Identity And Access Management Spec.

GENERAL QUALIFICATIONS AND JOB DESCRIPTION

Eksim Holding A.Ş. is looking for a "Corporate Identity and Access Management Specialist" within the Information Security and Infrastructure Directorate.

Job Description:

• Develop the organization's Identity and Access Management strategy, aligning security requirements with current regulations and business objectives.
• Design, implement, deploy, and maintain IAM (Identity Access Management) systems.
• Define and enforce access control policies, ensuring that only authorized users have access to resources and data.
• Manage the entire identity lifecycle from onboarding to offboarding, ensuring accurate and timely user authorization and deauthorization.
• Implement and manage identity authentication mechanisms such as OAuth2, OIDC, ADFS, and SAML federation protocols, as well as SSO (Single Sign-On) processes and MFA.
• Manage and monitor privileged user access to critical systems and data.
• Ensure compliance of IAM (Identity Access Management) systems and processes with relevant regulations and industry standards. Maintain role-based permissions and monitor associated risks. Monitor and report anomalies.
• Play a key role in security incident response processes, particularly in cases of unauthorized access or data breaches. Prepare breach incident reports in collaboration with GRC (Governance Risk and Compliance) teams.
• Train end-users and provide support for Identity and Access Management Systems-related issues.
• Evaluate the effectiveness of Identity and Access Management solutions, manage relationships with vendors.
• Collaborate with Risk and Compliance Governance Teams to develop IAM policy and procedures, execute relevant security and compliance processes.
• Collaborate with IT teams to integrate Identity and Access Management Systems and expand their adoption.
• Stay current on emerging Identity and Access Management (IAM) technologies and best practices. Recommend improvements to strengthen the organization's security posture.

Role and Responsibilities:

• Hold at least a bachelor's degree in computer science, information technology, or a related field,
• Preferably possess recognized certifications in the field such as CISSP, CISM, CISA, DPO, 27701, CBDDO, and vendor-specific IAM/IdAM (Identity and Access Management) certifications,
• Have experience and a project history related to Identity and Access Management (IAM) concepts and technologies,
• Demonstrate expertise and project experience with identity and access management protocols and standards such as SAML, OAuth, LDAP, and OpenID Connect,
• Be familiar with relevant compliance regulations (GDPR, HIPAA, NIST, KVKK, DDO, ISO27701, PCI) and data privacy principles,
• Have expertise and project experience in directory services (e.g., Active Directory, LDAP) and authentication mechanisms (e.g., MFA, biometrics),
• Possess knowledge of security and risk management,
• Have proficiency in English to read technical articles and manage fault records opened to the vendor,
• Have strong problem-solving and analytical skills.