Head of Access Management

Function:  Technology
Location: 

London, LND, GB

Work Arrangement:  Remote

 

Position Title

Head of Access Management

Location

Remote

Reports to

Chief Information and Security Officer

Scope / Brands

Wella Group

ABOUT “WELLA”

“Wella” is one of the world’s leading professional and retail hair companies. It is a beauty collective with a mission to enable consumers to look & feel like their true self. Its love brands, which include beauty icons such as Wella, Clairol, OPI, and GHD (all together “Wella”), are co-created by & designed for the beauty junkies of today & tomorrow. Following the signing of an agreement with global investment firm KKR for the divestiture of Coty’s Professional and Retail Hair businesses, “Wella” is on its way to become a fully independent, standalone company with its own management team and operational structures. Wella Company has a presence in over 100 countries and an estimated annual net revenue in excess of $2Bn. “Wella” and its brands are committed to a range of social causes as well as seeking to minimize its impact on the environment.

ABOUT Global IT

At Wella IT, we partner with every part of the company, enabling effective and efficient business operations. in an international, multi-divisional environment.

Our main objective is to enable our business value through IT, following key operating principles:

 

  1. Value for money – we strive for solutions and decisions that ensure our IT spend delivers value for money, i.e. we look to re-use, buy then build.
  2. Speed and Agility – we embrace change and deliver agile solutions to reduce cost of change and respond quickly to business needs, e.g. maximize use of API without need to redesign.
  3. Compliance – Our solutions will ensure ongoing regulatory and legal compliance to minimize business exposure to risk, i.e. security, data access, GDPR.
  4. IT Operations – we ensure business operations are within agreed risks and costs parameters, i.e. Platform availability, solutions operation, disaster recovery.

THE ROLE

We are currently recruiting a Head of Access Management that will provide strategic leadership for Identity and Access Management, Privileged Access Management (PAM) and Secure Remote connectivity for Wella Company brands globally.

The role will be accountable for safeguarding Wella Company data, IP, people, customers, shareholders, and brand by implementing systems and processes that ensure that the right people have the right access at the right time.

They will support the security operating model by directing, motivating, and developing an appropriately skilled team of resources and implementing optimised processes and tools that comply with business and regulatory requirements, including SOX controls.

 

The successful applicant will be familiar with working within a diverse environment, will have excellent interpersonal skills, will be confident when dealing with Senior and has a track record of managing globally located teams.

KEY RESPONSIBILITIES

In this role your responsibilities will include:

Establish and own access management target operating model:

  • Own and operate the global access management target operating model (business & IT), ensuring resources (e.g. access owners, SOD risk owners, etc) and processes are in place to meet business and regulatory requirements.
  • Establish the global COE for access management, owning and operating policies and standards and providing subject matter expertise on all access related controls. 
  • Establish and chair the global access governance steering committee with global process owners to ensure that access risks are identified and managed in line with business and regulatory requirements.
  • Establish and chair the access governance working group with access risk managers and internal controls to ensure that all access controls are consistently implemented and assured.
  • Responsible for the global segregation of duties (SOD) ruleset, working with access and risk owners to ensure any SOD risks are identified and managed.
  • Control ownership for all access management controls, including SOX.
  • Identity application and access owners are identified for all critical applications, ensuring ownership for access is embedded across the business.
  • Coach, mentor, and review performance of access management team.

 

Ownership of technology and processes to support identity and access management:

  • Develop and implement identity and access management roadmaps, initiatives, and strategies to support the business objectives.
  • Sponsorship of access management transformation, driving the modernisation and automation of IAM processes, establishing best practices and guidelines for IAM operations and capabilities.
  • Build and apply repeatable processes methods and tools for organisation-wide adoption, ensuring all Identity Access Management documentation is created and maintained.
  • Monitor access management performance against applicable Wella Company controls, including SOX controls, as well as recognise the best practice.
  • Develop and implement a comprehensive privileged access management program to ensure the proper use and control of privileged accounts.
  • Identify and drive opportunities for service improvements on an ongoing basis in response to developments in best practice, changes in regulatory requirements, and a clear understanding of the threat environment.

 

Implement and monitor access management controls:

  • Ensure Business and IT access owners implement access principles (e.g. RBAC) on all information systems (e.g. applications).
  • Ensure quarterly access recertifications are in place for in scope applications, working with line managers and access owners to revoke access no longer required.
  • Ensure joiners / movers / leavers and approval processes are executed, simplifying and optimising the joiners experience.
  • Ensure established security controls are in place particularly to new applications or existing applications that will undergo system upgrade.
  • Enforce and assure access management policies, standards, and procedures.
  • Act at point of contact for internal and external audit, owning and mitigating any access related audit findings.

 

QUALIFICATIONS

The person must demonstrate skills in the following areas:

  • Strong leadership and team management.
  • Successful track record of leading a project in a multi-cultural and multi-national environment.
  • Successful track record of 3rd party vendor management / interaction.
  • Successful track record of building relationships at all levels.
  • Demonstrated knowledge of Project Management processes.
  • Demonstrated ability to follow quality assurance processes.
  • Ability to drive change and ensure alignment at every stage from main stakeholders and impacted parties.
  • Ability to understand and synthesise business needs from multiple sources.
  • Issue resolution and value realisation oriented.
  • Analytical and problem-solving skills

REQUIREMENTS

EDUCATIONAL BACKGROUND

  • Higher education (University degree) with an orientation in business / technology related fields

 

PROFESSIONAL EXPERIENCE

  • 10+ years professional experience in security and access management.
  • Previous exposure to delivery & operation across IAM & PAM.
  • Technical knowledge of SAP GRC, Sailpoint and Cyberark.
  • Previous experience delivering significant change in large organisations.
  • Exposure to delivery of IAM & PAM for the Cloud.
  • High level understanding on how Core Infrastructure can be secured.
  • Experience of implementing robust access control policies and procedures.
  • The ability to drive improvements by leveraging a strategic vendor for both run and change.
  • Previous experience in growing and scaling a delivery organisation.
  • Strong understanding of identity governance principles, security frameworks, and compliance regulations.
  • Experience of supporting audit activities.
  • Proven leadership ability to motivate and mentor a team of IAM specialists.

MAJOR SKILLS AND COMPETENCIES

  • Strong Leadership, team management and MUST have a proactive / can do attitude.
  • Strong communication and problem-solving skills, ability to get buy in at all levels.
  • Ability to challenge, understand the perspectives of others and demonstrate active listening.
  • Can work independently and as part of a team in a fast-paced, dynamic environment.
  • Track record of driving change whilst ensuring alignment at every stage.
  • Excellent communication, presentation, and interpersonal skills, effectively collaborating with diverse stakeholders.
  • Track record of planning project activities and managing delivery to time & budget.
  • Ability to collect data and report blocking points.
  • Issue resolution and value realisation oriented.