Security Manager - Identity and Access Management

Position Overview

At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. We work together each day to foster an inclusive workplace culture where all of our employees feel respected, valued and have an opportunity to contribute to the company's success. As a Security Manager within PNC's Technology organization, you will be based in Pittsburgh, PA; Cleveland, OH; Birmingham, AL or Dallas, TX. The position is primarily based in a PNC location. Responsibilities require time in the office or in the field on a regular basis. Some responsibilities may be performed remotely, at the manager's discretion.

Job Responsibilities

• Manages resources that enables security control effectiveness with a team and technology.

• Monitor trends and continuously assesses staff/security system capabilities to meet business demands.

• Leads in policy development, audit mitigation, and other tasks related to securing and maintaining the operational health of the infrastructure. Evaluates security systems, teams and processes to provide recommendations to maintain continuity and operational health.

• Documents and revises procedures and playbooks for teams, processes and technology to provide a standard security practice and increase team effectiveness.

• Focus on customers and internal partners, manage risk, and to accomplish business goal and objectives.

• Understands how service(s) align to overall business strategy, cyber security landscape, security policy, and consumer needs, and can anticipate new opportunities and/or adjust service approach to accommodate variable needs

• Evaluates evolving risk areas to identify gaps in current controls, service functionality and capabilities

• Defines and monitors cost, performance and value measurements of service(s)

• Looks holistically across all services to understand (inter)dependencies and key integration points with own service(s)

• Responsible for articulating purpose and value of service(s), and ensuring understanding across impacted consumer base

• Responsible for successful remediation of audit risks/needs aligned to service(s)

• Communicates, influences, negotiates, and drives consensus both vertically and horizontally to achieve service objectives

Technical Skills

• Understanding of fine grain and coarse grain access permissions/authorizations, including entitlements management

• Understanding of authentication models, such as modern authentication, Oauth, directories, SAML/Federation, etc.

• Understanding authorization models and concepts, such as ACLs, DACLs, RBAC, ABAC, Policy/Claims

• Understanding of identity, credential, and access management concepts - technical/engineering skills (NOT a project manager), with experience with Oracle Identity Manager (OIM)

• Understanding of authentication, authorization, SSO, and LDAP best practices

• Ability to manage large amounts of data within Excel, including use of data models, macros, pivot tables, reporting and dashboarding

• Ability to manage large data sets via execution of SQL queries and have some experience with working with MS Access database

• Ability to clearly communicate with team members, leadership, executive leadership, and customers - internally as well as externally - including ability to meet critical timelines to achieve success

• Ability to diagnose and troubleshoot issues and possess strong analytical and problem solving skills

• Ability to work independently, should be detail oriented, and be able to work in a team environment

Additional Skills

• Collaborate with customers to collect, analyze document requirements assist with the architecture, analysis, design, development, integration, and overall implementation of entitlements and roles based access control roles

• Designing, engineering, maintaining the roles including descriptions, organization mapping, and role owner maintenance as part of the BAU activity

• Shall server as a subject matter expert on identity and access management, and will review and implement RBAC related work sets to achieve expected business outcomes

Job Responsibilities

• Manages resources that enables security control effectiveness with a team and technology.

• Monitor trends and continuously assesses staff/security system capabilities to meet business demands.

• Leads in policy development, audit mitigation, and other tasks related to securing and maintaining the operational health of the infrastructure. Evaluates security systems, teams and processes to provide recommendations to maintain continuity and operational health.

• Documents and revises procedures and playbooks for teams, processes and technology to provide a standard security practice and increase team effectiveness.

• Focus on customers and internal partners, manage risk, and to accomplish business goal and objectives.

• Understands how service(s) align to overall business strategy, cyber security landscape, security policy, and consumer needs, and can anticipate new opportunities and/or adjust service approach to accommodate variable needs

• Evaluates evolving risk areas to identify gaps in current controls, service functionality and capabilities

• Defines and monitors cost, performance and value measurements of service(s)

• Looks holistically across all services to understand (inter)dependencies and key integration points with own service(s)

• Responsible for articulating purpose and value of service(s), and ensuring understanding across impacted consumer base

• Responsible for successful remediation of audit risks/needs aligned to service(s)

• Communicates, influences, negotiates, and drives consensus both vertically and horizontally to achieve service objectives

Technical Skills

• Understanding of fine grain and coarse grain access permissions/authorizations, including entitlements management

• Understanding of authentication models, such as modern authentication, Oauth, directories, SAML/Federation, etc.

