Job Description

The Role

This is a hands-on security position working within the Information Security group and with the internal IT department at large. This position's core focus is to manage and coordinate the day-to-day functions of identity and access management operations. This role plays a critical part in protecting enterprise assets by ensuring that the right individuals have appropriate access to systems, applications, and data-aligned with business needs and risk tolerance.

The IAM Analyst supports both operational execution (provisioning, access changes, incident response) and governance functions (access reviews, policy enforcement, identity lifecycle management), contributing to a scalable and auditable IAM program.

We are looking for candidates who have a passion for cybersecurity, threat detection, risk mitigation, and response. You will be a key part of our efforts to build and support a defensible environment where we are able to detect, contain and respond quickly to threats and compromises in ways that serve to enable the business needs of a highly collaborative organization. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practice.

Responsibilities

• Have a deep understanding of user lifecycle management; including provisioning/de-provisioning, access requests, user entitlements and audit & validations
• Provide design, evaluation, analysis, testing, debugging and implementation of identity and access management programs to support the company's strategy
• Maintain standards for access management across the company and department
• Collaborate with HRIS, IT service owners, and service desk to troubleshoot and fulfill identity related workflows
• Knowledge of identity governance workflows with the concepts of attestation and auditing.
• Assist in automating identity workflows and processes for lifecycle management, auditing, reporting, governance and self-service
• Execute periodic access reviews/certifications and track remediation activities
• Maintain role-based access control (RBAC) models and entitlement catalogs
• Contribute to audit readiness and evidence collection for IAM controls
• Improve operational efficiency through standardization and runbook development
• Participate in cross-functional initiatives, including M&A integrations and system migrations

Qualifications

• A minimum of 2-3 years in Information Technology
• A minimum of 2 years' experience in Identity Management
• Experience in lifecycle management and provisioning and de-provisioning
• Knowledge of different MFA and compensating controls for identity
• Knowledge of privilege identity management, privileged access management, and concepts of just in time provisioning, just enough access, and principal of least privilege
• Familiarity with scripting in at least one of the following languages: PowerShell, Python, JavaScript
• A strong understanding of the fundamental operations of servers, operating systems, cloud applications, and infrastructure
• Have a deep understanding of user lifecycle management; including provisioning/de-provisioning, access requests, user entitlements and audit & validations

Preferred Qualifications

• A minimum of 2 years' experience in information security
• A Bachelor's or Master's Degree in a relevant field of work
• Account set-up and access management
• Worked closely with human resources and help desk support staff
• Demonstrated an organized and methodical approach to making improvements on past organizations technology projects
• Experience in automation and integration with SaaS applications
• Understanding of OAuth, SAML and OpenID frameworks
• Building and using REST APIs
• Knowledge and experience of SCIM provisioning and integration
• Experience creating and supporting fully identity framework or IDaaS
• An understanding of the NIST framework and using a continuous improvement loop
• A familiarity with vulnerability assessment and network scanning tools
• Knowledgeable in Identity governance frameworks

Desired Skills

Azure AD, Active Directory, AD Connect, Azure Automation, Power Automate, SAML, OpenID, WS-Fed, SSO, SCIM, OAuth, Programming (java, python), PowerShell, RESTful APIs, MSSQL, OGNL, GraphQL, Workday, SailPoint, Okta, Ping Federate, PingID, Splunk, RBAC

Location

This role is hybrid, based in our New York City office.

Compensation

The annual base salary for this position is in the range of $95,000 - $115,000 in New York, NY. This position is also eligible for benefits and a discretionary bonus. Ultimately, the salary may vary based upon, but not limited to, relevant experience, time in the role, business sector, and geographic location, among other criteria. Please talk with a CAA Recruiter to learn more.