Personal attributes

ability to work on your own as well as within a small team
interpersonal skills, including customer service
communicating technical and non-technical information to a wide range of audiences

attention to detail, with a logical and methodical working practice
a positive, organised, and motivated approach to work, with the ability to meet deadlines
strong IT skills, able to analyse data for reporting purposes and follow work instruction
experience of developing new processes and ways of working
evaluating the probable social, commercial, cultural, ethical and environmental consequences of an action

For a more experienced professional:

working and influencing cross-functionally and managing external agencies
providing expert advice and accurate analysis, complying with all relevant regulations, to senior stakeholders

Specialist skills

application of Authentication & Authorisation principles and processes

application of industry standard IAM protocols, such as Kerberos, OAuth, FIDO, SCIM, LDAP, SAML
application of Identity and Authentication solutions, such as Okta, Auth0, Active Directory & Azure AD
application of LDAP\Active Directory services, MFA, risk-based authentication and privileged access management
application of cyber security principles such as Least Privilege and Separation of Duties
auditing user and process access, including interpreting system logs

CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs).

A6 – Legal and Regulatory Environment and Compliance

Principles:

understands the legal and regulatory environment within which the business operates
ensures that Information Security Governance arrangements are appropriate

ensures that the organisation complies with legal and regulatory requirements

E2 – Secure Operations & Service Delivery

Principles:

securely configures and maintains information, control and communications equipment in accordance with relevant security policies, standards and guidelines. This includes the configuration of Information Security devices (e.g., firewalls) and protective monitoring tools (e.g., SIEM)
implements security policy (e.g., patching policies) and Security Operating Procedures in respect of system and/or network management

undertakes routine technical vulnerability assessments
maintains security records and documentation in accordance with Security Operating Procedures
administers logical and physical user access rights
monitors processes for violations of relevant security policies (e.g., acceptable use, security, etc.)

G3 – Identity and Access Management (IAM/IdM)

Principles:

directs, oversees, designs, implements, contributes to, or operates within identity and access management policies, procedures, processes and controls to ensure that access by individuals to IT and information resources is controlled effectively, operating within legal and regulatory constraints and meeting business requirements

*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.

Experience

Any roles to that many have acquired skills that can be applied to an Identity & Access Management role that involves detailed, methodical work and the application of security rules.

With the addition of specialist training, roles that may provide a good foundation for a position in this specialism include:

police services: communication security, data management or information security
Armed Forces: communication security, data management or information security

business information management
finance, especially in compliance or KYC roles
legal services
security, especially personnel and technical

Identity & Access Management

More about a career in Identity & Access Management

An introduction to this specialismWorking life

An introduction to this specialism

What will your responsibilities include? What are your tasks likely to include?Responsibilities

What will your responsibilities include? What are your tasks likely to include?

What core, related and wider knowledge is important for working in this specialism?Knowledge

What core, related and wider knowledge is important for working in this specialism?

What personal attributes might you need? What specialist skills are important?Skills

What personal attributes might you need? What specialist skills are important?

What other cyber security or IT role might you progress to from this specialism?Moving on

What other cyber security or IT role might you progress to from this specialism?

Which certifications and qualifications are relevant to roles in this specialism?Qualifications

Which certifications and qualifications are relevant to roles in this specialism?