Title:  Role and Access Manager

Primary Purpose of Job:

The Role and Access Manager is responsible for the development and maintenance of the Identity and Access Management framework for the QuikTrip Corporation. In conjunction with business leadership and IT technical personnel, the Manager will ensure that QuikTrip’s access controls are consistent, scalable, and auditable across the organization. This position will interface with the QuikTrip user and technology communities to understand their security needs and implement access controls to accommodate them, employing a least-privileged model for access control. The Manager will act as an advisor to business units during routine reviews of system security and will participate in the continuing creation, modification, and retirement of roles within the business. Additionally, the Manager will coordinate with technical IT operations personnel on the development of appropriate onboarding and offboarding processes for personnel and systems QuikTrip’s chosen access control technologies. A successful Roles and Access Manager will have a multidisciplinary background in areas such as process development, systems and/or business analysis, and identity management. The Manager must thrive in fast-paced situations. This position is heavily reliant on teamwork and is responsible for mentorship of less experienced workers in the area of role-based access control and identity management.

Location: Fully Onsite

Major Functions:
Role-Permissions Analysis - 40% of total job

1. Understand/Analyze/Document the goals and scenarios for roles (requirements)
   1. Understand business functions and entitlement requirements for roles
   2. Understand how regulatory and policy statements impact roles and entitlements (HIPAA, PII, CDE, etc.)
   3. Analyze role and permissions candidates (developing the roles and entitlements)
2. Manage/Analyze/Communicate
   1. Permission Context (translate role scenarios into permissions)
   2. Permission Constraints and Privacy Expectations (segregation of duties and policy constraints)
   3. Functional Requirements (from systems, applications, job descriptions, etc.)
3. Work with Cybersecurity for on-going discovery and audit of user accounts and access resource groups
4. Document access control matrices
5. Participate in discussions to refine existing RBAC structures and role rationalization
6. Ensure application onboarding and decommissioning processes address changes to RBAC roles or entitlements

Role-Permissions Management - 40% of total job

1. 1. Proactively facilitate the management of permissions and entitlements, drive efficiencies in role entitlements
   2. Serve as Liaison for RBAC/IAM issues
   3. Manage Role Based Access controls, including role management, role mining, role remediation, and role re-certifications
   4. Maintain user role definitions while maintaining naming conventions and updating entitlements as needed.
   5. Change contexts, constraints, purpose, and hierarchies that feed RBAC rationale
   6. Manage discovery and audit of user accounts and access resource groups
   7. Work with IT Security Audit personnel to monitor access to critical systems and infrastructures such as Active Directory, E1, Cognos, TMA, etc. (Splunk alerting – analysis of who is requesting what types of entitlements in key applications, etc.)
   8. Conduct change impact assessments (example: departmental re-structuring)
   9. Maintain an understanding of access with respect to roles, rules, and policies.
   10. Participate in kick-off and training on periodic access certification reviews for Role & Resource Owners.

Other job functions that support sustaining RBAC - 15% of total job

1. 1. Participate in Sprint Planning meetings or review meeting outcomes to review significant System/Software configuration changes across technology infrastructure and business applications for change management
   2. Participate and review User Acceptance Testing and Quality Assurance post RBAC deployment

Stay abreast of Identity and Access Management trends and technologies - 5% of total job

1. 1. Research, develop and stay current on access management techniques.
   2. Participate in the evaluation and recommendation of security products, services and/or procedures.
   3. Help develop security awareness content and provide education on security policies and practices both internal and external to the group.

Position in Organization:

Reports to: Director of Cyber Security
            Indirectly Supervises: Third party resources, vendors

Relationships:

Inside the Company: IT internal staff, internal audit, QuikTrip management group, RBAC business unit owners, and User community at large.
Outside the Company: Consultants, auditors, and vendors. Professional organizations.

Position Specifications:

Required Education: Bachelor’s degree or equivalent work experience.
Desired Education: Specialized education in business analysis, IT audit, or process development. ITIL or CISA certification or other relevant certification.
Required Experience: 6 years of business analysis, identity management, or IT audit experience in large, complex corporate environments, particularly in multi-state retail. Advanced experience with identity management or access control methodologies and solutions.
Desired Experience: 6 years of experience and advanced knowledge in building and supporting access controls. Experience leading and/or mentoring junior personnel. Experience planning, maintaining, and implementing an RBAC scheme. Deep experience driving continuous improvement of technology and practices.
Required Skills: Strong understanding of identity lifecycle management, operating environments (such as Microsoft Active Directory, Azure cloud, etc.), privileged access management, and third party, remote access security. Knowledge of network authentication methods, such as user IDs, passwords, MFA, certificates, Kerberos, etc. Excellent ability to analyze and understand business processes and functions. Ability to interact with business leadership and drive the adoption of process change. Strong written and oral communication skills including documentation. Ability to work with little direct supervision, and to foster a team environment. Ability to seek out and implement ways to help other team members to be successful.
Desired Skills: Knowledge of PCI-DSS, HIPAA, and application security controls. Working knowledge of identity and access management systems.

Additional Criteria:

Must be able to communicate technical information to non-technical personnel. Must have superior relationship-building abilities within the QuikTrip business community. Some travel is required.

On call 24 hours per day, seven days per week. Must be able to work under pressure and provide guidance to Information Technology users during crisis modes.

This position requires the employee to be available by phone and/or email and/or have accessibility to calendar, contacts, and data while out of the office.

Starting Salary: $103,300-$129,200