Sr. IAM Analyst, User Access Review

Role:

The Sr. IAM Analyst – User Access Review  is responsible for managing and executing the enterprise-wide User Access Review (UAR) process to ensure compliance, least-privilege enforcement, and regulatory readiness. This role focuses on maintaining visibility into who has access to what systems, ensuring that user permissions are appropriate, and that periodic reviews meet audit and regulatory standards (SOX, SOC2, ISO 27001, PCI, etc.). You will collaborate closely with application owners, auditors, compliance, and IT to ensure user entitlements are validated, certified, and remediated efficiently and accurately.

What You’ll Do:

Program Management & Operations

• Own and execute the User Access Review (UAR) lifecycle across all critical applications, systems, and cloud environments.
• Coordinate quarterly and annual access reviews for key systems (finance, trading, custody, HR, and developer platforms).
• Track completion rates, exceptions, and remediation progress; escalate overdue reviews as necessary.
• Maintain UAR calendar, review templates, and stakeholder communications.

 Access Data & Analysis

• Gather, normalize, and analyze entitlement data from IAM systems 
• Identify excessive or orphaned privileges, toxic combinations (segregation of duties violations), and inactive accounts.
• Automate entitlement reviews using identity governance tools 
• Produce audit-ready evidence packages for internal and external auditors.

 Process Automation & Improvement

• Partner with IAM engineers to automate access certification workflows and reporting.
• Integrate UAR processes with onboarding/offboarding and role-based access control (RBAC) policies.
• Define and document standard operating procedures (SOPs) for recurring review cycles.
• Continuously improve UAR accuracy, efficiency, and audit defensibility.

Stakeholder Collaboration

• Collaborate with Application Owners, Business Managers, HR, and Compliance to validate access levels and maintain least privilege.
• Work with Internal Audit and External Auditors to provide supporting evidence and respond to findings.
• Partner with Security and Compliance to ensure access reviews align with regulatory frameworks (SOX, PCI DSS, FFIEC, etc.).

Metrics & Reporting

• Develop and maintain dashboards for access review completion, exceptions, and risk metrics.
• Provide monthly and quarterly reports to leadership and compliance teams.
• Measure success through KPIs such as completion rates, remediation turnaround, and privilege reduction percentages.

What You’ll Need:

Education & Experience

• Bachelor’s degree in Information Security, Computer Science, or related discipline (or equivalent experience).
• 2–5 years of experience in IAM, Security Operations, or Compliance in a financial or fintech environment.
• Hands-on experience with IAM platforms (Okta, Azure AD, SailPoint, Saviynt, CyberArk).
• Familiarity with cloud access management (AWS, GCP, or Azure).
• Knowledge of regulatory compliance frameworks: SOX, SOC2, ISO 27001, PCI DSS, or FFIEC.

Technical & Professional Skills

• Understanding of RBAC, ABAC, and least-privilege principles.
• Experience generating and validating access entitlement reports.
• Familiar with scripting or automation tools (Python, PowerShell, or SQL) for data analysis or reporting.
• Strong Excel / data visualization skills (Power BI, Tableau, etc.).
• Excellent written and verbal communication for stakeholder engagement.

Preferred Certifications

• CompTIA Security+ or CySA+
• (ISC)² Certified Identity and Access Manager (CIAM)
• Certified Information Systems Auditor (CISA) — desirable for audit-heavy environments