...
Responsibilities
Responsibility | Domain | Category | ||||||
|---|---|---|---|---|---|---|---|---|
Assess existing IAM capabilities, develop a risk-based IAM strategic roadmap aligned with the organization's goals and obtain top management sponsorship for it | All |
| ||||||
Embrace Identity and Access Management holistically including Workforce IAM, 3rd Party IAM, Client IAM, Object IAM, Technical IAM or PAM and Physical Access | All |
| ||||||
Assure that the IAM function and program are supervised by and report to adequate governing bodies | All |
| ||||||
Design and implement IAM policies that establishes clear requirements and accountability for IAM topics | All |
| ||||||
Develop an IAM technological roadmap to sustain the organization's digital transformation | All |
| ||||||
Find, recruit, retain, train, and develop IAM talents | All |
| ||||||
Design and implement an authorization process processes that assure the legitimacy and appropriateness of access permissions | All |
| ||||||
Assure coverage of IAM processes over the information system by dynamically integrating IT Asset Management inventories | All |
| ||||||
Identify and analyze IAM related risks in alignment with the organization's risk management framework | All |
| ||||||
Conduct regulatory and industrial watch to identify regulatory, contractual and industrial requirements and best practices | All |
| ||||||
Facilitate and provide evidences for internal and external audits on IAM related topics and manage related findings and recommendations | All |
| ||||||
Embed IAM requirements by design in the SDLC, Project, and Change Management processes | All |
| ||||||
Assure adequate traceability in IAM processes to fullfill compliance and security requirements | All |
| ||||||
Reconciliate systems with authorizations to identify and act upon anomalous identities and accesses | All |
| ||||||
Use data analytics to identify and respond to anomalous identities, accesses, and behaviors | All |
| ||||||
Effectively implement IAM remediation plans to mitigate IAM related risks and remediate findings | All |
| ||||||
Assure identity proofing and XXX |
| |||||||
Implement and maintain role-based and other access control models in consistency with the organizational structure and due respect for the least privilege and its specialized form the need-to-know principles | All |
| ||||||
Design, implement, operate, and execute continuously improve IAM controls to efficiently and effectively assure compliance with regulatory, contractual and industrial best practice requirements |
| |||||||
Home office and remote access |
| |||||||
Privileged Design, implement, and continuously improve privileged and technical access management processes and capabilities to effectively mitigate high privileged access risks | PAM/TAM |
| ||||||
Off-boarding and security |
| |||||||
Mitigate fraud and accidents by deploying SoD and toxic rights controls | All |
| ||||||
Deploy authentication mechanisms whose robustness is commensurate with risk | All |
| ||||||
Clean the information system from anomalous identities, including orphaned accounts, and access permissions | All |
| ||||||
Recertification |
| |||||||
Remediate anomalous identities and accesses |
| |||||||
Define and implement a password and secrets management policy |
| |||||||
Federation with 3rd parties |
| |||||||