Identity and Access Management (IAM) Analyst - Portsmouth, NH

Service Credit UnionPortsmouth, NH
Hybrid

About The Position

Service Credit Union is seeking an Identity and Access Management (IAM) Analyst to serve as a guardian of employee and member-facing identity, safeguarding critical and confidential information. This hybrid role focuses on co-administering the SailPoint IdentityIQ platform, managing identity lifecycles, role-based access control (RBAC), access certifications, and automated provisioning. Additionally, the role acts as a business and technical liaison for the Passwordless Authentication platform, supporting its rollout, daily operations, user enrollment, and integration with SSO/MFA. The IAM Analyst also supports related identity functions such as Multi-Factor Authentication (MFA), Single Sign-On (SSO), Privileged Access Management (PAM), and directory services, ensuring access is managed according to policy and the principle of least privilege. This position collaborates closely with Information Security, Infrastructure, Application Development, HR, and business units to ensure secure, compliant, and seamless identity experiences, with a strong emphasis on member priority and positive member experience.

Requirements

  • Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or equivalent relevant work experience.
  • Minimum 3+ years of hands-on experience in Identity and Access Management.
  • Demonstrated exposure to an enterprise IGA platform (SailPoint preferred).
  • At least 1+ year supporting modern authentication technologies (MFA, SSO, or passwordless).
  • Working knowledge of identity governance concepts including lifecycle management, application on-boarding, access request, automated provisioning, password management, and role-based access control (RBAC).
  • Working knowledge of passwordless / phishing-resistant authentication technologies: FIDO2, WebAuthn, passkeys, platform authenticators, and hardware security keys.
  • Demonstrated experience administering Active Directory and Microsoft 365 / Entra ID environments.
  • Familiarity with authentication and federation protocols: SAML, OAuth 2.0, OIDC, SCIM, LDAP.
  • Knowledge of MFA platforms (e.g., Duo, Entra MFA) and PAM concepts.
  • Familiarity with enterprise directories and relational databases (MSSQL, Oracle, MySQL).
  • Strong analytical, organizational, and documentation skills; attention to detail.
  • Excellent interpersonal, presentation, and written/verbal communication skills, able to translate technical concepts for business audiences.
  • Proficient with Microsoft Excel, Outlook, Word, PowerPoint, and web-based administrative consoles.
  • Ability to foster productive working relationships with internal staff, vendors, and cross-functional partners.

Nice To Haves

  • SailPoint IdentityNow / IdentityIQ Engineer or Administrator
  • Microsoft SC-300 (Identity and Access Administrator)
  • CISSP, CISM, CRISC, or CISA (or ability to acquire in first year of hire)
  • Experience in a financial services, credit union, or other regulated environment
  • Hands-on experience with SailPoint IdentityIQ or Identity Security Cloud (workflows, rules, certifications, connectors)

Responsibilities

  • Co-administer the SailPoint platform, including configuration of lifecycle events, application onboarding, access request workflows, and certification campaigns.
  • Execute and refine the RBAC model, reconciling discrepancies between assigned access rights and required access.
  • Support access provisioning, de-provisioning, transfers, and offboarding events in alignment with established policies, standards, and procedures.
  • Design, schedule, and monitor periodic access certification and Segregation of Duties (SoD) reviews, tracking remediation to closure.
  • Maintain accurate documentation for SailPoint configurations, role models, connectors, and operational procedures.
  • Act as the primary business liaison and Tier 2 support owner for the Passwordless Authentication platform, coordinating between the vendor, Information Security, IT Operations, and end users.
  • Manage user enrollment, credential lifecycle (registration, recovery, revocation), device binding, and exception handling for passwordless authenticators.
  • Partner with Engineering to integrate passwordless authentication with SSO, conditional access, and downstream applications; validate authentication flows and fallback paths.
  • Monitor platform health, authentication success/failure metrics, and user adoption; produce reports and recommend improvements.
  • Develop end-user communications, FAQs, knowledge articles, and training materials to support passwordless authentication.
  • Serve as a subject matter resource for phishing-resistant authentication concepts and align platform practices with NIST 800-63 guidance and emerging industry standards.
  • Support the enrollment and administration of Multi-Factor Authentication (MFA), Single Sign-On (SSO), Privileged Access Management (PAM), and Mobile Device Management (MDM) integrations.
  • Administer Active Directory, Entra ID (Azure AD), and related enterprise directory services in support of identity lifecycle events.
  • Enforce organizational policies and procedures to ensure authorized access, in compliance with the Minimum Necessary Rule and least-privilege principles.
  • Ensure evidence of authorization is documented and archived, and support audit, examiner, and risk-assessment requests.
  • Troubleshoot identity, authentication, and workflow issues independently or in collaboration with other IS teams, adhering to internal service standards and SLAs.
  • Recommend and implement process improvements, automation, and orchestration of repeatable IAM tasks.
  • Participate in projects to implement new IAM integrations, provisioning points, and RBAC extensions.
  • Support incident research, evidence gathering for audits, and remediation of identity-related risks.
  • Regular and reliable attendance is an essential function of this position.
  • Other duties as assigned.

Benefits

  • Great health and dental benefits starting day one!
  • PTO
  • Long-term disability
  • Paid holidays
  • 401k with 8% company contribution after one year of employment
  • Paid leave policy after 12 consecutive months of employment
  • Free confidential mental health support program with Talkspace©
  • Free identify theft protection through IdentityForce©
  • Tuition reimbursement
  • Training and career growth opportunities
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service