Identity & Access Governance Analyst (IT GRC)

Location(s):

Atlanta: 2300 Windy Ridge Pkwy SE, Suite750, Atlanta, GA 30339

La Vista:12325 Port Grace Blvd, La Vista, NE 68128

Oakdale: 7755 3rd St. N, Oakdale, MN 55128

Scottsdale: 18700 N Hayden Rd, Suite 255, Scottsdale, AZ 85255

St. Petersburg: 877 Executive Center Dr. W, Suite 300, St. Petersburg, FL 33702

Osaic has returned to the office on a hybrid schedule requiring a minimum of 4 days weekly in the office. Applicants should be located at one of our hubs listed above and must be willing to work this schedule.

Role Type:          Full-time, Non-Exempt

Salary: $80,000 - $100,000 per year + annual performance-based bonus

Actual compensation offered will be determined individually, based on a number of job-related factors, including location, skills, licensure, experience, and education.

Summary:

The Identity & Access Governance Analyst (IT GRC) supports Osaic’s identity governance operations and advisor-facing initiatives. This role combines identity and access management expertise with strong project management skills to ensure secure, compliant access processes across the organization.

As an Identity & Access Governance Analyst, you will manage access attestation campaigns, enforce escalation procedures for non-compliance, and oversee the backlog of Identity & Access Management (IAM) engineering tasks such as onboarding platforms to Osaic’s identity governance and administration (IGA) platform. As part of this, you will work closely with other members of Osaic – primarily within the Security, Infrastructure, and Audit organizations. As an Identity & Access Governance Analyst, you will be expected to work alongside other analysts in the IT Governance, Risk, and Compliance department to ensure effective governance and compliance of Osaic polices.

Education Requirements:

Bachelor’s degree preferred; high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree. Minimum of high school diploma or equivalent is required.

Responsibilities:

• Lead and manage periodic access attestation campaigns by defining scope, scheduling timelines, coordinating with application owners, and ensuring full completion of certifications across all in-scope systems.
• Implement and enforce escalation procedures for non-compliance by monitoring attestation progress, identifying overdue items, notifying responsible parties, and escalating unresolved issues to management for corrective action.
• Maintain and prioritize the IAM engineering backlog by gathering requests, assessing business impact, and partnering with engineering teams to onboard new platforms into Saviynt and deliver identity governance enhancements.
• Develop and maintain identity governance standards and procedures including joiner/mover/leaver workflows, privileged access management, separation of duties, and emergency access protocols to ensure consistent compliance.
• Prepare and deliver audit-ready documentation and evidence for all identity governance activities, including attestation results, exception handling, and remediation plans, to support internal and external audits.
• Collaborate with Audit, Risk, and Security teams to resolve identity- and access-related issues, implement corrective actions, and maintain compliance with regulatory requirements and internal policies.
• Design, produce, and present identity- and access-related governance metrics and reporting such as attestation completion rates, exception aging, privileged access reviews, and backlog progress for leadership and audit committees.
• Coordinate and manage the IAM roadmap by partnering with engineering teams to plan and execute application onboarding, ensure connector stability and health, and prioritize integration efforts for Saviynt and other identity governance platforms.
• Support broader IT GRC initiatives by contributing to IT policy updates, awareness campaigns, and providing backup coverage for other IT GRC analysts as needed.
• Perform additional IT GRC responsibilities as assigned to ensure team objectives and compliance obligations are met.

Basic Requirements:

• 3–5 years of experience in identity governance or IAM operations.
• Hands-on experience with IAM and IGA platforms and access certification processes.
• Working knowledge of regulatory frameworks (NYDFS, SEC Reg S-P, NIST CSF) and audit practices.
• Ability to manage attestation campaigns and enforce compliance procedures.
• Strong organizational, documentation, and communication skills.
• Ability to work independently and meet deadlines.

Preferred Requirements:

• Experience managing identity governance programs in large or regulated environments.
• Advanced knowledge of IAM concepts such as role-based access control, segregation of duties, and privileged access management.
• Experience onboarding applications and connectors in Saviynt or similar platforms.
• Familiarity with identity governance metrics and reporting practices.
• Strong analytical and problem-solving skills for resolving access-related issues.
• Professional certifications such as CISA, CISSP, or CCSP are highly desirable.