Provides technical evaluation and analysis in a specific Security area
Supports activities, process, and tools needed to improve overall security posture of the organization
Applies security concepts, reviews information, executes defined tasks, analyzes requirements, reviews logs, and creates documentation
Performs investigation and data loss prevention, data manipulation, and coordination of activities
Performs actions to address or mitigate risks and vulnerabilities
Reviews and defines controls
Advises on more complex security procedures and products for clients, security administrators, and network operations
Participates in enforcement of control security risks and threats
Shares knowledge with staff
Conducts security assessments and other information security routines consistently
Investigates and recommends corrective actions for data security related to established guidelines
Develops policies and procedures to standardize security functions and eliminate potential vulnerabilities and threats

5+ years of industry-relevant experience
Familiarity with NIST
Experience in risk management, policy/governance, IT controls, or cybersecurity, within CIAM/IAM or directly related identity domains
Demonstrated experience writing policies/standards/procedures and mapping them to controls and evidence
Experience with CIAM concepts: authentication flows, MFA factors, federation (OIDC/OAuth2, SAML), identity proofing, session security, risk-based auth
Working knowledge of risk frameworks and governance approaches: e.g., NIST 800-53/63, ISO 27001/27002, FFIEC expectations; three lines of defense model; issue/exception management
Strong written communication skills: policy drafting, risk narratives, control design, audit responses
Analytical skills: define KRIs/KCIs/KPIs, interpret trends, and present data-driven recommendations
Certifications: CIPM, CISA, CRISC, CISM, CGEIT, CISSP, CCSP, or vendor CIAM certs

Security Specialist

Key skills