Access Management - Security Analyst

Summary:

Meta is seeking an experienced InfoSec, Access Management Analyst to join the Information Security team. This position will be responsible for understanding and supporting the design of Meta's organizational, procedural, and technological security controls within the context of the global regulatory frameworks applicable to Meta and its suite of affiliated businesses (Instagram, Oculus, WhatsApp, etc.). This analyst will support the access compliance function and will be responsible for compliance and governance activities related to the Identity and Access Management domain across Meta. The analyst will also assess and evaluate integrations to provide resolution of complex system problems and meet evolving business and security needs. An ideal Security Analyst - Access Management is someone that has a solid understanding of the broad aspects of information security and can apply that knowledge to solve problems at scale. This role requires a broad mix of business and technical acumen coupled with polished communication and a strong desire to learn.

Required Skills:

Access Management - Security Analyst Responsibilities:

1. Understand the security needs of internal and external stakeholders, regulators, and auditors. Support IAM related controls for an increasing number of regulations including SOX, SOC2, PCI and ISO27001

2. Support the communication of policies, procedures, and processes to internal stakeholders regarding security and compliance best practices around applicable laws, regulations, and controls

3. Work with cross-functional teams to assess business and access workflows, review internal and external tools for risk concerns, address permission gaps, and improve data quality

4. Support the development of new standards, policies, and guidelines and necessary modifications to existing ones

5. Provide walkthroughs to external regulators and auditors on Access Management controls and safeguards. Negotiate with regulators to get to an agreed upon approach that is compliant to regulatory requirements as well as aligns with Meta’s internal approach and needs

6. Continuously assess and drive improvements of internal Meta tools, technical capabilities, and business processes to improve technical enforcement of access management and enforcement principals by working with business and software engineering partners

7. Support the identification, implementation, and maintenance of automated technical security controls required by various technical regulatory compliance frameworks

8. Guide the development of administrative and enforcement tools, access controls, alerts and anomaly detection, escalation workflows, and UX design

9. Serve as the technical subject matter expert for access management at Meta

10. Work with overall Access Management Lead, Information Security, and cross-functional partners to build, maintain, and execute on a roadmap considering short, medium, and long term access control and operational needs for tools

11. Understand technical implementation details for implementing access management and security controls

12. Oversee operations team responsible for performing access reviews on a periodic basis of the company assets

13. Perform and oversee periodic review of existing Security controls and safeguards

14. Ensure successful transition of project deliverables to support/maintenance/operations teams

Minimum Qualifications:

Minimum Qualifications:

1. 5 years of working experience in access management data analysis, and/or information security capacity

2. Understanding of SOX and SOC2 controls. Experience to communicate effectively to internal and external auditors

3. Experience in information security concepts and applying them at scale

4. Experience independently leading projects to completion

5. Experience with working with leadership and engineers

6. Experience working independently and collaboratively across various levels and teams

7. Communication, presentation, and interpersonal experience

8. Experience working across cross-functional teams

9. Experience managing competing priorities and simultaneous projects

10. Experience in SQL (Oracle, Vertica, Hive, MySQL, etc.), data visualization (Tableau or other), and Excel

Preferred Qualifications:

Preferred Qualifications:

1. BA/BS in Computer Science or equivalent, Math, Statistics, Economics, Physics, or equivalent quantitative field

2. Strong desire to learn and continuously develop and deepen technical skills

3. Familiarity with scripting languages, SQL, PHP, python, and web development

4. Certifications in one or more of the following areas: CISSP, CISA, CISM, GISO, GCIH, CIPP

5. Strong track record of understanding and interest in current and emerging technologies demonstrated through training, job experience and/or industry activities

6. Independent worker and motivated self-starter, thrives on ambiguity

7. Change-oriented – proactively generates process improvements, supports, and drives change, and confronts difficult circumstances in creative ways

Public Compensation:

$130,000/year to $185,000/year bonus equity benefits

Industry: Internet

Equal Opportunity:

Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. You may view our Equal Employment Opportunity notice here. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. We may use your information to maintain the safety and security of Meta, its employees, and others as required or permitted by law. You may view Meta's Pay Transparency Policy, Equal Employment Opportunity is the Law notice, and Notice to Applicants for Employment and Employees by clicking on their corresponding links. Additionally, Meta participates in the E-Verify program in certain locations, as required by law