Multi-Tenant Access Control & Role Governance Consultant

📋 Description

• Lead the transition of access control from a single-tenant to a multi-tenant framework, ensuring that compliance and security measures are inherently integrated.

• Act as a key contributor to the Role Discovery and Governance Program, focusing immediately on the analysis and documentation of over 200 existing platform roles to ensure SOX compliance.

• Collaborate with Governance, Risk, and Compliance (GRC), Security, Engineering, and Product teams to develop and maintain a centralized Role Catalog, serving as a definitive source for all access permissions.

• Record the business rationale, ownership, and usage patterns for each role to remove uncertainty and facilitate future migration to a new Role-Based Access Control (RBAC) system.

• Assist in formulating and executing a formal governance process for the complete role lifecycle, encompassing creation, modification, deprecation, and regular access reviews.

• Evaluate the existing role landscape to pinpoint opportunities for simplification and consolidation, proposing the removal of redundant or unused roles.

• Collaborate with business process owners and engineering teams during the design and alteration of processes and controls to ensure alignment with our multi-tenancy objectives and compliance standards.

• Interact with both internal and external auditors to aid in SOX audits, control assessments, and the remediation of any identified shortcomings.

⛳️ Requirements

• 5-7 years of professional experience.

• 3-5 years of experience in Information Security, particularly in Identity and Access Management (IAM), Role-Based Access Control (RBAC), and risk management.

• Direct, hands-on experience with SOX compliance is essential; familiarity with frameworks such as NIST, COSO, or ISO 27001 is advantageous.

• Strong communication skills to convey complex security and risk concepts to a wide range of audiences, from engineers to business executives.

• Proven ability to work collaboratively across different functions to implement new security programs and controls.

• Understanding of the unique challenges associated with securing large-scale platforms; experience in a SaaS or multi-tenant setting is highly preferred.

• Empathetic and accountable, able to work with teams to develop practical solutions that balance security needs with business objectives.

• Enthusiastic about investigative challenges, skilled in identifying root causes of issues, and capable of driving effective remediation plans.

🏝️ Benefits

• Competitive salary and comprehensive benefits package.

• Opportunities for professional development and career advancement.

• Collaborative work environment with a focus on innovation and impact.