Job Description

Key Responsibilities

Security Strategy & Compliance

Define and enforce compliance to security policies, standards, and best practices for the ServiceNow platform in alignment with ServiceNow recommended Platform security shared responsibility model. Ensure service now platform is compliant with internal and external infosec requirements and industry best practices Establish governance frameworks for secure development, data protection, and risk mitigation.

Access Control, Authentication, and authorization

+ Design and manage role-based access control (RBAC), ACLs, and authentication mechanisms in ServiceNow. Responsible for Single Sign-On (SSO), Multi-Factor Authentication (MFA), and enterprise IAM solutions based on Infosec standard Regular review of access control & entitlement based on the job function and refinement using the principle of least privilege,

Security Operations & Incident Management

Oversee the implementation and optimization of ServiceNow Security Operations (SecOps), including: Security Incident Response (SIR) - streamline incident detection, triage, and resolution. Vulnerability Response (VR) - automate vulnerability identification and remediation workflows. Threat Intelligence - integrate threat feeds and security insights for proactive defense. Coordinate with cybersecurity teams to detect, investigate, and respond to threats affecting ServiceNow.

Data Privacy, Security & Encryption

Defining Service Now data classification, data retention & data discovery strategy in alignment with Ameriprise data management policies /standards Implement data encryption strategy at rest, in transit & encryption key management Determining the data collection, storage, usage, sharing, archiving, and destruction policy of data processed in ServiceNow instances. Monitor access patterns and system activity to identify potential security threats.

Secure Integrations & Automation

Design and enforce secure API management for integrations between ServiceNow and third-party security tools (e.g., Active Directory, CyberArk and Aveksa, Azure AD, RIM, IAM). Leverage IntegrationHub, Automation Engine, and Orchestration to streamline security workflows. Ensure secure data exchange and prevent unauthorized access to ServiceNow instances.

Risk & Compliance Management

Deploy and manage ServiceNow Governance, Risk, and Compliance (GRC) solutions to assess security risks. Participate regular security audits, risk assessments, and penetration tests on the ServiceNow platform. Define and implement security controls to mitigate risks and enhance compliance.

Required Skills & Qualifications

Technical Expertise:

ServiceNow Security: Deep understanding of SecOps, GRC, RBAC, ACLs, and platform security best practices. Cybersecurity & Compliance: Strong knowledge of security frameworks (NIST, ISO 27001, CIS), regulatory compliance, and risk management. Integration & Development: Experience with REST APIs, JavaScript, OAuth, and secure integration practices. Cloud Security: Understanding of SaaS security, encryption methods, and cloud-based security models.

Certifications

ServiceNow Certifications: Certified System Administrator (CSA) Certified Implementation Specialist - SIR or VR

Preferred

Qualifications:

Experience securing large-scale ServiceNow implementations in regulated industries (finance, healthcare, government). Strong problem-solving, analytical, and communication skills to interact with technical and non-technical stakeholders. Knowledge of emerging security trends, zero trust architecture, and AI-driven security solutions. Cybersecurity Certifications Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM)

Experience

Required:

14-18 years of IT security experience, with 14+ years in ServiceNow security architecture, administration, or operations. Hands-on experience in security automation, incident response, and risk management using ServiceNow. * Prior experience working with cybersecurity, risk management, and IT governance teams.