We are looking for a technical Business Systems Analyst to help mature our Identity and Access Management program. In this role, you will partner closely with IAM Engineers to build a strong, scalable foundation and drive the implementation of security best practices across the organization.
You will act as a bridge between business needs and technical execution, designing logical frameworks that leverage Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC) methodologies within Okta. Your goal is to move the organization toward an automated, "least privilege" environment that is both secure and efficient.
Core Responsibilities
IAM Strategy & Best Practices (RBAC/ABAC)
Access Model Design: Collaborate with business stakeholders to define and refine "Birthright" access bundles, mapping business roles to technical entitlements to support a scalable RBAC model.
Automation Logic: Analyze workforce data to identify reliable user attributes (e.g., Department, Location, Cost Center) and design ABAC policies that automate the provisioning lifecycle.
Policy Translation: Translate complex business requirements into clear, logical technical specifications for Okta policies, ensuring that access rules are documented, consistent, and scalable.
Okta Environment & Group Management
Directory Hygiene: Establish and maintain governance standards for group management, ensuring the directory remains clean, audit-ready, and free of "stale" or empty groups.
Dynamic Group Strategy: Promote the use of dynamic, rule-based groups over static assignments to reduce manual overhead and human error.
Standardization: Define and implement naming conventions for groups and applications to ensure long-term maintainability and prevent directory pollution.
Operational Analysis & Partnership
Application Integration: Scale our ability to support the functional onboarding of SaaS applications (SAML/OIDC), gathering requirements for attribute mapping and user entitlement flows.
Process Improvement: Analyze current Joiner, Mover, and Leaver (JML) processes to identify bottlenecks and security gaps, proposing solutions to streamline operations.
Documentation & Support: Create clear technical documentation, process flows, and data mapping sheets. Assist in troubleshooting complex access issues by tracing data flow from HR source to downstream applications.
Qualifications
IAM Experience: Proven experience as a BSA within Identity and Access Management, with a strong understanding of IAM principles, including Least Privilege, Segregation of Duties, and Lifecycle Management.
Okta Expertise: Solid experience working within the Okta ecosystem. You should be comfortable with the logic behind Group Rules, Expression Language, and Application Policies.
Methodology: A strong conceptual understanding of RBAC vs. ABAC models and experience helping organizations transition from manual provisioning to automated, policy-based controls.
Communication: Excellent ability to translate technical IAM concepts into business-friendly language for stakeholders, and vice versa.
Analytical Mindset: Experience analyzing data sets to find patterns that can be used to build better security policies.
Where We Work
Zendesk is not your average tech company. We have all the stuff you’d expect - competitive pay, benefits, appealing offices, snacks, and more. We also have a culture deeply dedicated to enabling conversations and providing appreciative support. We help our staff keep work-life balance, from flexible hours to remote work, to the most dynamic parental leave plans on the market. Our Social Impact team is actively engaged in our community and enables us to invest thousands of hours with local community groups each year. We invest in diversity and inclusion so that our team reflects the diversity of the world around us. We have a whole crew dedicated to ensuring our workplace experience is top notch and welcoming for all.
Please note that anyone hired into this position must be physically located in and plan to work from Mexico City (CDMX) or Mexico State (Estado de Mexico).
Hybrid: In this role, our hybrid experience is designed at the team level to give you a rich onsite experience packed with connection, collaboration, learning, and celebration - while also giving you flexibility to work remotely for part of the week. This role must attend our local office for part of the week. The specific in-office schedule is to be determined by the hiring manager.
The intelligent heart of customer experience
Zendesk software was built to bring a sense of calm to the chaotic world of customer service. Today we power billions of conversations with brands you know and love.
Zendesk believes in offering our people a fulfilling and inclusive experience. Our hybrid way of working, enables us to purposefully come together in person, at one of our many Zendesk offices around the world, to connect, collaborate and learn whilst also giving our people the flexibility to work remotely for part of the week.
As part of our commitment to fairness and transparency, we inform all applicants that artificial intelligence (AI) or automated decision systems may be used to screen or evaluate applications for this position, in accordance with Company guidelines and applicable law.
Zendesk is an equal opportunity employer, and we’re proud of our ongoing efforts to foster global diversity, equity, & inclusion in the workplace. Individuals seeking employment and employees at Zendesk are considered without regard to race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, disability, military or veteran status, or any other characteristic protected by applicable law. We are an AA/EEO/Veterans/Disabled employer. If you are based in the United States and would like more information about your EEO rights under the law, please click here.
Zendesk endeavors to make reasonable accommodations for applicants with disabilities and disabled veterans pursuant to applicable federal and state law. If you are an individual with a disability and require a reasonable accommodation to submit this application, complete any pre-employment testing, or otherwise participate in the employee selection process, please send an e-mail to peopleandplaces@zendesk.com with your specific accommodation request.