GRC Analyst / Multi-Tenant Access Control & Role Governance Analyst

Syncreon Consulting•New York, NY

13h

About The Position

This role is crucial for strengthening the organization's SOX compliance posture and audit readiness, especially during a critical platform transformation. The analyst will enable secure, scalable, and compliant access control for a growing multi-tenant environment, reducing access risk and operational complexity through improved role clarity, governance, and standardization. The position will build a strong foundation for future RBAC and identity governance initiatives, directly contributing to customer trust, regulatory confidence, and long-term platform resilience.

Requirements

3–5 years of experience in Information Security, GRC, or IAM roles.
Strong hands‑on experience with Identity and Access Management (IAM) and Role‑Based Access Control (RBAC).
Direct, demonstrated experience supporting SOX compliance, audit readiness, and control remediation.
Experience analyzing and documenting access models, roles, and entitlements across complex platforms.
Ability to communicate complex security and risk concepts clearly to both technical and non‑technical stakeholders.
Proven track record of cross‑functional collaboration with Engineering, Product, Security, and business teams.
Strong analytical and investigative skills with the ability to identify root causes and drive remediation plans.
Ability to balance security, compliance, and business needs with a pragmatic, solution‑oriented mindset.

Nice To Haves

Experience working in SaaS or multi‑tenant platform environments.
Familiarity with governance and control frameworks such as NIST, COSO, or ISO 27001.
Prior experience building or migrating to a centralized RBAC or IGA solution.
Exposure to cloud platforms, modern application architectures, or security tooling.
Experience supporting regulated or publicly traded companies.

Responsibilities

Lead the evolution of access control from a single‑tenant to a multi‑tenant architecture, ensuring security and compliance are built in by design.
Drive remediation of SOX compliance gaps related to access control and role governance.
Serve as a primary contributor to the Role Discovery and Governance Program, including analysis, documentation, and rationalization of 200+ existing roles.
Collaborate with GRC, Security, Engineering, and Product teams to design and maintain a centralized Role Catalog as a single source of truth.
Document business purpose, ownership, access usage, and entitlement consumption for each role to eliminate ambiguity and enable future RBAC migration.
Design and help implement a formal governance framework covering the full role lifecycle (creation, modification, review, deprecation).
Analyze the current role landscape to identify opportunities for role simplification, consolidation, and retirement of redundant or inactive roles.
Partner with business process owners and engineering teams to embed compliant access controls into system and process design.
Support internal and external audits, including SOX audits, control testing, evidence collection, and remediation of findings.
Act as a trusted advisor on IAM, role governance, and access risk in a fast‑scaling SaaS environment.