Key skills
AWSAzureCloudCyber SecurityServiceNowIAMAzure ADEntra IDActive DirectorySaaSJiraLeadershipRisk ManagementCommunicationCollaboration
About this role
Role Overview
- Identity posture monitoring & exposure management
- Operate and mature the Identity Security Posture Management capability (ISPM) to discover identity exposures across Identity Providers (e.g., Entra ID/AD), SaaS applications, cloud environments, and critical business systems.
- Identify and track identity security issues such as excessive privileges, dormant accounts, misconfigured admin roles, weak authentication enforcement, privilege escalation paths, and risky third-party access.
- Maintain an Identity Exposure Register with severity, business impact, owner, remediation plan, and due dates; enforce SLA-based remediation for critical findings.
- Risk prioritization & remediation orchestration
- Triage and prioritize findings using risk-based methods (e.g., likelihood/impact, exploitability, business criticality).
- Coordinate remediation with system owners: role redesign, least privilege enforcement, MFA coverage improvements, privileged role controls, conditional access, and entitlement clean-up.
- Drive reduction of inappropriate combinations and segmentation-of-duties issues where relevant.
- Controls, audit, and compliance enablement
- Provide evidence to support identity-related controls (e.g., privileged access governance, MFA enforcement, access review/UAR posture, joiner-mover-leaver quality, service account governance).
- Produce audit-ready reporting and artifacts for internal audit and external auditors (SOX/ITGC/GITC reliance, regulator exams).
- Ensure posture findings are connected to policy/standard requirements and tracked through governance workflows.
- Telemetry, metrics, and executive reporting
- Build and maintain ISPM dashboards and KRIs (e.g., privileged role sprawl, stale privileged accounts, MFA coverage, high-risk entitlements, remediation cycle time).
- Present posture trends and remediation progress to Identity Security & Governance leadership and stakeholders (CISO org, IT, app owners).
- Integration & automation
- Partner with engineering teams to integrate ISPM insights with ticketing/workflow tools (e.g., Axonius, ServiceNow/Jira), SIEM/SOAR, IGA (e.g., SailPoint), and PAM (e.g., CyberArk).
- Automate repeatable posture checks where possible (APIs, scripts, scheduled reports), and document repeatable playbooks/runbooks.
- Collaboration & stakeholder enablement
- Act as a trusted advisor to application and infrastructure teams on identity security best practices (least privilege, role design, privileged access, authentication hardening).
- Contribute to identity governance operating procedures, playbooks, and standard updates.
Requirements
- Bachelor's degree or an equivalent mix of education and experience in Information Cyber Security, Risk Management and Governance Risk and Compliance.
- 7+ years of relevant experience in third-party cyber and data risk management and conducting third-party cyber and data risk assessments.
- Experience with reviewing and negotiating cyber and data security contract language.
- Expert knowledge of cyber and data security and risk disciplines and practices.
- Advanced knowledge of technology controls, security, and risk issues.
- Strong eye for detail and ability to successfully manage and conduct third-party cyber and data assessments, gather evidence, and coordinate risk remediation responses.
- A team player with strong collaboration skills and the ability to work with minimal supervision.
- Ability to leverage strong verbal, written communication skills to collaborate with cross-functional teams.
- Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
- Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
- Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization, and outside vendors.
- 5+ years in identity security, IAM/IGA, security operations, or security risk management with hands-on exposure to identity platforms.
- Working knowledge of identity concepts: authentication, authorization, RBAC/ABAC, privileged access, service accounts, identity lifecycle, entitlement models, and access reviews.
- Experience interpreting identity-related findings and coordinating remediation with technical and business stakeholders.
- Familiarity with at least two of the following areas: Entra ID/Azure AD, Active Directory, SailPoint (or equivalent IGA), CyberArk (or equivalent PAM), AWS/Azure identity constructs, common SaaS admin models.
- Strong documentation and reporting skills (evidence packs, dashboards, executive-ready summaries).
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- ServiceNow
Benefits
- Qualify for your choice of health and dental plans within your first month.
- Save for your future with robust 401(k) match, Health Spending Accounts and various retirement plans.
- Learn and Grow with our Tuition Assistance Program, paid certifications and continuing education programs.
- Contribute to your community through United Way and volunteer programs.
- Balance your life with generous paid time off and business casual dress.
- Get employee discounts for shopping, dining and travel through Kemper Perks.