Senior Lead Toxic Combinations

  • Competitive
  • London, England, United Kingdom
  • Permanent, Full time
  • Lloyds Banking Group
  • 24 Apr 19

Senior Lead Toxic Combinations

End Date
5 May 2019
Please note, this vacancy will close at 00:01am on the specified closing date rather than 11:59pm. Please ensure all applications are received before 00.01am on the specified closing date.

Salary Range
£58,626 - £65,140

We support agile working - click here for more information on agile working options.

Agile Working Options
Other Agile Working Arrangements / Open to Discussion

Job Description Summary
The purpose of the role is to provide technical expertise in the Toxic Combination Team completing day to day tasks to ensure compliance against policy.

Job Description

The User Access Verification Team are part of Cyber Security within Group CIO. The team run a series of processes to ensure user access is fit for purpose and compliant with Lloyds Banking Group policies.

The team have two distinct accountabilities: Access Recertification management and Toxic combination management.

Access Recertification Service, this ensures all High risk applications alongside all IT platforms within the bank are recertified with privileged access reviewed on a quarterly basis, non privileged access is also reviewed on a bi annual basis.

The Toxic Combinations function is responsible for the end-to-end Toxic Combinations process at Lloyds, a toxic combination is defined as a situation where a user has a combination of entitlements/access on the system (or combination of systems), that gives them the ability to perform tasks that should never be controlled by a single user.

The team are responsible for identifying those combinations the service generates reports of colleague exceptions for the respective business teams to review and remediate.

This role requires both strong technical and stakeholder management skills as the role holder will be engaging and working with many business units to assist in driving down the toxic combination numbers, whilst also delivering increased automation.

Role Purpose

  • The purpose of the role is to provide technical expertise in the Toxic Combination Team completing day to day tasks to ensure compliance against policy.
  • The successful candidate will be expected to identify process improvements in the Toxic combinations arena.
  • Identify opportunities for automation and driving efficiencies.
  • Leading project management for the end-end Toxic Combination process to ensure its effective running, presenting report and analysis outcomes to key stakeholders via metrics, consulting with senior stakeholders to address Application issues and managing remediation actions.
  • In partnership with key functions you will align strategy and budget towards best in class industry standard Toxic combinations practices to drive cost, efficiency and consistency of information provision.
  • The Toxic Combination lead is expected to deliver high quality service and support to ensure the Toxic Combination end-end process meets agreed metrics while building trusted relationships with key stakeholders.
  • There is an expectation that the role holder will be able to assist the wider team with the Access Recertification process, should it be required.
  • The team should work in an agile and collaborative manner, always learning, improving and sharing knowledge within the team.
  • Key Accountabilities Your accountabilities will include working with the Senior Manager for User Access Verification and providing invaluable support to the strategic direction of the wider IAM program.
  • Deliver end-to-end Toxic Combinations process to the agreed toxics methodology framework and operating model.
  • Drive root cause analysis and toxicity resolution with the accountable owners in the business
  • Build and maintain relationships across LBG.
  • Automate routine tasks to drive efficiency and repeatability.
  • Own personal development plan.
  • Adhere to LBG audit and control processes and service level agreements


Experience Required:
  • Subject matter expertise in Toxic Combinations and general security topics is essential for this role
  • Project management
  • Previous experience of project management , managing end to end processes to ensure they are running effectively, presenting reports and analysis outcomes to key stakeholders
  • Stakeholder engagement
  • Previous experience of consulting with senior stakeholders to address toxicity issues and managing remediation actions.
  • Compliance
  • Experience following industry standard processes relating to service, change and problem management and governance, such as ITIL, would be beneficial.
  • Strong Stakeholder Management
  • Ability to learn new systems and technical and business concepts quickly, sharing knowledge with the cross functional team
  • General Understanding of key bank systems and criticality.
  • Understanding of Change and Incident management.


Technical:
  • Strong Toxic Combinations technical background; knowledge of complex applications and related infrastructure components
  • Identity Access Management, especially Oracle tools
  • Controls Assessment
  • Entitlement Analysis
  • Mitigating Controls
  • Knowledge of Financial Services and Commercial Banking operations would be beneficial.
  • CISM or CISSP qualification an advantage


At Lloyds Banking Group, we're driven by a clear purpose; to help Britain prosper. Across the Group, our colleagues are focused on making a difference to customers, businesses and communities. With us you'll have a key role to play in shaping the financial services of the future, whilst the scale and reach of our Group means you'll have many opportunities to learn, grow and develop.

We're focused on creating a values-led culture and are committed to building a workforce which reflects the diversity of the customers and communities we serve. Together we're building a truly inclusive workplace where all of our colleagues have the opportunity to make a real difference.