Job Description

The Senior Tech Lead - Information Security is part of a team that establishes, supports, and continuously improves the enterprise information security policies, practices, and standards. This role will participate in on-going operational activities that serve to establish appropriate access to and provide the appropriate protection, confidentiality, integrity and availability of enterprise systems and data through effective security controls. This role is also responsible for validating compliance with policies and standards that keep Ameriprise applications and infrastructure safe and secure from vulnerabilities.Key Responsibilities

• Information Security Governance
• Identity & Access Governance
• Policy/Procedure Management and Enforcement
• Reporting/Metrics
• Provide timely and effective operational support for the firm\'s information security tools, processes and practices in the Identity and Access space. Use standard technology monitoring tools to monitor assigned environments and/or technical assets and identify/detect behavior outside of established standards. Escalate key security issues to the appropriate team to be addressed. Assist with security assurance testing activities.
• Monitor compliance with information security and identity policies and practices and any applicable laws. Assist with internal and external security risk assessments, risk analysis and application or system-level access reviews and attestations. Coordinate/facilitate access and entitlement reviews for individual applications, business lines, and the enterprise at-large.
• Assist with the research, development, continuous improvement and implementation of identity policies, procedures, standards, and processes based on compliance requirements and industry best practices. Document the identity governance requirements, processes and procedures. Enforce information security and identity policies and procedures by reviewing violation reports, investigating possible exceptions, and documenting controls.
• Prepare status reports on identity and access matters that are used for a variety of purposes - tracking and monitoring security breaches, forensic investigative activities, remediation plan management and risk management & compliance reporting. Effectively manage and prioritize ad-hoc reporting requests, scorecards, and standard departmental reporting. Coordinate with internal team and external auditors to provide documentation of compliance assessments, support, and remediation activities.
• Maintain and develop knowledge of identity & access management trends, new identity technologies and best practices. Conduct security and industry specific research to keep self and the firm abreast of the latest security issues and regulatory developments that may impact existing policies, procedures, and practices. Participate in information security education, training and awareness activities for technology and business teams.
• Enhances organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.

Required Qualifications:- Bachelor\xe2\x80\x99s degree in computer science, management information systems, or related technical field; or equivalent work experience.- 10+ years of experience in Information Security Services, Cybersecurity, or related technical field.The successful candidate will need to demonstrate proficiency in at least one of verticals below:

• Identity & Access Governance suites such as RSA Identity Governance & Lifecycle (formerly Aveksa) or other competitor products such as SailPoint or Saviynt.
• Privileged Account Management such as, Services and Processes [CyberArk] or other competitor products such as Beyond Trust, Thycotic, Delinea, Arcon, Hashicorp.
• At least one of the following Cloud Governance technologies: AWS, Azure, GCP with experience in securing key services such as AWS Secrets Manager or Azure KeyVault.

In addition, the successful candidate will need to meet below requirements:

• Interested in gaining broad experience in Information Security Services.
• First level knowledge and/or demonstrated technical ability to understand code and technology infrastructure in multiple environments with experience in the below languages [Powershell, Python, Regular expressions-based programming]
• Demonstrated basic understanding of the Software Development Lifecycle (SDLC) and programming/development procedures.
• Work experience that spans the Identity & Access Management or Governance, Risk, and Compliance security domains.
• Working knowledge of information security and computer network/system access technologies.
• Experience working in the financial services industry or other highly regulated/compliance-oriented environments.
• Good understanding of security controls, monitoring systems and regulatory/business drivers that impact security policies and practices.
• Effective oral and written communication skills
• Critical thinking and thought leadership skills including logical, analytical, and abstract rational skills.
• Strong attention to detail, follow-through, and time management skills.
• Working with technical and business users on platform related questions/issues
• Demonstrated aptitude to quickly learn and apply new tools and processes
• Defining business, user, and systems requirements
• Developing user acceptance test plans
• Business Analysis
• Building Process Flows
• Data Analytics
• Experience creating SQL queries and reports
• Presentations (Creating and Delivering)
• Project Coordination
• Risk Identification and Remediation
• ITIL (Change, Problem, Incident, Configuration) Management
• Direct client experience, including working with client teams in both on-site and offshore models.

Location: Gurugram/Noida/HyderabadShift Timings: 2:00 -10:30 pmCab Provided: YesPreferred Qualifications:Identity & Access Governance (IAG) Capabilities:

• Access Review / Attestations
• Joiner/Mover/Leaver
• Role Based Access Controls (RBAC)
• Access Request
• Provisioning / De-Provisioning

Privileged Access Management (PAM) Governance Capabilities:

• Password Management
• Credential Access Management

Basic knowledge and experience with:

• Operating Systems (Windows, Linux, Mainframe, etc.)
• Directories/LDAP Constructs (Active Directory, Oracle, etc.)
• Databases/RDBMS/AWS RDS Constructs (Oracle, SQL, DB2, RDS etc.)
• Authentication / Authorization Constructs (Directory, Hybrid, Native Source)
• Data Formats (XML, CSV, etc.)
• Development / Programming / Scripting
• SQL for data analytics & reporting
• AWS and Azure cloud IAG/IAM/PAM

Experience troubleshooting data issues.Audit Response (Artifact creation and delivery)Compliance Types (SOX, SOC1, SOC2, SOX, NYDFS, FINRA, SEC, GLBA, HIPAA, IT Compliance, etc.)CISSP or similar security certifications.About Our Company
Ameriprise India LLP has been providing client based financial solutions to help clients plan and achieve their financial objectives for 125 years. We are a U.S. based financial planning company headquartered in Minneapolis with a global presence. The firm\xe2\x80\x99s focus areas include Asset Management and Advice, Retirement Planning and Insurance Protection. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You\xe2\x80\x99ll also have plenty of opportunities to make your mark at the office and a difference in your community. So if you\'re talented, driven and want to work for a strong ethical company that cares, take the next step and create a career at Ameriprise India LLP.Ameriprise India LLP is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, genetic information, age, sexual orientation, gender identity, disability, veteran status, marital status, family status or any other basis prohibited by law.Full-Time/Part-Time Full timeTimings (2:00p-10:30p)India Business Unit AWMPO AWMP&S President\'s OfficeJob Family Group Technology

Ameriprise Financial