IT Security Analyst II - IAM

Location: Sheetz Corporate - Altoona, PA

PRIMARY PURPOSE OF THIS POSITION:

The IT Security Analyst II - IAM will design, implement, and enforce Identity and Access Management solutions that protect systems and data from security risks. Responsible for the identification, investigation, and resolution of events for those systems. Tasks may include involvement in the implementation of new security solutions; participation in the creation / maintenance of policies, standards, baselines, guidelines, and procedures; and conducting audits and assessments.

ESSENTIAL FUNCTIONS: (other duties may be assigned)

1. Support/Execute the implementation of the IAM Program including distribution and maintenance of information security and related policies, as assigned by more senior RISC personnel. Implementation should support the department’s accountability in setting risk and security policies, standards, guidelines, processes, and procedures.
2. Maintain up-to-date in-depth knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
3. Recommend additional IAM solutions, or enhancements to existing security solutions to improve overall enterprise security.
4. Perform the deployment, integration, and initial configuration of IAM solutions and of any enhancements to existing IAM solutions in accordance with industry and company standards including but not limited to Identity Management, Directory Services, Access Management Platforms and Governance Platforms.
5. Maintain up-to-date baselines for the secure configuration and operations of all in-place systems, whether they be under direct control (e.g. IAM tools) or not (e.g. workstations, servers)
6. Review logs and reports of all in-place IAM solutions. Interpret the implications of activity and devise plans for appropriate resolution.
7. Participate / advise in the design and execution of Identity and Access Management solutions, penetration tests, and security audits.
8. Provide call escalation for all in-place identity solutions, including Identity Governance, Directory Services, Access Management and Administration solutions.
9. Research and write security, risk, and compliance reports indicating the existence of, and effectiveness of, information technology related controls.
10. Evaluate new or modified systems, processes, and/or products vs internal security standards to identify risks that fall outside of Sheetz' risk tolerances.
11. Collaborate with core business partners and other security teams to improve controls via create process design which meet the evolving business needs for customer experience and efficiency.
12. Provide risk consulting and/or training to business and technical partners to improve the effectiveness of risk management across the enterprise.
13. Provide evening and weekend “on call / issue” support as needed. Sheetz is open 24,7,365 and as such, our internal and externa, customers may require support at any time.

REQUIREMENTS: (Equivalent combinations of education, licenses, certifications and/or experience may be considered)

Education

• A four-year degree in Computer Science, Engineering or related field required.

Experience

• 3+ years Identity and Access Management experience required.
• Experience with security operations preferred.
• Experience with IAM solutions and implementing technologies such as SailPoint, Saviynt, ForgeRock, Oracle IAM products, CA Identity Manager, NetIQ IDM, etc. preferred.
• Experience with IAM solutions and support of vendor products primarily related to LDAP directories, virtual directories, credential management systems, and single sign-on preferred.
• Experience with relational and non-relational databases, especially Oracle, SQL Server, and MySQL preferred.
• Strong understanding of IGA principles: Identity Lifecycle Management, Access Management, Identity Governance, and Access Certifications required.
• Familiarity with one or more of the following: web services, LDAP queries, directory services, web authentication, scripting automation, or integrations preferred.

Licenses/Certifications

• Maintain a continuous personal professional development program; this level prefers CISSP certification and commitment to pursue additional training or certifications in risk, security, governance, compliance (e.g., CISSP-ISSEP, CISSP-ISSAP, CISSP-ISSMP, GICSP, GMOB, GCIH, CRCMP, CISA, CGEIT, CRISC, CRMA, CORP, advanced degree)

Tools & Equipment

• General Office Equipment

ABOUT SHEETZ
Sheetz, Inc. is a fast-growing, family-owned, food/convenience company that has been in business since 1952. Sheetz has over 600 locations in Pennsylvania, Ohio, Virginia, West Virginia, Maryland and North Carolina.

Our mission at Sheetz has been to meet the needs of customers on the go. Of course, things have changed over those nearly 70 years. Life is faster and busier, and customers expect us to be there when they need us most. One thing that hasn't changed is our commitment to our customers, our employees and the communities in which we operate. Sheetz donates millions of dollars every year to the charities it holds dear.