thinking in a positive way whilst building credibility and trust through experience and personal style
• A good communicator who can communicate complex ideas
• An effective team player, actively leads, develops and supports team members

Desirable:

• An individual who enables speed in decision making through establishing alignment, clarity, appropriate resources and sense of urgency whilst bringing others along