Part Time – 17.5 hours per week

PRIMARY PURPOSE OF THE JOB

2 of the AIM Analysts will report into the Access & Identity Management Authority and have a general responsibility for AIM compliance across the company. One of the AIM Analysts reports into a business line manager within the Operations Department and has responsibility for ensuring the Operations Department are compliant with AIM requirements.

The AIM Analyst supports all business processes covered under AIM.

MAIN RESPONSIBILITIES

Undertake the collation and gathering of all relevant information required to enable the execution of the annual, bi-annual andlocalrecertification process:
Prepare the recertification spreadsheets
Create the staff lists of business roles, verify line management / authorisation management and submit to HQ for the production of the access authorisation spreadsheets
Manage the approval process with the organisational units including physical sign off of spreadsheets
Resolve recertification queries and mis matches with organisational units and User Management and produce the remediation action list for submission to HQ
Track and complete the remediation measures and confirm completion to HQ.
Support operational areas with role structure and resourcing to mitigate Segregation of Duties (SoD) conflicts.
Provide the AIM Authority with the completed annual and bi annual re-certifications for review and submission to HQ
Support operational functions in complying with AIM requirements ensuring SoD conflicts are managed effectively through the application and definition of appropriate business roles
Act as the first point of escalation where an SOD conflict is detected during an access request
Facilitate the approval or removal of identified SoD conflicts for user or role through liaison with the AIM Authority
Where SoD conflicts exist support organisational units on the definition and design of relevant compensating controls
Identify and escalate to the AIM Authority where VWFS are not compliant with AIM requirements. Suggest ideas to improve compliance and implement improvement activities.
Ensure that applications, and changes to applications, are compliant with AIM requirements prior to deployment through Acceptance into Service. Escalate to the AIM Authority where criteria is not being fulfilled.
Track the review of Authorisation Concepts to ensure that Authorisation Concepts for Basic Protection Needs applications are reviewed biennially, and that Enhanced Protection Needs Applications are reviewed on an annual basis.
Complete adhoc and scheduled reviews of Privileged Access Management compliance
Work with organisational units and project teams to ensure new or changes to business and system roles meet AIM requirements

PRINCIPAL CONTACTS / WORKING RELATIONSHIPS

AIM Authority – work closely with to complete the AIM activities eg recertification preparation and issue. gathering of all relevant information required to enable the execution of the annual, bi annual and local recertification process:

Senior Managers / User Management – Resolve recertification queries and mis matches with organisational units and User Management

Work with organisational units and project teams to ensure new or changes to business and system roles meet AIM requirements

DECISION MAKING SCOPE

Facilitate the approval or removal of identified SoD conflicts for user or role through liaison with the AIM Authority

Manage the recertification approval process with the organisational units including physical sign off of spreadsheets

KEY CHALLENGES

Guidelines provided by HQ and supported by AIM Authority.

Volume of users and roles make the recertification exercise complicated and quite cumbersome. Attention to detail essential. Ability to interpret large data sets / excel spreadsheet essential.

Deadlines are critical and set by HQ, relatively short lead times. Need to be able to work flexibly and respond quickly to ad hoc request from HQ