Lead Identity and Access Management (IAM) Analyst

Salary Range: $90,000.00 To $110,000.00 AnnuallyThis role sits within the Information Security team and focuses on Identity and Access Management (IAM) governance and execution across the enterprise. The Lead IAM Analyst oversees user access controls, recertifications, and joiner/mover/leaver processes to ensure access aligns with role‑based security standards and regulatory requirements.Essential Job Duties Lead user access recertification campaign oversight in collaborating with multiple application owners and stakeholders to ensure completeness and accuracy of all recertifications and produce documentation for auditors. Bi-weekly checks of joiners, movers and leavers (JML) population to ensure appropriate provisioning and deprovisioning occurs. Monthly reviews of domain administrator password check outs (Keepass, Safeguard.) Ensure role-based access control is aligned with access users have by maintaining RBAC database. Work with managers and application owners to ensure roles are accurate to actual access and appropriate. Review user access for improper entitlements such as toxic combinations across applications. Participate as a member of a distributed security and technology team responsible for prioritizing requirements and entitlements, as well as establishing and maintaining identities for business applications within IAM solutions. Become a subject matter expert to create and maintain IAM business process and architectural requirements. Validate identity controls and settings that align with policies and identity governance and administration (IGA) process. Formulate business cases, evaluate product capabilities and ensure requirements can be met. Influence IAM project timeframes, goals, strategic plans and budget constraints. Research and review process to ensure operational efficiency for security team and employees. Review integrations and assess their state related to business and security needs. Understand associated businesses’ organizational and technical controls within global frameworks. Regularly review and measure trends, threats and vulnerabilities with access to applications and data. Work closely with business stakeholders to evaluate change impacting existing business cases. Govern access models to verify alignment with organizational risk posture. Support IAM governance, policies and solutions across SSO, directory, certificate, MFA, zero trust, privileged accounts and automation. Oversee access to on-premises, cloud infrastructure and applications for a distributed workforce. Conduct business impact and risk exposure and make recommendations where security can improve. Review internal, external and contractor accounts as part of periodic audits. Participate in quality assurance of solutions and features to ensure optimal use and security IAM best practices. Make recommendations to improve automation, security practices and end-user experience. Frequently interact with business units to understand their plans, risk appetite and business obligations. Facilitate opportunities to improve efficiencies automating and advancing IAM and IGA processes. Support policies for access, data protection, security and compliance framework requirements. Be aware of advanced technologies and use of AI/machine learning as businesses adopt to improve operational efficiency. Perform other duties as assigned. Skills and Experience Preferably 5-plus years’ experience in security administration, with 3-plus years’ technical hands-on IAM practitioner. Administration and familiarity with directory services, Windows and Entra ID/Azure AD, SSO, MFA, zero trust, attribute-based access, and policy and role-based access. Experience administering IAM systems and access controls aligning with security governance fundamentals. Ideally familiar with one or more regulatory requirements and laws such as, but not limited to, PCI, FFIEC, SOX, and GLBA. Additionally, experience in one or more: CSF, ITIL. Preferable experience with one or more scripting languages (Python, PowerShell and Bash). Track record acting with integrity, taking pride in work, seeking to excel, being curious and flexible. Strong written and oral communication skills across varying levels of the organization. Excellent judgment and the ability to make quick decisions when working with complex situations. High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism. Education Requirements Bachelor’s degree preferred in cybersecurity, computer science, engineering or related field. Experience Requirements 5-plus years of cybersecurity or IT practitioner experience. Certification Requirements Preferable: CISSP, Microsoft Identity & Access Administrator Associate, GSEC, GISF, GISP, CIPPOur job titles may span more than one career level. The starting base salary for this role is between $90,000 – $110,000. The actual base pay is dependent upon many factors, such as: training, transferrable skills, work experience, business needs and market demands. The base pay range is subject to change and may be modified in the future. Amalgamated Bank is an Equal Opportunity and Affirmative Action Employer, Minorities / Females / Individuals with Disability / Veterans . (AmeriCorps, Peace Corps and other national service alumni are encouraged to apply. View our Pay Transparency Statement (. Submission of a resume or any information regarding your qualifications does not constitute a promise or offer of employment. At Amalgamated Bank, we consider an applicant to be someone who has interviewed at least once, in person, with the hiring manager. Amalgamated Bank does not sponsor applicants for work visas.Hybrid Work ModelEffective February 18, 2025, employees in office-based positions will be working a Hybrid work schedule consisting of three days or more, on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence. This Hybrid work model does not apply to, and daily in-person attendance is required for, the contact center, branch service roles, and general services where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance does not apply to roles that have been designated as “remote”.Search Firm Representatives- Please Read CarefullyAmalgamated Bank does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for the position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Apply Now