Comcast Cybersecurity: Senior Manager, Identity and Access Management

Make your mark at Comcast -- a Fortune 30 global media and technology company. From the connectivity and platforms we provide, to the content and experiences we create, we reach hundreds of millions of customers, viewers, and guests worldwide. Become part of our award-winning technology team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate, and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. Join us. You’ll do the best work of your career right here at Comcast. (In most cases, Comcast prefers to have employees on-site collaborating unless the team has been designated as virtual due to the nature of their work. If a position is listed with both office locations and virtual offerings, Comcast may be willing to consider candidates who live greater than 100 miles from the office for the remote option.)Job SummaryIAM-myComcastAccess Senior Manager will partner with engineering team to manage secure, resilient, cost-effective, and scalable solutions on enterprise identity and access management platform across variety of use cases. The role works closely with Senior Engineers to support day to day engineering, maintenance, and support efforts for all identity and access management technology. The role serves as a subject matter expert in the areas of identity and management, privileged access management, and general information security best practices across all technology domains. Senior Manager of Identity & Access Management (IAM-myComcastAccess) responsible for planning, designing, and implementing Identity and Access Management (IAM-myComcastAccess) services across the organization to provide the correct individuals with access to the right resources. Drives collaboration between information security, risk, human resources, business, and technology staff to grant proper access to entitlements, ensuring the security of the organization's sensitive information. Works across departments to develop policies, standards, and strategies regarding identity and access management. Ensures that the identity and access management direction meet the established organizational standards. Continuously monitors the current access management processes, creating accurate documentation. Analyzes user access needs, implementing new access systems when necessary.Job DescriptionWhat You’ll Do:Lead the IAM Operations team and work with the Managed Service Provider's (MSP's) resources to ensure deliverables are met within Service Level Agreements (SLA).Collaborate with IAM Delivery, Engineering, and Architecture teams to maintain an ongoing IAM strategy aligned with business objectives.Assign L3 level issues to engineering team and assign day to day issues to the L2 support team and track issues to their closure.Provide technology leadership and direction to internal and outsourced IAM teams.Communicate effectively with management as well as customers to identify needs and evaluate alternate technical solutions and strategies.Assume position as the IAM Operations Lead for IAM platform escalations and incident response.Expert level troubleshooting skills and support IAM tools such as Active Directory (on-prem & Azure), SailPoint IIQ, supporting applications/systems.Prepare and maintain documentation including SOPs, runbooks, resiliency plans, incident response materials and SOP's for IAM Services.Prepare root cause analysis and postmortem incident analysis reports.Lead response activities including working with business teams to report on status of service restoration activities.Identify service improvement opportunities and collaborate with IAM service owners for prioritization.Provide input and requirements during process and control design by IAM service delivery team.Co-define IAM Operations’ service levels, and metrics with IAM Service owners.Analyze & report periodic IAM service performance metrics.Lead efforts to ensure that the IAM team’s MSP resources adhere to the IAM Governance standards.Participate in audits and other compliance assessment activities as needed to assist with meeting compliance deadlines.Augment production support team(s) to ensure sufficient coverage for current & future IAM services.Coordinate with cyber security team(s) to ensure solution assurance and compliance to security policy, procedures, standards, and baseline security configurations.The IAM Operations Lead will participate in the IAM On-Call (off hours) rotation and will sometimes be required to work evenings and weekends, sometimes with little or no advance notice.Develops and articulates identity and access risk management strategies that continuously monitors and improves the security of client-facing and internally facing applications.Implements and operates state of the art privileged and system account access management practices.Develops and implements solutions to support access authentication, authorization and provisioning while standardizing and streamlining IT security administration processes.Governs and continually improves processes/procedures that focus on risk-based access controls; provides the least allowable access required for business operations, including role-based access modeling.Generates innovative ideas and appropriately challenges the status quo. Identifies opportunities to improve logical access provisioning processes.Fosters a high-performance culture and team by developing their skills and effectively managing the quality of automated access security services delivered.Monitors automation performance by including benchmarking and tracking performance against service improvements.Leads discussions with business units to review and approve mitigation strategies for areas of non-compliance with information security policy and standards.Approves exception requests, user access changes, provisioning, de-provisioning, and access level changes. Provides guidance on implementing access levels for new systems.Desired skills:Minimum of 10+ experience in IAM domain. Developing, implementing and/or architecting IAM systems, directory service, active directory, Radiant Logic, SailPoint IIQ, Azure active directory, LDAP, and cloud-based identities.Minimum five (5) years' experience managing a team.Experience in gathering requirements, documenting, and assessing information for implementing information security policies and standards is required.Experience and advanced understanding of business processes, internal control risk management, IT controls and risk and compliance requirements.Experience and working knowledge of cloud (IaaS, PaaS, SaaS), IT infrastructure, IAM solutions, network, compute, storage, and security technologies to guide in the preparation of related recovery procedures. Financial industry regulatory experience a plus (FFIEC, FDIC, OCC, SOC, SOX).Demonstrated experience integrating data sources/applications into VDS, configuring VDS data access views and permissions, and correlating and synchronizing identities.Knowledge of protocols such as SCIM, SOAP, REST and APIsKnowledge within building cloud infrastructure (VNET, compute, storage, set up)Containerization expertise within cloud (AKS, Docker or alternate)Experience with cloud marketplace/SaaS marketplaceExperience working with Azure/AWS DevOps or similar tools for tracking, developing, deploying softwareKnowledge in Public Cloud Automation tooling, automation experience using configuration management tools such as Ansible.Knowledge of LDAP and Active Directory services, MFA, Risk based authentication and privileged access managementHolistic view of IAM (Authentication and Authorization Data, Endpoint Security, Network Security, Policy Engine)Technical expertise and experience with Microsoft MFA, SailPoint, CyberArk, Active Directory, Azure Active Directory, AWS, Google Cloud Platform, Microsoft Azure, and IDM integration across domainsEducation:Bachelor's degree Computer Science, Computer Engineering, or a related technical discipline.Preferred certifications: CISSP, CISM/CISAEmployees at all levels are expected to:Understand our Operating Principles; make them the guidelines for how you do your job.Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.Win as a team - make big things happen by working together and being open to new ideas.Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.Drive results and growth.Respect and promote inclusion & diversity.Do what's right for each other, our customers, investors and our communities.Disclaimer:This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.CertificationsCISSP - Certified Information Systems Security Professional - (ISC)²EducationBachelor's DegreeWhile possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.Relevant Work Experience7-10 YearsBase pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality – to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details.