Identity and Access Management: Career Prospects

Regulations, Threats Open New Opportunities Identity and access management (IAM) deals with how users within an organization are given an identity - and how it is protected, including saving critical applications, data and systems from unauthorized access while managing the identities and access rights of people both inside and outside the organization.

"Identity and access management involves protecting our data assets and implementing processes and procurement standards to run business more intelligently," says Mike Del Guidice, senior security officer at Crowe Horwath LLP, a security services consulting company based in Chicago. "Identity and access management is to do with the efficiency and effectiveness of controls. Are the controls doing the right thing in an intelligent way? How can we align these controls with the business processes for a mature solution?"

"Regulatory pressure and meeting effective data security standards have made identity and access management skills and role very desirable in recent times, especially within financial institutions says," Tammy Moskites, Vice President, IT Security Officer, Huntington National Bank.

Role and Prospects

The IAM roles remain primarily within the consulting and outsourcing industry, as IAM remains a highly complex arena. That said, "There are currently positions available for IAM individuals with a track record in both private and public sectors, including professional services, government, financial services and technology companies," says Victoria Lee, SVP Lenzner Group, an executive security search and consulting services firm based in New York.

User account administrators salaries can range from $45k - $80k, indicates Moskites. For skilled and experienced identity and access management engineers of Identity solutions, salaries can range from the mid-$70's, upward to $120k range for full integrators. Usually engineers at security vendor companies and in a senior consulting role reach the high end with salaries ranging from $120k-150k.

The role is usually carried out by a senior IT system administrator with hands-on regulatory compliance knowledge. The IT/ Security role involves supporting and over seeing day-to- day operations and activities including;

Provisioning and de-provisioning user changes
Maintenance of IAM technology infrastructure
Managing application and user-store integration
Interfacing with Help Desk
Handling exceptions
Future integration of applications
Upgrades, patch management.

The role is technically-oriented and needs oversight by a project manager who typically has ownership of the IAM program within the organization. The project manager constantly interacts with management, IT/Security, governance and business community to ensure success and integration of various aspects with the IAM infrastructure currently and going forward.

Management support includes building a strategy, vision and road map for attaining effective and efficient identity and access management controls. "Organizations should assess its requirements, technical abilities and select a technology tool that aligns best with its business objectives, timeframe, budget and resources," says Hord Tipton, CEO, ISC2.

Senior security management should:

Provide oversight
Set policies and standards
Guide IAM architecture
Align IAM initiatives to business processes
Monitor controls and regulatory compliance to required standards.

Business group should ensure that IAM program initiatives are in alignment with business objectives and processes and help:

Define user roles
Define access controls necessary for application usage and data access;
Decide how best to use the IAM infrastructure tools for overall business success.

"Identity and access management and data security should be a line of business vs. support of business; IAM should be seen as an enabler of business," says Del Guidice.

Skills required: vIAM requires professionals to have a solid IT and technical background in system architecture, application architecture, design and implementation, coupled with a strong understanding of business operations and controls. A bachelor's degree in computer engineering or IT systems is strongly recommended by experts. Additionally, experience could be achieved by taking up positions in IT and/or IT Security software development projects, security architecture, networking, application and or/database management and system integration of end to end enterprise solutions. A good exposure and hands-on experience come from joining one of the IAM vendor companies, which provide a good entry point in this field. Key skills include:

Strong understanding of multiple platforms, (RACF, Active Directory, Novell, UNIX and AS/400)
LDAP Knowledge
Complex problem analysis
Ability to manage multiple priorities
Ability to rapidly adapt to changing business requirements
Ability to balance customer service and regulatory needs
Ability to maintain confidentiality
Great Communications Skills, both verbal and in writing
Great Teamwork Skills
Ability to efficiently acquire and utilize new skills in response to change
Regulatory Compliance Knowledge (SOX, FFIEC, and PCI)
Identity Management - Provisioning and Workflow processes
Access Management - Authentication and Entitlements
Data Security and Privacy - Database access
Experience with Role Base Access Controls
Experience with implementing IDM solutions
Experience with Identity Management Provisioning
IT experience including IT Security Administration
IT compliance and security certifications (CISSP, CISA or CISM preferred)

Other Certifications (Novell, Security+, MCxx)

As organizations grow and become more complex, the number of identities to be managed will follow that trend. "With the ever-changing risks and regulatory requirements that are presented to companies, more and more companies are looking for that silver bullet- to enable automated user access management. However, this effort will take many years, and in today's economy it is a very expensive initiative to take on," says Moskites

"IAM professionals will continue to be highly desired individuals given the expanding risk environment as a result of the current market and economic conditions, increased regulatory compliance, governance and transparency requirements, as well as the exponential reach of global commerce and connectedness we share today," adds Lenzner.


About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.




Around the Network