Identity risk manager certification is gaining increasing recognition because identity risks exist in almost every company and business function which should be managed in a comprehensive manner rather than in piecemeal. For example, many identity risks exist around identity initiation such as verification and validation of identity when employees are first hired or when customers and business partners are engaged in business transactions. Then, appropriate identity management processes must be in place to assign standard ID names and authentication credentials, setup system access and delegate authorized access permissions. Afterwards, account activities must be monitored to detect abuse, fraud or unauthorized access in order to ensure the security of confidential files and privacy of personal information. Other processes such as risk assessments and control monitoring must also be in place to detect fraud and effectively comply with various overlapping regulations.
From a regulatory compliance standpoint, there are many overlapping laws pertaining to identification, privacy, account monitoring, and fraud prevention. For example, companies are required to establish formal customer on-boarding procedures by setting up a Customer Identification Program (CIP) and monitor account activities and report suspicious activities related to Anti-Money Laundering (AML), as well as, prevent identity fraud in compliance with regulations such as the US Red Flags Rule.
The Certified Identity and Access Manager™ (CIAM) designation is the only all encompassing identity risk manager certification which indicates to company insiders as well as outsiders that the CIAM credential holder is not only aware and capable of managing identity risks within his or her job function, but also understands the risks that everyone else is attempting to manage within their own job functions and thus all Certified Identity and Access Manager professionals collectively help reduce and manage enterprise identity risks in a synergistic manner.
The Certified Identity and Access Manager™ designation is currently awarded to qualified professionals who can demonstrate experience and education in one or more of the identity risk management Critical Risk Domains as follows:
Governance & management
2. Internal controls
3. Technology management
4. Awareness & training
5. Access management
6. Risk assessment
8. Auditing & monitoring
10. Incident management