ServiceNow SecOps Manager

Responsible for defining and enforcing security policies, standards, and best practices for the ServiceNow platform. Oversees the implementation and optimization of ServiceNow Security Operations (SecOps).

Requirements

• Define and enforce compliance to security policies, standards, and best practices for the ServiceNow platform.
• Ensure service now platform is compliant with internal and external infosec requirements and industry best practices
• Establish governance frameworks for secure development, data protection, and risk mitigation.
• Design and manage role-based access control (RBAC), ACLs, and authentication mechanisms in ServiceNow.
• Responsible for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and enterprise IAM solutions based on Infosec standard
• Regular review of access control & entitlement based on the job function and refinement using the principle of least privilege
• Oversee the implementation and optimization of ServiceNow Security Operations (SecOps), including: Security Incident Response (SIR) – streamline incident detection, triage, and resolution.
• Vulnerability Response (VR) – automate vulnerability identification and remediation workflows.
• Threat Intelligence – integrate threat feeds and security insights for proactive defense.
• Define Service Now data classification, data retention & data discovery strategy in alignment with Ameriprise data management policies /standards
• Implement data encryption strategy at rest, in transit & encryption key management
• Determining the data collection, storage, usage, sharing, archiving, and destruction policy of data processed in ServiceNow instances.
• Monitor access patterns and system activity to identify potential security threats.
• Design and enforce secure API management for integrations between ServiceNow and third-party security tools (e.g., Active Directory, CyberArk and Aveksa, Azure AD, RIM, IAM).
• Leverage IntegrationHub, Automation Engine, and Orchestration to streamline security workflows.
• Ensure secure data exchange and prevent unauthorized access to ServiceNow instances.
• Deploy and manage ServiceNow Governance, Risk, and Compliance (GRC) solutions to assess security risks.
• Participate regular security audits, risk assessments, and penetration tests on the ServiceNow platform.
• Define and implement security controls to mitigate risks and enhance compliance.

Benefits

• ServiceNow Certifications
• Strong knowledge of security frameworks (NIST, ISO 27001, CIS), regulatory compliance, and risk management.
• Experience with REST APIs, JavaScript, OAuth, and secure integration practices.
• Understanding of SaaS security, encryption methods, and cloud-based security models.
• Strong problem-solving, analytical, and communication skills to interact with technical and non-technical stakeholders.
• Knowledge of emerging security trends, zero trust architecture, and AI-driven security solutions.
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Experience securing large-scale ServiceNow implementations in regulated industries (finance, healthcare, government)