Mainframe Security Specialist

Our clients in the insurance domain is hiring a Mainframe Security Specialist for 1 year to work remote.

Your new role
The Mainframe Security Specialist will maintain the ACF2 & RACF Security environments on the organization's Mainframes. This includes all activities related to Security, Compliance, Reporting, and Internal/External Audits. The role will technically support our customers by maintaining a stable security environment, processing security and compliance requests, execute and maintain procedures to support compliance and support related projects as directed.

  • Support System/Application owners on internal and regulatory controls such as SOX, SSAE16, PCI and others.
  • Assistance with Compliance & Audit requests
  • Support for Digital Certificates Creation & Maintenance
  • Validation of both ACF2 & RACF technical system settings, parameters, and recommendations within the various Mainframe environments.
  • Extracts and reports from the ACF2 & RACF databases, utilizing tool like TSO, JCL, FTP, Excel, sort and other standard processing utilities
  • Assistance with background SDSF, DB2 and other larger software security changes
  • Validation of Security Requests - ACF2 and RACF commands provided by the organiation or Kyndryl
  • Creation & trouble shooting of new ACF2 & RACF rules (not using "model after")
  • Ownership of ACF2 & RACF Data base & settings, including maintenance and clean-up
  • Ownership of test case creation and execution for Broadcom's ACF2 and IBM's RACF security software
  • Owning, maintaining, updating, creating, reviewing, and acting on Security Reports
  • Setting and/or changing General Systems Options (GSO) e.g. activating/ deactivating ACF2, setting Password parameters, and the same for SETROPS for RACF.
  • Ensuring that the GSO parameters comply with the Security Policy and applicable directives (Logical Access, Application etc.) and standards.
  • Restricting access to files, transactions, environments and databases that ACF2 and RACF operate against. e.g. SMF, DB2, IMS
  • Provide input on the function of Exits which affect the way ACF2 or RACF operates.
  • Maintaining (and documenting) ACF2 CFDE Create Field Definition Entry
  • As new facilities/features become available in ACF2 or RACF, reviewing the proposed changes to ensure the overall security environment is not compromised.
  • ACF2 & RACF SailPoint Validations during z/OS upgrades
  • SailPoint on the Mainframe: Communications to/from the Security interface
  • MEF3 or equivalent user labelling and inventory collection of basic security data

What you'll need to succeed
  • Experience in Mainframe Security System – ACF2 & RACF
  • Mainframe experience – TSO, JCL, ISPF, REXX, SAS, etc.
  • Experience in reducing MIPS & CPU for ACF DB2 application programs
  • Experience in File-Aid, Expediter, TWS (Tivoli workload scheduler), Topaz, Abend Aid, SPUFI, BMC, Main View, Strobe
  • Experience in Development, Production Support, Enhancement & Maintenance Projects.
  • Good knowledge on Impact Analysis, Coding Preparation, Unit Test Plan, Defect Fix & Peer Review.
  • Familiar with scheduling systems like ZEKE and CA7
  • Excellent verbal and written communication skills
  • Ability to work in a team environment
  • Ability to work in a demanding environment by prioritizing tasks and escalating/communicating issues as required
  • Understand the typical business issues related to security and compliance
  • Understand and analyse processes for internal and external audits and regulatory requirements
  • Collaborate with other peers on compliance, security, and related concepts to ensure the organization aligns with Logical Access Controls
  • Understanding Audit reports generated by the team

  • Bachelor’s degree in Information Security, Business Management, Computer Science, or related field; or related experience
  • Professional certifications (e.g. CISSP, CISA, Security +, etc) preferred.
  • General understanding and knowledge of regulatory requirements, security concepts and privacy

Core Competencies:
  • Puts the Client first – Prioritizes Security Access Services team workload, suggests, develops, and implements areas for continuous improvement relating to workflows, processes, and client interaction
  • Understands our business – Seeks to identify industry trends and emergency technologies
  • Drive for Results – Identify issues, seeks resolutions, and implements solutions
  • Demonstrate Resilience and Adaptability – Seeks feedback from a wide audience to improve performance, both personally and from a team perspective
  • Engage and Influence – Expand your network, consider multiple perspectives, use fact and influence to gain support of others

What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career. #1104377


Type de contrat
Secteur d'activité


Parlez à Esther Samson Andrews, en charge de cette offre, située à Toronto (EN)
8 King Street East, 20th Floor

Téléphone: 416 640 8089