About the Role
- Define, test and maintain Joiner-Mover-Leaver (JML) and Role-Based Access Control (RBAC) for Entra ID, Azure, and M365 admin roles; maintain a Segregation-of-Duties (SoD) matrix for cloud roles.
- Implement and maintain Privileged Access Management (PAM) and relating tooling, MFA, approval workflows, break-glass governance.
- Govern service principals/managed identities (key rotation, least privilege, owner accountability).
- Run periodic privileged access reviews, attestations, re-certifications, and produce evidence for audits and inspections.
- Act as Level-2 technical and incident response for identity compromise (token theft, consent phishing, impossible travel), and coordinate with SOC/Sentinel/Splunk.
Key Responsibilities
1. Privileged access governance
- Design and operate PAM for Entra/Azure/M365.
- Enforce MFA/Conditional Access
- Maintain break-glass governance
- Test controls regularly
2. Define and maintain cloud RBAC and JML for privileged roles
- Build role catalogue
- Map job functions to roles
- Implement JML workflows for admin roles
- Enforce least privileges
- Validate with test cases
- keep mappings updated as org/tech changes
3. Govern service principals / managed identities
- Create standards for app registrations / managed identities.
- Enforce naming / ownership
- Design least-privilege permissions
- Implement secrets / cert rotations
- Remove orphaned identities
- Periodically review high-risk permissions and consent grants
4. L2 technical support + incident response for identity compromise
- Investigate suspicious sign-ins/token anomalies
- Coordinate containment (revoke sessions/tokens, disable accounts, reset creds)
- Tune detections with SOC
- Develop/run playbooks; perform post-incident improvements
You are someone with:
- Bachelor's degree in Information Security, Computer Science, Engineering, Information Technology, or related field.
- Minimum of 5 years relevant experience in IAM, cloud security, security and/or engineering.
- Microsoft certifications relevant to identity/security such as:
> SC-300 (Identity and Access Administrator)
> SC-200 (Security Operations Analyst)
> AZ-500 (Azure Security Engineer)
> CCSP or CISSP or CISM or CompTIA Security
- Relevant working experience in regulated environments (e.g. banking, FSIs) and/or audit/regulatory engagements is an advantage.
- Hands-on administration of Microsoft Entra ID, Azure RBAC, and M365 admin roles (including role scoping, assignment models, and least privilege).
- Experience implementing Privileged Access Management concepts such as MFA enforcements, break-glass controls, privileged monitoring and governance.
- Experience in governance of service principals / app registrations / managed identities: permissions, consent, secret/certificate lifecycle, rotation, and ownership accountability.
- Ability to design and operationalise SoD controls and manage exceptions with compensating controls and risk sign-off.
- Practical incident response for identity threats such as token/session revocation, conditional access response, account lock-down, risky sign-in investigation, consent grant review, and remediation.
- Working knowledge integrating IAM telemetry with Microsoft Sentinel and/or Splunk, and collaborating with SOC on detection use-cases (impossible travel, anomalous token usage, risky apps, privilege escalation).
- Strong control mindset and ability to explain controls clearly to auditors and regulators.
- High ownership, attention to detail, and disciplined change management.
