Identity and Access Management (IAM) Analyst

Independent Health•Buffalo, NY

1d•$70,000 - $85,000

About The Position

FIND YOUR FUTURE We're excited about the potential people bring to our organization. You can grow your career here while enjoying first-class perks, benefits and a culture that fosters growth, innovation and collaboration. Overview The Identity and Access Management (IAM) Analyst will be responsible for developing, maintaining, and implementing the enterprise information security approach to logical access, identity and access management (IAM), privileged identity management (PIM), and access controls. This associate will also be responsible for maturing the existing IAM program including the tools (SailPoint IdentityNow) and process flows. This team member will also monitor, review, and audit user activities and ensure access is maintained to the minimum necessary level. They will provide assurance of security related components of IT operations including administrator activity reviews, investigation, and response to internal and external audit inquiries. They will work with IAM leads, IT, and business managers to understand requirements, enterprise IT standards, and other considerations that influence how IAM solutions and services should perform and operate. The Analyst will execute and mature key components of these processes, as well as assist in the execution of the enterprise-wide information security awareness program, maintenance of security policies, and monitoring of compliance with these policies.

Requirements

High school diploma or GED required. Bachelor’s degree preferred.
Five (5) years of IT experience encompassing project management, information security, risk management and/or programming required.
Working experience in one or more areas of information security required including: identity and access management, role-based access control (RBAC) methodologies, privileged identity/access management, access reviews, IT audit, segregation of duties and federation protocols (OAuth, SAML, OpenID), or Single Sign On (SSO) models.
Excellent planning and problem-solving skills; must have high attention to detail and quality of work deliverables.
Strong organization skills with the ability to handle multiple priorities.
Excellent oral and written communication skills, as well as the ability to convey security, technical and privacy related issues to business audience.
Ability to work with a team as well as diverse workgroups on prevention, identification, and resolution of privacy and security problems.
Knowledge of information security fundamentals, information security policies and procedures, industry best practices as well as various governance standards and healthcare law (HITRUST, NIST, ITIL, HIPAA, HITECH, etc.).
Proven examples of displaying the IH values: Passionate, Caring, Respectful, Trustworthy, Collaborative and Accountable.

Nice To Haves

Industry recognized certification within the domain of information security, information technology and privacy (e.g., CISSP, GIAC, CISM, ITIL, CIPP/US, etc.) preferred.
Experience with SailPoint IdentityNow or equivalent identity and access management software solutions preferred.
Knowledge of or experience in Microsoft Office tools, Active Directory, AS400, Linux/Unix, API, CyberArk, and Azure Dev Ops.
Experience making independent risk-based decisions for planning and incident management, with consideration for business and operational goals and constraints.

Responsibilities

Develop, deploy, and maintain role-based logical access processes.
Guide all components of the enterprise approach to critical security functions such as: identity and access management (IAM), privileged identity management, and access controls.
Develop, implement and maintain logical access roles within the SailPoint IdentityNow platform to ensure access is provisioned/deprovisioned at the appropriate times to ensure compliance with corporate policies.
Manage the oversight and maturation of efficiencies in the security functions ensuring adherence to company policy and standards.
Provide governance within the information risk office team and others with regard to the access management and privileged identity management arenas.
Develop, foster, and mature process efficiencies with the goal of reducing time and effort to perform.
Maintain security policies including updates to reflect changing practices and business needs.
Monitor compliance with policies.
Monitor and audit user permissions within applications.
Assist with all user audit activity and fulfillment of internal and external audit requests.
Establish processes to monitor and analyze user and privilege identity access and maintain separation of duties (SoD).
Develop and maintain process and control documentation supporting IAM services.
Develop training materials related to IAM processes and technologies.
Consult with key business stakeholders to evaluate functional requirements and translate those requirements into information security solutions.
Provide guidance to business partners about applicability of information security to meet business needs.
Support the documentation and accreditation processes necessary to ensure that new IT systems meet the organization's information security requirements.
Respond to crisis or urgent situations to mitigate immediate and potential threats.
Investigate and analyze all relevant response activities.
Represent Information Risk Office in cross-functional meetings and projects.
Develop, foster, and mature process efficiencies with the goal of reducing time and effort to perform.
Participate in the execution of enterprise-wide information security program.