£50000.00 - £63500.00 per annum
22 days ago
Identity & Access Management Manager
Salary: £63,500 + Benefits
The UKMU Identity & Access Management Manager is responsible for establishing, implementing, managing a robust end-to-end Identity and Access Management capability across the UKMU Application estate and supporting systems to protect the availability, confidentiality and integrity of UK staff, Customers and Partners with access to UKMU systems.
This role is responsible for ensuring that the appropriate security tools, data, processes and people are in place and operating as required to identify, protect, detect, respond and recover the applications and information assets across UKMU.
The UKMU Identity & Access Management Manager is a key member of the Information Security Management Team and reports into the Director of Information Security and IT Governance (UK).
*Develop, implement and manage the deployment of a robust Identity & Access Management capability across the UKMU Applications and supporting systems
*Develop, implement and manage the deployment of effective processes for Provisioning and De-provisioning access for the UKMU Applications and supporting systems in line with Enterprise Security Policy and Standards.
*Establish, implement and manage robust processes to govern the Identification, Authentication, Authorisation and Non-repudiation for access to the UKMU Application estate and supporting systems in line with Enterprise Security Policy and Standards.
*Establish, implement and manage robust processes to govern the allocation of entitlements, permissions, roles, roles, shared drives, etc. for access to the UKMU Application estate and supporting systems in line with Enterprise Security Policy and Standards
*Plan, implement and manage a schedule for conducting regular recertification and reviews of access right processes to validate the access staff and partner possess to the UKMU Applications and supporting systems in line with Enterprise Security Policy and Standards.
*Ensure the UKMU IT Asset and Risk registers are updated accordingly with identified weaknesses and track their action plans accordingly.
*Embed applicable Enterprise Security Policies, Standards, Tools and Processes to automate and optimise the performance of the Identity & Access Management function.
*Develop key performance indicators across the security function, report on progress and promote a culture of continuous improvement.
*Develop and manage relationships with strategic third party Information Security suppliers, partners and industry forums
*Ensure efficient and cost effective operation of applications security activities within agreed budgets.
*The job holder is responsible for establishing and implementing the Identity & Access Management function across the UK Businesses (UK Insurance, Care Services, Health Services and Dental) of which there are approximately 35,000 staff.
*Overall accountability and responsibility for maintaining and protecting the confidentiality and integrity of the UK MU's 400 application portfolio that process and store staff, customer and supplier data of which there is circa 8-10M records.
*The role has line management responsibility for the Identity & Access Management team, and a matrix of partner resources of circa 20 people.
*The investment in security transformation is around £10m per annum and the role has management oversight of an annual spend of around £40m with internal and external IT partners
*UK operates in a highly regulated environment (FCA, PRA, ICO, GDPR, CQC, PCIDSS, etc.) where IT Governance and Information Security is of strategic and commercial importance to and underpins every business operation. Loss or compromise of data and information as a consequence of a cyber attack and or poorly managed IT security could lead to significant and adverse impact both from a financial (£millions from fines, lawsuits, etc.) as well as reputation (poor and loss of customer confidence, regulatory sanctions, etc.), affecting the whole organisation.
*The role will have a significant impact on operating cost base.
*Recruit, motivate, develop and line manage a team of security specialists who will provide the Identity & Access Management capabilities to the UK MU.
*Identify and select security tools and services as required to deliver a robust, fit for purpose, secure Identity & Access Management capabilities to support and protect the UKMU business operations.
*Contribute to the development and implementation of security governance in IT, ensuring Identity & Access Management principles are applied during design and into business as usual processes to reduce risk, drive adoption and adherence to policies, standards and guidelines.
*Represent UK IT on global information security agenda.
*Work with technical and solution architects to provide expert security consultancy to IT projects in line with the Security by Design framework contributing to and reviewing project documentation as necessary.
Qualifications and Training:
*Ideally, a technical degree and /or industry recognised qualification and demosntrable experience in Information Security Management (e.g. CISSP, CISM, or GIAC Certification).
*A sound understanding of British and International Security Standards (e.g. ISO/IEC 27001, ISO/IEC 27002, NIST, CSC20, PCIDSS) relevant UK and EU privacy legislation (especially Data Protection Act 1998 and EU GDPR) and the UK regulatory environment (e.g. ICO, FCA, PRA and CQC).
*Able to demonstrate a professional and credible image.
*Strong interpersonal, communication and influencing skills with the confidence and ability to operate effectively at all levels including Senior Management and external customers.
If you are interested in this role, can recommend anyone, or require further information please do not hesitate to contact Drew Derry on 01932 83 7792 or via email on