Identity Security Posture Management (ISPM) Specialist

Location(s)

Details

Kemper is one of the nations leading specialized insurers. Our success is a direct reflection of the talented and diverse people who make a positive difference in the lives of our customers every day. We believe a high-performing culture valuable opportunities for personal development and professional challenge and a healthy work-life balance can be highly motivating and productive. Kempers products and services are making a real difference to our customers who have unique and evolving needs. By joining our team you are helping to provide an experience to our stakeholders that delivers on our promises.

Manages and matures our identity security postureexecutes continuously monitoring and remediating identity risk and access exposure across IAM/IGA/PAMreducing breach likelihood and audit/compliance risk. The Identity Security Posture Management (ISPM) Specialist is responsible for improving the organizations identity security posture by continuously identifying prioritizing and driving remediation of identity-related exposures across the enterprise. This role partners with Account Operations IGA PAM Cybersecurity Operations IT infrastructure and application owners to reduce identity attack paths strengthen privileged access controls and produce measurable risk reduction aligned to regulatory and audit expectations

Responsibilities:

• Identity posture monitoring & exposure management
• Operate and mature the Identity Security Posture Management capability (ISPM) to discover identity exposures across Identity Providers (e.g. Entra ID/AD) SaaS applications cloud environments and critical business systems.
• Identify and track identity security issues such as excessive privileges dormant accounts misconfigured admin roles weak authentication enforcement privilege escalation paths and risky third-party access.
• Maintain an Identity Exposure Register with severity business impact owner remediation plan and due dates; enforce SLA-based remediation for critical findings.
• Risk prioritization & remediation orchestration
• Triage and prioritize findings using risk-based methods (e.g. likelihood/impact exploitability business criticality).
• Coordinate remediation with system owners: role redesign least privilege enforcement MFA coverage improvements privileged role controls conditional access and entitlement clean-up.
• Drive reduction of inappropriate combinations and segmentation-of-duties issues where relevant.

• Controls audit and compliance enablement

• Provide evidence to support identity-related controls (e.g. privileged access governance MFA enforcement access review/UAR posture joiner-mover-leaver quality service account governance).
• Produce audit-ready reporting and artifacts for internal audit and external auditors (SOX/ITGC/GITC reliance regulator exams).
• Ensure posture findings are connected to policy/standard requirements and tracked through governance workflows.
• Telemetry metrics and executive reporting
• Build and maintain ISPM dashboards and KRIs (e.g. privileged role sprawl stale privileged accounts MFA coverage high-risk entitlements remediation cycle time).
• Present posture trends and remediation progress to Identity Security & Governance leadership and stakeholders (CISO org IT app owners).

• Integration & automation

• Partner with engineering teams to integrate ISPM insights with ticketing/workflow tools (e.g. Axonius ServiceNow/Jira) SIEM/SOAR IGA (e.g. SailPoint) and PAM (e.g. CyberArk).
• Automate repeatable posture checks where possible (APIs scripts scheduled reports) and document repeatable playbooks/runbooks.

• Collaboration & stakeholder enablement

• Act as a trusted advisor to application and infrastructure teams on identity security best practices (least privilege role design privileged access authentication hardening).
• Contribute to identity governance operating procedures playbooks and standard updates.

Job Requirements

• Bachelors degree or an equivalent mix of education and experience in Information Cyber Security Risk Management and Governance Risk and Compliance.
• 7 years of relevant experience in third-party cyber and data risk management and conducting third-party cyber and data risk assessments.
• Experience with reviewing and negotiating cyber and data security contract language.
• Expert knowledge of cyber and data security and risk disciplines and practices.
• Advanced knowledge of technology controls security and risk issues.
• Strong eye for detail and ability to successfully manage and conduct third-party cyber and data assessments gather evidence and coordinate risk remediation responses.
• A team player with strong collaboration skills and the ability to work with minimal supervision.
• Ability to leverage strong verbal written communication skills to collaborate with cross-functional teams.
• Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
• Demonstrated ability to participate in complex comprehensive or large projects and initiatives.
• Ability to serve as a lead expert resource in technology controls and information security for project teams the business organization and outside vendors.
• 5 years in identity security IAM/IGA security operations or security risk management with hands-on exposure to identity platforms.
• Working knowledge of identity concepts: authentication authorization RBAC/ABAC privileged access service accounts identity lifecycle entitlement models and access reviews.
• Experience interpreting identity-related findings and coordinating remediation with technical and business stakeholders.
• Familiarity with at least two of the following areas: Entra ID/Azure AD Active Directory SailPoint (or equivalent IGA) CyberArk (or equivalent PAM) AWS/Azure identity constructs common SaaS admin models.
• Strong documentation and reporting skills (evidence packs dashboards executive-ready summaries).
  

Preferred Qualifications

• Experience with ISPM/identity exposure tooling (identity threat detection entitlement risk posture management attack path analysis).

• Experience in regulated industries (insurance financial services healthcare) and audit support (SOX/ITGC NYDFS GLBA).Practical automation skills (PowerShell Python KQL APIs) to streamline posture checks and reporting.
• Certifications (nice to have): Security SSCP CISSP (or associate) GIAC IAM-related Microsoft/AWS security certifications.

Key Competencies

• Risk-based prioritization; analytical thinking; stakeholder management
• Strong written communication; evidence discipline
• Operational rigor (tracking SLAs follow-through)
• Ability to translate technical identity findings into business risk

This position is a hybrid role that sits in either our Downers Grove IL Dallas TX or Jacksonville FL office locations

The base range for this position is $89000 to $148100. When determining candidate offers we consider experience skills education certifications and geographic location among other factors. This job is eligible for an annual discretionary bonus equity and Kemper benefits (Medical Dental Vision PTO 401k etc.)

Kemper is proud to be an equal opportunity employer. All applicants will be considered for employment without attention to race color religion sex sexual orientation gender identity national origin veteran disability status or any other status protected by the laws or regulations in the locations where we operate. We are committed to supporting diversity and equality across our organization and we work diligently to maintain a workplace free from discrimination.

Kemper does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Kemper and Kemper will not be obligated to pay a placement fee.

Kemper will never request personal information such as your social security number or banking information via text or email. Additionally Kemper does not use external messaging applications like WireApp or Skype to communicate with candidates. If you receive such a message delete it.

#LI-AK