Sr Identity and Access Management Analyst
CB&I · The Woodlands, TX · 1 wk ago
Business DevelopmentFull-time
Responsibilities
- Serve as a subject matter expert for IAM and SOX logical access controls across financial systems.
- Administer and optimize IAM-based access governance, including provisioning workflows, lifecycle management, group structures, and access certifications.
- Design and maintain scalable IAM frameworks aligned to least privilege, RBAC, segregation of duties (SoD), and SOX compliance requirements.
- Execute and support SOX logical access controls, including provisioning, modifications, terminations, privileged access management, and user access reviews (UARs).
- Partner with system owners and business stakeholders to validate the appropriateness and alignment of access with business responsibilities.
- Maintain strong access governance controls by proactively reviewing and remediating access risks, including excessive access, orphaned accounts, stale memberships, and SoD conflicts.
- Support audit readiness through documentation, evidence preparation, remediation tracking, and control support activities.
- Collaborate on system implementations and enhancements to ensure IAM controls are embedded, scalable, and supportable.
- Drive continuous improvement and automation opportunities across IAM governance and access management processes.
- Manage end-to-end identity lifecycle processes (joiner, mover, leaver) for employees, contractors, and project-based users.
- Provision and deprovision access across enterprise systems, engineering applications, and project platforms (e.g., JD Edwards, Autodesk platforms).
- Maintain and support identity repositories including Microsoft Entra ID (Azure AD) and on-premises Active Directory.
- Perform and support user access reviews, certifications, and remediation activities.
- Implement and support authentication mechanisms including SSO, MFA, and conditional access policies.
- Collaborate on IAM platform configuration, integrations, and enhancements (e.g., SailPoint, Okta, Microsoft Entra ID, CyberArk).
- Automate provisioning workflows to improve efficiency and reduce manual processes.
- Integrate IAM controls with cloud platforms (Azure, AWS) and SaaS applications, including federation and role mapping.
- Provide guidance, training, and mentoring to IT staff and business stakeholders.
Qualifications
- Bachelor’s Degree in Information Technology, Cybersecurity, or related field.
- Industry certifications such as: CISSP or CISM; Microsoft SC-300 (Identity and Access Administrator) or other relevant IAM or security certifications.
- 10+ Years of Information Technology experience.
- 5+ years of hands-on experience in IAM, IT security, or infrastructure roles.
- Strong hands-on experience with enterprise IAM platforms such as Microsoft Entra ID, Okta, SailPoint, or equivalent.
- Demonstrated hands-on experience implementing and managing authentication, authorization, and federation technologies including SSO, MFA, SAML, OAuth 2.0, OpenID Connect, and directory services such as Active Directory and LDAP.
- Demonstrated hands-on experience applying and supporting identity security principles and best practices including Zero Trust Architecture, adaptive authentication, conditional access policies, segregation of duties (SoD), and identity threat detection and response.
- Demonstrated hands-on experience supporting cloud and hybrid identity architectures across platforms such as Azure AD (Entra ID), AWS IAM, and GCP IAM, including integration with on-premises environments.
- Strong analytical, problem-solving, and communication skills.
- Experience in Engineering, Procurement, and Construction (EPC) or industrial environments is desired.
- Scripting or automation experience (PowerShell, Python).