Associate IT Security Specialist I

What do we need:

An experienced security professional that has worked with enterprise scale Identity Management systems.

What’s special about this team:

Amway is the world’s No. 1 direct selling business, according to the Direct Selling News Global 100. Established in 1959, with sales of $7.4 billion, Amway operates in more than 100 countries and territories. We manufacture and distribute 450+ consumer products that support health and well-being. More than 14,000 employees worldwide support millions of Amway Business Owners who sell Amway products.

The Information Security and Risk team has about 60 team members located around the globe..  You will be working closely with colleagues in Malaysia and the United States, while supporting teams around the world.  Our main goal for the team is protecting information for our customers and employees.

What’s special about this role:

Within our Security Engineering and Operations function we focus on helping our customers design, implement and operate effective access controls that protect against threats & supports business objectives. As Amway matures our digital business model, more data is generated and shared among organizations, partners, and customers.

You’ll play an integral role in helping Amway ensure we are protected by using the latest strategies and tools in effectively supporting user lifecycle management, access/entitlement reviews, and identity governance.

In joining, you’ll be a part of a collaborative team that values technical and business acumen and provides training and development to extend and develop you as a professional.  You will help create the Identity Management strategy and work with the team to execute against it.

The role will include primary responsibility for:

• Participate creation of Identity Management security controls documentation.
• Manage, configure, and support Identity Provider/IdP (e.g., Microsoft Entra) for Single Sign-On (SSO)
• Manage, configure, and support Identity Governance and Administration system (e.g., Omada)
• Support existing Multi-Factor Authentication (MFA) for various systems and access points.
• Review and advise partners regarding the security posture in Microsoft Entra ID
• Support existing entitlement system for access auditing & reporting (e.g., RSA Identity & Lifecycle Governance).   Help evaluate improvements or new vendors in this space.
• Advise on user lifecycle management and access management processes to help evolve identity management maturity in IT and the business.
• Accountable for supporting and maintaining existing identity tools and processes and the infrastructure required to support them to provide security governance.
• Create and provide guidance on implementation of OIDC and OAUTH for custom application development.
• Ability to automate repetitive tasks.
• Familiar with analyzing risks associated with Identities/users and least privileged access management.
• Capable of building documentation for common roles within an enterprise with pre-defined access.
• Able to triage risky user behaviors and/or suspicious events associated with identities (e.g., account creation, password reset, unusual travel, etc.)
• Support for routine access reviews of critical applications.

Required qualifications:

• A Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Basic knowledge of Identity and Access Management concepts (e.g., user authentication, authorization, roles, and permissions).
• Exposure to cybersecurity concepts and practices, including data protection, encryption, and security protocols.
• A strong interest in pursuing a career in information security and a willingness to learn new tools and technologies in a fast-paced environment.
• Attention to detail
• Good customer service orientation

• Ability to communicate effectively across different levels of the organization (verbal and written) and able to work in a team environment

Skills to be successful in the role:

• Ability to think critically and troubleshoot access management issues efficiently.
• Knowledge of Identity and Access Management (IAM) standards such as OIDC, SAML, OAuth, Scope and Role based access controls.
• Team-oriented with a positive, proactive attitude toward collaborating with cross-functional teams, including information security, technology, and compliance teams.
• Using data to illustrate risks.
• Creating and implementing solutions to address identified risks.
• Familiar with Agile Methodologies.
• Knowledge of security frameworks and how they apply to Identity and Access Management (e.g., ISO 27001, others)
• Occasional travels to other regional and international locations may be needed.
• Possess own transport as this position is based in Bangsar South, KL.