• Principal Identity Access Management Specialist

    UKG (Ultimate Kronos Group) (Weston, FL)


    Why UKG:

    At UKG, the work you do matters. The code you ship, the decisions you make, and the care you show a customer all add up to real impact. Today, tens of millions of workers start and end their days with our workforce operating platform. Helping people get paid, grow in their careers, and shape the future of their industries. That’s what we do.

     

    We never stop learning. We never stop challenging the norm. We push for better, and we celebrate the wins along the way. Here, you’ll get flexibility that’s real, benefits you can count on, and a team that succeeds together. Because at UKG, your work matters—and so do you.

    About the Team:

    The team is the IAM operations and access control group. We are responsible for managing user access provisioning and deprovision for applications we are responsible for as well as the controls that govern the work that we do.

    About the Role:

    The Principal IAM Specialist will lead the transformation of Identity Governance & Administration (IGA) by defining and implementing processes and Standard Implementation Procedures (SIPs) for efficient and compliant application onboarding. This role will focus on data analysis, role mining, SOX/SOC compliance controls mapping, Privileged Access Management (PAM), and partner access governance. This role will be heavy in IGA and Certification campaigns leaning into certifications and everything that comes with them from certifications to entitlement management and meta data updates. Controls range from Soc2/3 , SOX and ISO and should be very strong in all of these areas. The ideal candidate will collaborate with security, compliance, IT, and business stakeholders to enhance IAM efficiency, automate processes, and strengthen access controls.

    Key Responsibilities:

    IGA Transformation & Onboarding Process Development:

    Design and implement scalable, standardized IAM processes and SIPs for onboarding applications into IGA platforms.

     

    Define governance models, access policies, and automated provisioning workflows to streamline identity lifecycle management.

     

    Partner with application owners, IT, and security teams to ensure proper access controls and compliance alignment.

    Data Analysis & Role Mining:

    Conduct role mining and entitlement reviews to establish least-privilege access controls.

     

    Analyze access patterns, role definitions, and group structures to optimize identity governance.

     

    Develop IAM dashboards and reports for access analytics, compliance tracking, and risk mitigation.

    SOX & SOC Compliance Controls Mapping:

    Map IAM controls to SOX, SOC 2, NIST, and other regulatory requirements to support audit readiness.

     

    Establish and maintain access certification, attestation, and segregation of duties (SoD) processes.

     

    Collaborate with auditors and compliance teams to ensure access control effectiveness and policy adherence.

    Privileged Access Management (PAM) & Partner Access Governance:

    Govern privileged accounts, third-party/vendor access, and non-human identities.

     

    Implement Just-in-Time (JIT) access, session monitoring, and least-privilege enforcement for privileged users.

     

    Ensure proper governance over partner access entitlements, group lifecycle management, and service accounts.

    Qualifications & Experience:

    8+ years of experience in Identity & Access Management, Information Security, or Compliance.

     

    Expertise in IGA platforms (Saviynt, SailPoint, Okta), PAM solutions (CyberArk, BeyondTrust), and access control models (RBAC, ABAC, JIT).

     

    Strong knowledge of SOX, SOC 2, NIST, ISO 27001, and IAM compliance frameworks.

     

    Experience in data analysis, SQL, Power BI, and IAM automation.

     

    Proven ability to design IAM processes, optimize access models, and drive transformation initiatives.

    Preferred Qualifications:

    Experience in Cloud IAM (AWS IAM, Azure AD, Google Cloud IAM).

    Company Overview:

    UKG is the Workforce Operating Platform that puts workforce understanding to work. With the world's largest collection of workforce insights, and people-first AI, our ability to reveal unseen ways to build trust, amplify productivity, and empower talent, is unmatched. It's this expertise that equips our customers with the intelligence to solve any challenge in any industry — because great organizations know their workforce is their competitive edge. Learn more at ukg.com.

     

    Equal Opportunity Employer

     

    UKG is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, disability, religion, sex, age, national origin, veteran status, genetic information, and other legally protected categories.

     

    View The EEO Know Your Rights poster (https://www.eeoc.gov/sites/default/files/2022-10/EEOC\_KnowYourRights\_screen\_reader\_10\_20.pdf)

     

    UKG participates in E-Verify. View the E-Verify posters here (https://www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf) .

     

    It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

     

    Disability Accommodation in the Application and Interview Process

     

    For individuals with disabilities that need additional assistance at any point in the application and interview process, please email [email protected] .

     

    The pay range for this position is $142,100.00 to $204,200.00 USD, however, base pay offered may vary depending on skills, experience, job-related knowledge and location. This position is also eligible for a short-term incentive and a long-term incentive as part of total compensation. Information about UKG’s comprehensive benefits can be reviewed on our careers site at https://www.ukg.com/careers

    NOTICE ON HIRING SCAMS

    UKG will never ask you for a copy of your driver’s license, social security card, or passport during a job interview. For new hires, we do not ask for payment for equipment purchase, cost for training, or to receive onboarding documents. UKG does not make job offers outside of our formal hiring process. To help protect yourself against potential hiring scams, learn more about our formal hiring process, outlined here (https://www.ukg.com/about-us/careers/faqs) .

    ABOUT OUR JOB DESCRIPTIONS

    All job descriptions are written to accurately reflect the open job and include general work responsibilities. They do not present a comprehensive, detailed inventory of all duties, responsibilities, and qualifications required for the job. Management reserves the right to revise the job or require that other or different tasks be performed if or when circumstances change.

     

    It is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti-discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay-offs, terminations, leave of absence, and training opportunities.