Identity & Access Management Analyst II

About The Position

Requirements

• Bachelor’s degree in Information Systems, Cybersecurity, or related field
• 2+ years of relevant experience required
• Hands-on experience with: Identity lifecycle management (JML), Access provisioning and deprovisioning, Active Directory and Azure AD
• Experience supporting audit and compliance frameworks (e.g., SOX, SOC, ISO)
• Working knowledge of: RBAC and least privilege principles, ITSM/ticket-based environments, MFA technologies
• Strong analytical, troubleshooting, and problem-solving skills
• Ability to work independently and take ownership of responsibilities

Nice To Haves

• Experience in regulated industries (utilities, energy, financial services, healthcare)
• Familiarity with NERC CIP standards and critical infrastructure environments
• Experience with: Identity Governance platforms (e.g., SailPoint), SAP access provisioning and role governance
• SQL-based analysis and reporting
• Scripting/automation experience (PowerShell, Python)
• Experience managing privileged, shared, and service accounts
• Relevant certifications (e.g., Security+, IAM or SailPoint certifications)

Responsibilities

• Execute end-to-end identity lifecycle processes (Joiner, Mover, Leaver)
• Provision, modify, and revoke access across enterprise and regulated systems
• Enforce least privilege access for both privileged and non-privileged users
• Identify and remediate: Orphaned accounts, Excessive or inappropriate access, Segregation of duties conflicts
• Maintain alignment between HR systems, IAM platforms, directories, and applications
• Support and execute access governance controls aligned to regulatory frameworks (e.g., NERC CIP, SOX, SOC)
• Perform access certifications and recertifications
• Support audit activities, evidence collection, and remediation tracking
• Ensure access changes are properly approved, documented, and audit-ready
• Identify and escalate control gaps, policy exceptions, and risks
• Administer and support: Active Directory (on-premises) and Azure AD / Entra ID, User accounts, groups, roles, and service accounts
• Manage MFA solutions (e.g., RSA or similar): Token provisioning, revocation, and tracking
• Support access across infrastructure, applications, and databases
• Own and manage IAM-related service requests and incident queues
• Ensure tickets are properly approved, documented, and completed within SLAs
• Partner with Service Desk teams to improve request quality and consistency
• Coordinate with vendors and application teams for access-related activities
• Perform validation of IAM processes, including: Provisioning/deprovisioning accuracy, JML completeness and timeliness, Access certification outcomes
• Conduct reconciliation across IAM systems, HR platforms, and directories
• Validate privileged access, shared accounts, and MFA lifecycle events
• Support audit readiness and control attestation
• Develop and support reporting for compliance, audit, and operational metrics
• Use tools such as PowerShell, Python, SQL, Excel, or Power Query
• Analyze trends and identify risks or process gaps
• Contribute to automation initiatives to improve efficiency and reduce manual effort
• Execute IAM processes using defined workflows and procedures
• Identify opportunities to improve: Provisioning workflows, Access request processes, Role and entitlement models
• Maintain and enhance documentation, runbooks, and procedures
• Partner with Cybersecurity and compliance teams, HR and workforce administration, IT and OT operations teams, Application owners and system administrators
• Contribute to a team-oriented, high-accountability environment
• Act as a resource for complex IAM issues
• Perform other job-related duties as assigned
• Storm role duties as assigned
• Utilize data to make business decisions as appropriate for the position, support data stewardship activities and partner with IT on underlying data needs.

Benefits

• Competitive salary
• Comprehensive benefits package
• Opportunities for professional development