Expert Access Control, Sofia

DSK Bank is looking for an Expert Access Control to join the Information Security Department within the Security Directorate, which is directly subordinate to the CEO of the Bank.

This is an expert-level role focused on the control, analysis, and approval of access to IT systems, applications, and information resources across the organisation. The role is critical for ensuring that granted access is justified, aligned with business needs, consistent with information security principles, and compliant with the Bank’s internal requirements, while also preventing unauthorised, excessive, or high-risk access.

We are looking for a professional with a strong understanding of access management, user rights control, segregation of duties, least privilege principles, and hands-on experience with enterprise systems and environments, who can perform in-depth analysis of access requests, make well-grounded expert decisions, and participate in checks for unauthorised access.

Key Responsibilities:

• Review, analyse, approve, or reject access requests to IT systems, applications, infrastructure platforms, and information resources;
• Assess whether the requested access is justified, proportionate to job responsibilities, and aligned with information security principles;
• Verify the compliance of access requests with internal rules, role models, access matrices, segregation of duties requirements, and the principle of least privilege;
• Perform expert analysis of risks related to granting specific, sensitive, or privileged access;
• Participate in defining, maintaining, and improving access management rules, roles, models, and processes;
• Perform regular and ad hoc checks for unauthorised, excessive, conflicting, or outdated access across systems;
• Analyse user rights, role models, inherited rights, exceptions, and deviations from the standard access model;
• Support periodic access review and recertification processes;
• Work closely with IT, Information Security, system owners, HR, Risk, Internal Audit, and other control functions on topics related to access management;
• Prepare expert opinions, reports, analyses, and documentation related to user and privileged access cases;
• Participate in the investigation and analysis of cases involving suspected unauthorised access or breaches of access control rules;
• Maintain traceability and evidence of decisions made, checks performed, and findings identified;
• Participate in improving controls, processes, and systems related to identity and access management.

Main Requirements:

• University degree in Information Technology, Cybersecurity, Information Security, Computer Science, Telecommunications, or another relevant field;
• Minimum 3 years of professional experience in access management, information security, IT administration, IAM, user rights control, or a similar role;
• Hands-on experience in reviewing, analysing, and controlling access to IT systems and applications;
• Good understanding of risks related to excessive privileges, conflicting roles, unauthorised access, and weak access management processes;
• Experience working in a large enterprise environment with multiple systems, roles, and user profiles;
• Ability to analyse cases in depth and make well-grounded decisions regarding the appropriateness of requested access;
• Very good analytical, organisational, and communication skills;
• Ability to handle a high volume of requests, checks, and parallel tasks with a high degree of precision;
• Very good command of English, both written and spoken.

Required Technical Knowledge:

The candidate should have practical technical knowledge enabling them to assess and control access across different technology environments, including:

• Good understanding of user accounts, roles, groups, and permissions in enterprise systems;
• Good knowledge of Active Directory, directory services, authentication, and authorization mechanisms;
• Good understanding of role-based access control (RBAC), entitlement models, and the least privilege principle;
• Understanding of segregation of duties (SoD) and conflicting rights combinations;
• Knowledge of Identity and Access Management (IAM) systems and processes;
• Understanding of privileged access, PAM, MFA, user account lifecycle, and recertification processes;
• Knowledge of logs, audit trails, traceability, and methods for reviewing assigned rights and actual access usage;
• Basic to good knowledge of Windows, Linux, business applications, databases, and other systems where access is managed;
• Ability to understand technical dependencies between users, roles, systems, and business functions.

Practical Experience That Will Be Highly Valued:

• Review and approval of access requests in an enterprise environment;
• Analysis of roles, profiles, and access matrices;
• Performance of periodic access reviews and recertification campaigns;
• Checks for excessive, outdated, conflicting, or unauthorised access;
• Work with IAM, PAM, Active Directory, and other access management systems;
• Analysis of privileged accounts and sensitive access rights;
• Work with audit requirements, control mechanisms, and evidence related to access management;
• Participation in improving onboarding, role change, termination, and access revocation processes;
• Experience in an environment with high requirements for traceability, control, and regulatory compliance.

Knowledge of Standards and Best Practices:

For this role, knowledge of the following will be considered an advantage:

• Principles of identity and access management;
• Best practices for controlling user and privileged access;
• Principles such as least privilege, need-to-know, segregation of duties, and zero trust;
• Requirements and best practices related to traceability, control, and periodic access reviews;
• Applicable regulatory and internal requirements for access management and control in a highly regulated environment.

The Following Will Be Considered an Advantage:

• Experience in a bank or another highly regulated environment;
• Experience with enterprise IAM and/or PAM solutions;
• Experience in analysing and controlling access to critical systems, infrastructure environments, and sensitive applications;
• Experience working with auditors, control functions, and regulatory requirements;
• Experience in investigating deviations and cases of unauthorised access;
• Experience in role modelling and improving access management processes;
• Professional certifications in information security, IAM, IT control, or related fields;
• Experience in a large corporate or international environment.

Personal Profile:

• High level of responsibility, reliability, and discretion;
• Strong analytical thinking and attention to detail;
• Ability to make well-grounded decisions on sensitive and high-risk cases;
• Ability to work in a structured, consistent, and highly precise manner;
• Confident communication with both technical and non-technical teams;
• Proactive mindset and focus on sustainable control mechanisms;
• Ability to work in an environment with high requirements for security, regulation, and internal control.

What We Offer:

• Opportunity to work in one of the leading financial institutions in Bulgaria;
• A key expert role with real impact on access control and security across the organisation;
• Work on important topics related to identities, access, control environment, and internal security;
• Interaction with a broad range of internal teams and key stakeholders;
• Opportunity for professional development in an environment with high standards, complex systems, and real challenges.
• Excellent opportunities for professional and career development in one of Bulgaria’s leading banks
• Food vouchers in the amount of up to 102.26 EUR per month
• 20+5 paid holiday leave
• Additional Health Insurance
• Annual bonus scheme depending on the achieved results
• Favorable conditions for housing and mortgage lending, as well as for bank products and services
• Preferential conditions for Multisport / CoolFit card
• Discounts in various companies
• Professional trainings for specific knowledge and skills
• Refer a Friend Bonus.

If this position sounds like the right fit for you, we’d love to receive your application. All applications will be treated with strict confidentiality. Only shortlisted candidates will be contacted.