Job Description
In this role, you will help ensure that Heathrow's Identity & Access Management approach is securely designed, effectively managed, and aligned with the highest cybersecurity principles. You will bring a strong understanding of identity governance, user access lifecycle management, directory services, and privileged access management, ensuring our systems meet industry standards and regulatory requirements.
Responsibilities
* Identity Lifecycle Management - Reviewing and automating joiner-mover-leaver (JML) processes, enforcing RBAC, and integrating identities with cloud and third-party services.
* Authentication Controls - Verifying SSO, directory services, and MFA configurations across all internal and external applications.
* Secure Authentication Design & Troubleshooting - Advising on secure authentication flows and investigating authentication failures or access anomalies.
* Access Governance Oversight - Conducting periodic access reviews, analyzing entitlements for toxic combinations, and ensuring least privilege and segregation of duties.
* Access Policy & Reporting - Maintaining access policies, approval workflows, and providing logs and evidence for audits and regulatory reporting.
* PAM Platform Configuration - Aligning the privileged access management platform with industry best practices and integrating it with wider security tools.
* Privileged Access Assurance & Incident Support - Reviewing privileged assignments, monitoring privileged activity, and supporting cyber-incident investigations.
* Identity Analytics & Monitoring - Using SIEM, building dashboards, KPIs, and playbooks to detect anomalous identity behavior and improve security posture.
* Threat Hunting & CDC Support - Utilizing identity data for threat hunting and assisting the Cyber Defence Centre in triaging identity-related incidents.
* Documentation, Collaboration & Continuous Improvement - Maintaining IDAM standards, contributing to projects and upgrades, staying current with trends, and participating in audits and risk assessments.
Qualifications
* Extensive experience in identity and access management, including hands-on work with platforms like Azure AD, Entra, Defender for Identity, and BeyondTrust.
* Deep understanding of identity lifecycle, RBAC, and access control models.
* Familiarity with cloud environments from an IDAM perspective.
* Experience ensuring compliance with standards such as NIST, ISO 27001, PCI-DSS, GDPR.
* Strong knowledge of identity governance, authentication protocols (SAML, OAuth, OpenID Connect), and directory services (AD, Azure AD).
* Experience with security audits, access reviews, and compliance requirements related to identity security.
* Ability to analyze access data, logs, and entitlements to identify risks.
* Understanding of Zero Trust architecture principles as applied to IDAM.
* Familiarity with identity analytics tools and SIEM solutions like Sentinel.
Preferred Qualifications
* Experience participating in audits, including evidence gathering and control walkthroughs.
* Experience with PAM technologies such as BeyondTrust.
* Experience with ITSM platforms like ServiceNow for access workflows and incident management.
* Understanding of security challenges in regulated industries.
About the Team
At Heathrow, our team works to enhance passenger experiences and support sustainability efforts. We focus on project management, process improvement, technology, cyber defense, infrastructure, and procurement. Our environment encourages collaboration and innovation, offering opportunities to work on large-scale projects that impact millions of travelers and support the airport's operations. #J-18808-Ljbffr