• Understanding authorization models and concepts, such as ACLs, DACLs, RBAC, ABAC, Policy/Claims

• Understanding of identity, credential, and access management concepts - technical/engineering skills (NOT a project manager), with experience with Oracle Identity Manager (OIM)

• Understanding of authentication, authorization, SSO, and LDAP best practices

• Ability to manage large amounts of data within Excel, including use of data models, macros, pivot tables, reporting and dashboarding

• Ability to manage large data sets via execution of SQL queries and have some experience with working with MS Access database

• Ability to clearly communicate with team members, leadership, executive leadership, and customers - internally as well as externally - including ability to meet critical timelines to achieve success

• Ability to diagnose and troubleshoot issues and possess strong analytical and problem solving skills

• Ability to work independently, should be detail oriented, and be able to work in a team environment

Additional Skills

• Collaborate with customers to collect, analyze document requirements assist with the architecture, analysis, design, development, integration, and overall implementation of entitlements and roles based access control roles

• Designing, engineering, maintaining the roles including descriptions, organization mapping, and role owner maintenance as part of the BAU activity

• Shall server as a subject matter expert on identity and access management, and will review and implement RBAC related work sets to achieve expected business outcomes

• Actively involving in the enterprise technical business team meeting to gather the access details for their day to day activities and converting into job function roles in OIM

Job Description

• Manages a team that oversees the day-to-day operations and effectiveness of assigned security technology and programs.

• Manages resources that enables security control effectiveness with a team and technology.

• Monitors trends and continuously assesses staff/security system capabilities to meet business demands.

• Leads in policy development, audit mitigation, and other tasks related to securing and maintaining the operational health of the infrastructure. Evaluates security systems, teams and processes to provide recommendations to maintain continuity and operational health.

• Documents and revises procedures and playbooks for teams, processes and technology to provide a standard security practice and increase team effectiveness.

PNC Employees take pride in our reputation and to continue building upon that we expect our employees to be:

• Customer Focused - Knowledgeable of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions and able to leverage that information in creating customized customer solutions.

• Managing Risk - Assessing and effectively managing all of the risks associated with their business objectives and activities to ensure they adhere to and support PNC's Enterprise Risk Management Framework.

PNC also has fundamental expectations of our people managers. As a manager of talent in PNC, you will be expected to:

• Include Intentionally - Cultivates diverse teams and inclusive workplaces to expand thinking.

• Live the Values - Role models our values with transparency and courage.

• Enable Change - Takes action to drive change and innovation that will transform our business.

• Achieve Results - Takes personal ownership to deliver results. Empowers and trusts others in decision making.

• Develop the Best - Raises the bar with every talent decision and guides the achievement of all employees and customers.

Qualifications

Successful candidates must demonstrate appropriate knowledge, skills, and abilities for a role. Listed below are skills, competencies, work experience, education, and required certifications/licensures needed to be successful in this position.

Preferred Skills

Access Control (AC), Building Architecture, Customer Solutions, Disaster Recovery Planning, Information Security, Network Security, Physical Security, Risk Assessments, Security Technologies

Competencies

Information Assurance, Information Security Audits, Information Security Management, Information Security Technologies, IT Environment, IT Standards, Procedures & Policies, Knowledge of Organization, Planning: Tactical, Strategic

Work Experience

Roles at this level typically require a university / college degree. Higher level education such as a Masters degree, PhD, or certifications is desirable. Industry experience is typically 8+ years. At least 5 years of prior management experience is typically required. In lieu of a degree, a comparable combination of education, job specific certification(s), and experience (including military service) may be considered.

Education

Bachelors

Certifications

No Required Certification(s)

Licenses

No Required License(s)

Benefits

PNC offers a comprehensive range of benefits to help meet your needs now and in the future. Depending on your eligibility, options for full-time employees include: medical/prescription drug coverage (with a Health Savings Account feature), dental and vision options; employee and spouse/child life insurance; short and long-term disability protection; 401(k) with PNC match, pension and stock purchase plans; dependent care reimbursement account; back-up child/elder care; adoption, surrogacy, and doula reimbursement; educational assistance, including select programs fully paid; a robust wellness program with financial incentives.

In addition, PNC generally provides the following paid time off, depending on your eligibility*: maternity and/or parental leave; up to 11 paid holidays each year; 8 occasional absence days each year, unless otherwise required by law; between 15 to 25 vacation days each year, depending on career level; and years of service.

To learn more about these and other programs, including benefits for full time and part-time employees, visit ~~~ > New to PNC.

_*For more information, please click on the following links:_

Time Away from Work (~~~)

PNC Full-Time Benefits Summary

PNC Part-Time Benefits Summary (~~~)

Disability Accommodations Statement

If an accommodation is required to participate in the application process, please contact us via email at ~~~ . Please include "accommodation request" in the subject line title and be sure to include your name, the job ID, and your preferred method of contact in the body of the email. Emails not related to accommodation requests will not receive responses. Applicants may also call ~~~ and say "Workday" for accommodation assistance. All information provided will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

At PNC we foster an inclusive and accessible workplace. We provide reasonable accommodations to employment applicants and qualified individuals with a disability who need an accommodation to perform the essential functions of their positions.

Equal Employment Opportunity (EEO)

PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law.

California Residents

Refer to the California Consumer Privacy Act Privacy Notice (~~~) to gain understanding of how PNC may use or disclose your personal information in our hiring practices.