2024-0110 Cloud Identity and Access Management

Design and Implement IAM solutions
- Security and Compliance
- AWS Integration

**1 SCOPE OF WORK**
Under the direction / guidance of the local NCIA Point of Contact or the Cloud Operations Center Manager, the Support for Cloud Identity and Access Management will perform the following activities:
1) Design and Implement IAM Solutions:
a) Design, implement, and manage identity and access management solutions using Microsoft Entra ID (Azure AD) and Amazon AWS.
2) Automate Account and Group Management:
a) Develop and deploy PowerShell scripts and Azure Automation workflows to automate user account and group management tasks.
b) Implement self-service capabilities for account and group management to improve efficiency.
3) Manage Account Lifecycle:
a) Oversee the entire account lifecycle management process, from user onboarding to offboarding.
b) Provision new accounts and assign appropriate access rights based on role requirements.
c) Regularly review and update user roles and permissions to reflect changes in job functions and organizational structure.
d) Deprovision accounts promptly when users leave the organization or change roles, ensuring removal of access rights.
e) Implement role-based access control (RBAC) to manage permissions based on job roles.
f) Conduct periodic access reviews and certifications to ensure compliance with organizational policies.
4) Privileged Identity Management:
a) Implement and manage Azure AD Privileged Identity Management (PIM) to control, monitor, and audit privileged access to resources.
b) Configure PIM to enforce just-in-time (JIT) access, approval workflows, and access reviews for privileged roles.
5) Security and Compliance:
a) Implement security best practices and ensure compliance with relevant standards and regulations.
b) Conduct regular audits and reviews of access controls and permissions.
6) User Support and Troubleshooting:
a) Provide support for IAM-related issues, including troubleshooting user access problems and resolving authentication issues.
b) Act as an escalation point for complex IAM issues.
c) Maintain comprehensive documentation for IAM processes, configurations, and workflows.
d) Provide training and support to IT staff and end-users on IAM best practices and tools.
7) Monitor and Optimize IAM Systems:
a) Monitor the performance and effectiveness of IAM systems and processes.
b) Identify opportunities for improvement and implement optimizations to enhance security and efficiency.
8) Collaboration and Communication:
a) Collaborate with IT security, compliance, and other relevant teams to ensure cohesive IAM strategies.
b) Communicate effectively with stakeholders to understand IAM requirements and address concerns.
9) External Collaboration and Sharing:
a) Manage external collaboration and sharing settings in Azure AD to facilitate secure access for partners and external users.
b) Implement and manage B2B (Business to Business) collaboration settings and policies through Entra ID.
c) Integrate and manage identity and access management for B2B scenarios, ensuring seamless and secure interactions with external partners.
10) AWS Integration:
a) Integrate and manage IAM processes with Amazon AWS, ensuring secure access and interoperability between Azure AD and AWS.
b) Implement and manage federated identities and single sign-on (SSO) between Azure AD and AWS environments.
c) Monitor and optimize IAM configurations to ensure compliance and security across multi-cloud environments.
11) Automation and Efficiency:
a) Develop and implement automation scripts using PowerShell to streamline routine support tasks such as software installations, updates, and system checks.
b) Utilize Power Automate to create workflows that automate repetitive tasks and improve service efficiency.
c) Identify opportunities to enhance efficiency through automation and proactively implement solutions.
12) Communication and Collaboration:
a) Communicate effectively with users to understand their issues and provide clear instructions.
b) Collaborate with IT teams to resolve issues and improve service delivery.
The contractor will be part of a team providing Technical Level 2 and 3 support, ensuring the secure, available, managed and compliant delivery of Public Cloud Services to NATO and its Strategic Commands.
The contractor will work remotely, providing services during Core working hours of the Cloud Operations team (Brussels / BEL).
The measurement of execution for this work is sprints, with each sprint planned for a duration of 1 week.

**2 COORDINATION AND REPORTING**
The contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, via electronic means using Conference Call capabilities, according to the Operation Managers / Team Leaders instructions.

**3 SCHEDULE**
This task order will be active immediately after signing of the contract by both parties
The BASE period of performance is as soon as possible but not later than 17