Job Description As our Access Management Lead, a new position within the Enterprise Technology Controls Team, your primary focus is to support the Director of Enterprise Technology Controls to drive the compliance and improvement of the User Access Management strategy and manage and enhance Informa’s access controls to ensure they remain effective. You will have a strong understanding of the general IT controls relating to the domain of access of programs and data, and the Shared Service Organisation Process Control environment, including the Risk and Control Matrices, to understand the business risks that are presented, and how these are can be appropriately mitigated by the use of access controls. You will ensure that the Group policies are adhered to for the applications within the remit of the Enterprise Technology Controls Team, and that the access controls are operated effectively to reduce or fully mitigate identified risks. The IT control’s function expanded, and the current Enterprise Technology Controls team was established in 2020 to provide Informa management with the continued assurance over the effectiveness of the company’s General IT Controls. The team originally only provided assurance over the 2 financial ERPs SAP, and Oracle, but since its creation it has continued to evolve and is now taking responsibility for other peripheral SAP and Oracle applications, along with coordinating the IT audit with our External Audit Partners. The team sits as part of the Technology Solutions and Services (TSS) Group under the Enterprise Technology team, reporting into the Chief Enterprise Technology Officer (CETO) but with dotted responsibilities to the Chief Information Security Officer (CISO) and the Chief Technology Operating Officer (CTOO). Key interactions You will report into the Director of Enterprise Technology Controls and will work closely with our 3rd party support providers Mindtree and IBM; liaising frequently with other internal controls teams, as well as Internal Audit, Information Security and IT Compliance to ensure that Informa’s enterprise applications maintain a controlled environment that does not encumber the efficiency of operational activity. This role does not have any people management responsibilities. Key Outputs and Outcomes Design and enforce access controls to ensure compliance with key group policies, such as the Identity and Access Management policy to enforce the Principle of Least Privilege Support building awareness of user access management standards across TS&S, including participating in overall design, support management of policies and provide user access management recommendations for companywide projects. Responsibility and ownership for maintaining and enhancing the Segregation of Duties rulesets, collaborating with the SAP GRC Technical Specialist and the Oracle Controls Lead to manage ruleset updates, driving changes to ensure risk alignment and eliminate any false positives Drive the Segregation of Duties assessments for role changes and new developments, and manage the cross-system Segregation of Duties across the Enterprise Technology applications landscape Support the management and operation of the SAP Governance, Risk and Compliance (GRC) tool. To run and interrogate access risk analysis reporting for SAP and Oracle across the current role design and end user assignments via ARA reporting and User/Role simulations. Actively seek opportunities for access control improvements such as the use of automation and new technologies that would benefit Informa Responsibility for operating the user access reviews process across the Enterprise Technology Applications Support security requirements gathering and analysis for in scope applications Provide 1st line support to internal and external partners, assisting with their review of the access management controls Be a trusted guide and support for other internal teams in designing effective access controls, including providing training where required Development and maintenance of access control procedures Provide support for any User Access Control incidents Seek opportunities to ensure that personal user access management and controls knowledge is kept up to date and remains current. Measures of Success Strong, robust and consistent access controls operation across Enterprise Technology applications Continue to see a reduction in user access management related incidents Positive audit results and a continued reduction in the deficiencies being noted