• Identity and Access Management (IAM) Analyst

    Amalgamated Bank (New York, NY)


    This role sits within the Information Security team and focuses on Identity and Access Management (IAM) governance and execution across the enterprise. The IAM Analyst oversees user access controls, recertifications, and joiner/mover/leaver processes to ensure access aligns with role‑based security standards and regulatory requirements.

     

    Essential Job Duties

     

    + Lead user access recertification campaign oversight in collaborating with multiple application owners and stakeholders to ensure completeness and accuracy of all recertifications and produce documentation for auditors.

    + Bi-weekly checks of joiners, movers and leavers (JML) population to ensure appropriate provisioning and deprovisioning occurs.

    + Monthly reviews of domain administrator password check outs (Keepass, Safeguard.)

    + Ensure role-based access control is aligned with access users have by maintaining RBAC database.

    + Work with managers and application owners to ensure roles are accurate to actual access and appropriate.

    + Review user access for improper entitlements such as toxic combinations across applications.

    + Participate as a member of a distributed security and technology team responsible for prioritizing requirements and entitlements, as well as establishing and maintaining identities for business applications within IAM solutions.

    + Become a subject matter expert to create and maintain IAM business process and architectural requirements.

    + Validate identity controls and settings that align with policies and identity governance and administration (IGA) process.

    + Formulate business cases, evaluate product capabilities and ensure requirements can be met.

    + Influence IAM project timeframes, goals, strategic plans and budget constraints.

    + Research and review process to ensure operational efficiency for security team and employees.

    + Review integrations and assess their state related to business and security needs.

    + Understand associated businesses’ organizational and technical controls within global frameworks.

    + Regularly review and measure trends, threats and vulnerabilities with access to applications and data.

    + Work closely with business stakeholders to evaluate change impacting existing business cases.

    + Govern access models to verify alignment with organizational risk posture.

    + Support IAM governance, policies and solutions across SSO, directory, certificate, MFA, zero trust, privileged accounts and automation.

    + Oversee access to on-premises, cloud infrastructure and applications for a distributed workforce.

    + Conduct business impact and risk exposure and make recommendations where security can improve.

    + Review internal, external and contractor accounts as part of periodic audits.

    + Participate in quality assurance of solutions and features to ensure optimal use and security IAM best practices.

    + Make recommendations to improve automation, security practices and end-user experience.

    + Frequently interact with business units to understand their plans, risk appetite and business obligations.

    + Facilitate opportunities to improve efficiencies automating and advancing IAM and IGA processes.

    + Support policies for access, data protection, security and compliance framework requirements.

    + Be aware of advanced technologies and use of AI/machine learning as businesses adopt to improve operational efficiency.

    + Perform other duties as assigned.

     

    Skills and Experience

     

    + Preferably 5-plus years’ experience in security administration, with 3-plus years’ technical hands-on IAM practitioner.

    + Administration and familiarity with directory services, Windows and Entra ID/Azure AD, SSO, MFA, zero trust, attribute-based access, and policy and role-based access.

    + Experience administering IAM systems and access controls aligning with security governance fundamentals.

    + Ideally familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, FFIEC, SOX, and GLBA. Additionally, experience in one or more: CSF, ITIL.

    + Preferable experience with one or more scripting languages (Python, PowerShell and Bash).

    + Track record acting with integrity, taking pride in work, seeking to excel, being curious and flexible.

    + Strong written and oral communication skills across varying levels of the organization.

    + Excellent judgment and the ability to make quick decisions when working with complex situations.

    + High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.

    Education Requirements

    + Bachelor’s degree preferred in cybersecurity, computer science, engineering or related field.

    Experience Requirements

    + 5-plus years of cybersecurity or IT practitioner experience.

    Certification Requirements

    + Preferable: CISSP, Microsoft Identity & Access Administrator Associate, GSEC, GISF, GISP, CIPP