• Competitive
  • Gurgaon, Haryana, India
  • Permanent, Full time
  • Moody's
  • 2019-03-26

Business Analyst - Information Risk and Security Access Management

Location: Gurgaon, Haryana, India


The Role / Responsibilities:

Moody's IT Risk is looking for a Business Analyst of Information Risk and Security Access Management to

join its growing organization. This is a challenging position requiring a strong background in Information

Security practice, deep knowledge of Information Security standards, best practices, technologies and

processes, as well as solid communication and organization skills. The candidate is very motivated and

willing to take on challenges, able to multi-task to succeed and has the ability work independently and with

minimal oversight.

The Moody's Information Security team is responsible for helping the organization balance risk by aligning

policies and procedures with Moody's business requirements. The team has global responsibility for the

development, enforcement and monitoring of security controls, policies and procedures, and for the

delivery of security services. The Information Risk and Security team sets strategic direction for security

within the organization and aligns with stakeholders throughout the company. The team is responsible for

key programs including Information Risk and Security Operations, Engineering, Patch and Vulnerability

Management, Data Loss Prevention, Access Control, Threat Management, Security Monitoring and Incident

Response.

The Business Analyst - Information Risk and Security Access Management will serve as a functional subject

matter expert and customer liaison for the Identity and Access Management (IAM) platform solutions. The

candidate is responsible for providing overall customer guidance in functional capabilities and best practices

usage of the IAM environment. The successful candidate will have a strong background in the areas of

Identity and Access Management, security access automation technologies, business process and service

desk ticketing systems, awareness of security best practices standards (ISO, NIST, COBIT), audit and

regulatory frameworks such as SOX as well as ITIL processes. Strong documentation skills are also crucial to

successful process and project delivery.

Functional Responsibilities

• Should have good Hands-on experience on access management tools like Active Directory,

Microsoft Exchange, IDAM etc.

• Experience in oversight, governance and operations of all aspects of access management.

• Ability to capture business requirements and define specifications.

• Ability to perform requirements fit/gap analysis.

• Knowledge and proficiency in business process optimization.

• Demonstrated knowledge and understanding of User provisioning for different accounts - Created

and managed user accounts in Active Directory and various customized applications used by end

users for regular day to day activity.

• Demonstrated Good knowledge on ITIL process and should be well versed with incident and request

management.

• Knowledge and proficiency in troubleshooting application problems/issues (from a functional

perspective).

• Ability to guide/train application users in the use of application features, functions and best

practices.

• Should be able to provide On-call support for the emergency and high severity issues.

• Should be able to develop and improve Standard Operating Procedures according to the

requirement.

• Should be able to assist management with monitoring systems and networks by reporting incidents

and anomalies to appropriate security and client staff and management.

• Should be able to develop and improve Standard Operating Procedures according to the

requirement.

Qualifications
Required Qualifications:
Minimum education and work experience required for this position include:
• Minimum of 2-3 years of experience with access administration
• General understanding of Identity Management (IDM) and security concepts.
• Hands-on knowledge on tools like active directory, IDAM, Microsoft exchange, Varonis etc.
• Practical knowledge and experience with Identity Management technologies.
• General understanding of Role Based Access Control, Governance and Access Certification in
Sailpoint.
• General understand of PDLC, ITIL processes.
• Should be comfortable working in 24x7 environment and on weekends as well.
• Excellent analytical and problem solving skills required.
• Excellent verbal and written communication skills.

Key Competencies:
• Ability to operate within a high performing, motivated team, and adapt direction to accommodate
changes in priorities.
• Knowledge of and experience with current and emerging access management technologies
including IAM and Privileged Access Management tools (Sailpoint), File Share Access Auditing
(Varonis), Hitachi ID (HIPAM) and Active Directory (AD)
• Strong knowledge of Access Management business processes/workflows, and associated tools
(Service Now).
• Build RCA on repetitive errors and suggest a plan to mitigate.
• General knowledge of best practice standards that govern Information Security such as ISO, NIST
and SANS.
• Strong written and oral communication skills including the ability to interact directly with customers
that do not have an IT background.
• Proven ability to work within a large enterprise that spans multiple continents, is governed by
change management and has a tiered support model.

Preferred • BS or BA degree, preferably in technology/business or equivalent.
• Relevant certifications such as ITIL, MSCIT are plus.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.