Manager, Identity and Access Management (IAM)

JOB SUMMARY:

The Manager of Identity & Access Management (IAM) for Caesars is responsible for implementing and managing the IAM program and strategy at a tactical and operational level to ensure that security controls are functioning efficiently and effectively and that account provisioning and de-provisioning is meeting or exceeding established service level agreements (SLA's). Furthermore, this position also supports the DDS Team in doing security research and development, product evaluations, consulting, project support, and any other operational tasks needed to support the overall requirements of the IAM program and strategy. The position provides business and security expertise to establish and implement security related standards, procedures, and guidelines appropriate to securing the existing environment in partnership with various properties and Information Technology.

DIRECTLY SUPERVISES (PLEASE LIST POSITION TITLES):

IAM Administrator(s)

Systems Analyst(s)

KEY JOB FUNCTIONS:

Strategic Planning & Management

  • Manage and oversee the IAM Team including all the IAM functional tracks: User Certification/Compliance, Provisioning/De-provisioning, Privileged User Management,
  • Manage the activities of the IAM Team working directly with the IT Department, properties, Corporate Departments, and project teams
  • Oversee all processes and projects managed by the IAM Team and act as the final reviewer and sign-off of all project work completed by the team members
  • Develop and maintain project/initiative roadmaps for the IAM organization to align with overall DDS and business objectives
  • Review and sign-off on all recommendations on possible improvements resulting from the work performed as part of projects
  • Sign-off on all projects after reviewing all security deliverables prepared by members of DDS

Operational Planning & Management

  • Support all activities performed by the IAM Team associated with the deployment and maintenance of all IAM solutions, policies, processes, and procedures
  • Manage team activities to ensure service level agreements (SLA's) are being met or exceeded
  • Provide for the identification, selection, testing, implementation, and management of an enterprise-wide identity management solution that will include: Role Based Access (RBAC) entitlement and provisioning, and authentication (proof of user identities)
  • Select and implement IAM solution(s) that would best match the company's business requirements and framework
  • Develop IAM security strategy, roadmap, policies, standards, procedures, and guidelines that will assist the IT Department in integrating IAM requirements within their systems
  • Integrate IAM requirements within new and existing systems, applications, and databases
  • Develop/maintain an enterprise-wide RBAC program to ensure compliance with regulatory requirements, best practices and company policies
  • Evaluate and participate in outsourcing initiatives and/or third-party processing
  • Provide understanding of IAM and influence the Application Development Teams (as well as the properties and Corporate Depts) in integrating IAM security at the design and development phase
  • Contribute to the technical understanding and promotion of new and existing cyber security standards, solutions and tools with respect to IAM
  • Engineer and optimize technical solutions and processes for monitoring the security health

Security Risk Management

  • Develop security policies, standards, risk/threat models, procedures, and guidelines that will assist the IT Department and properties in integrating security requirements within their networks, systems, applications and databases
  • Manage the IAM aspect of various audits, PCI, assessments, etc. to ensure that all outstanding findings and gaps are resolved by the various properties and IT
  • Partner with DDS Management to build an integrated end-to-end security risk and compliance framework to protect the Company's information assets and supporting resources
  • Be a major influence in promoting the understanding of new and existing information security standards, solutions and tools with respect to IAM
  • Advocate and promote informational security awareness, education and training programs to promote the knowledge of information security issues throughout all areas of the organization
  • Using the DDS security risk management framework, ensure that all IAM activities are completed timely and with the utmost quality
  • Review and sign-off on all IAM deliverables including test results, recommendations and remediation plans
  • Identify areas that would benefit Compliance, Internal Audit, External Audit and other regulators to enable them to streamline their audit activities and leverage DDS security tools and processes; manage the overall integration of these groups within DDS

Incident Management

  • Support the DDS Team with regards to access-related incidents and/or investigations

Research & Development

  • Provide functional/technical briefings to the CISO and other key stakeholders such as the CIO on current security issues; contributing to the technical understanding and promotion of new and existing information security standards, solutions and tools; serving as a technical communication channel to the CISO
  • Provide R&D and consulting support to the DDS team, IT and business projects as needed
  • Evaluate and participate in outsourcing and/or third-party initiatives that would outsource data processing and management

Documentation, Reporting & Analytics

  • Design an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyzing trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; reporting security metrics and statistics to the CISO and other key stakeholders such as the CIO
  • Document and follow-up on security exceptions relating to IT and property activities that could negatively impact security risks and/or not adhere to established policies, standards, or procedures
  • Manage all SOC requirements with regards to IAM metrics and ensure that metrics are gathered on a daily basis
  • Manage all IAM metrics for the quarterly CISO dashboard and other reporting requirements
  • Prepare project plans, status reports, and other management metrics as needed

Performance and Training Management

  • Mentor IAM staff on fundamentals of security threats, vulnerabilities, and testing methodologies
  • Provide training and advice to junior security staff and/or other non-security professionals (IT, properties, e.g.)
  • Manage and coach current direct reports to ensure they perform at the highest level of quality and are able to achieve current goals including keeping
  • Establish and monitor team's goals and ensure they are aligned with the CISO's security strategy and direction
  • Self-manage career in security by leveraging available courses in-house and courses offered externally; prepare a career plan for short-term and longer-term performance management

Organizational Planning and Management

  • Implement organizational structure and staff the organization to support DDS' goals and objectives
  • Coordinate projects with the IT and property teams and for projects internal to DDS
  • Assist with general administrative activities in collaboration with all team members
  • Manage vendors' activities and relationships as needed including SOWs, maintenance renewals, licensing updates, etc.

EDUCATION and/or EXPERIENCE:

  • Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MIS required
  • Certified training in security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, or related certification(s) required

QUALIFICATIONS:

  • 5+ years related business experience
  • Previous experience in management role (preferably information security or information technology) with direct reports
  • Superior communications skills, both verbal and written
  • Direct experience managing multi-faceted IT integration projects
  • Working knowledge of process engineering and technical requirements generation in the user environment
  • Experience with current concepts in project risk assessment, metrics generation and analysis and risk management
  • Requires knowledge of underlying platform(s); prior experience working with interdependent platforms; working knowledge of standards and impact of non-standard approaches
  • Technical/Functional knowledge of business processes and procedures and underlying technical workings of system to support it
  • In-depth knowledge of business operations at various levels: IT, properties, accounting, HR, etc.
  • Ability to maximize system to support business processes, recommend and influence business process change to maximize use of system

WORK ENVIRONMENT:

Office at One Harrah's Court

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Caesars Entertainment reserves the right to make changes to the job description whenever necessary.

As a part of Caesars Entertainment's employment process, finalist candidates will be required to complete a drug test and background check prior to an offer being extended. Caesars Entertainment Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, national origin, gender, age, religion, disability, sexual orientation, veteran status, or marital status.


Meet Some of Caesars Entertainment's Employees

Arielle K.

Channel Marketing Analyst

Arielle creates easy-to-understand reports that encompass all of the company’s wants and needs so that they can be quickly incorporated into the organization’s roadmaps for implementation.

Katy K.

Director of Marketing Reinvestment

Katy partners with Caesars Entertainment’s Direct Mail and Email Marketing Team, Analysts, and Events Department to create awesome offers and customer participation programs for the Las Vegas region.


Back to top