Identity & Access Management is the management of policies, procedures and controls to ensure that only authorised individuals access information or computer-controlled resources.
Identity and Access Management (IAM) is an essential part of day-to-day life in all organisations, even more so in larger organisations with greater amounts of sensitive commercial or client information to protect.
There is a team of specialists with shared responsibility that manage identities and access as part of a broader role in system administration. This ensures there is an effective operation and development of the IAM system within the organisation.
On a daily basis, the team is conscientious, positive, comfortable working in an IT-focused environment and able to prioritise to meet changing demands. These tasks range from basic user account administration and creating/auditing user access information, to conducting risk assessments on the organisation’s IAM and providing solutions to improve the system.
If there is a security incident, the response needs to be quick, and an investigation effort untaken to find out what happened and who was involved. There will be continuous improvement on how to manage the IAM, especially looking at ways to reduce the risk of breaches, usually working with other teams in the organisation such as IT and HR.
Identity and Access Management (IAM) is an essential element of the cyber security protection of an organisation, ensuring that people only access systems and data if they allowed to do so.
In detail, you might:
For Identity and Access Management roles, titles include:
For more experienced Identity and Access Management roles, titles include:
An apprentice working in Identity & Access Management might earn between £19,000 and £20,000 a year.
An Identity and Access Management role could earn between £30,000 and £63,000. The median salary in March 2021 was £33,492.
A senior Identity & Access Management role could earn between £70,000 and £120,000. The median salary for an Identity & Access Management Consultant in March 2021 was £82,500.
The salary ranges are based on job vacancy advertisements published online in March 2021. Median salary figures are taken from calculations performed by www.itjobswatch.co.uk.
Each of the 16 specialisms are based on knowledge areas within CyBOK.
More information on CyBOK knowledge areas can be found here.
Here are the knowledge areas associated with Cyber Security Governance & Risk Management
Core knowledge – you will need a very good understanding of these areas
All aspects of identity management and authentication technologies, and architectures and tools to support authorisation and accountability in both isolated and distributed systems.
Issues related to web applications and services distributed across devices and frameworks, including the diverse programming paradigms and protection models.
Related knowledge – you will need a solid understanding of these areas
Security management systems and organisational security controls, including standards, best practices, and approaches to risk assessment and mitigation.
Data confidentiality, control and protection of personal and valuable information to ensure privacy is maintained and recognised as a fundamental human right.
Operating systems protection mechanisms, implementing secure abstraction of hardware, and sharing of resources, including isolation in multi-user systems, secure virtualisation, and security in database systems.
Core primitives of cryptography as presently practised and emerging algorithms, techniques for analysis of these, and the protocols that use them.
Wider knowledge – these areas will help to provide context for your work
The configuration, operation and maintenance of secure systems including the erection of and response to security incidents and the collection and use of threat intelligence.
The legal and regulatory topics that merit consideration when conducting various activities in the field of cybersecurity.
Understanding an attacker’s motivations and capabilities, and the technological and human elements that adversaries require to run a successful operation.
For a more experienced professional:
CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs).
A6 – Legal and Regulatory Environment and Compliance
E2 – Secure Operations & Service Delivery
G3 – Identity and Access Management (IAM/IdM)
*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.
Any roles to that many have acquired skills that can be applied to an Identity & Access Management role that involves detailed, methodical work and the application of security rules.
With the addition of specialist training, roles that may provide a good foundation for a position in this specialism include:
From a role in Identity & Access Management, you might move to a position in one of these other cyber security specialisms:
With experience, you might progress within the Identity and Access Management specialism to become a Chief Data Protection Officer.
Our qualifications framework is currently under development. Sign up to our newsletter here to be notified when this is published.
Entry route information can be found here.
You can also visit the National Cyber Security Centre website at the links below: