IAM Analyst (Saviynt) - Senior Associate

You will collaborate closely with clients, internal stakeholders, and global experts to drive cyber resilience, regulatory compliance, and innovation. You will provide hands-on technical delivery, operational excellence, and continuous improvement across cyber managed services programs.

• Share and collaborate effectively with others, creating a positive team spirit.
• Identify and make suggestions for improvements when problems and/or opportunities arise.
• Validate data and analysis for accuracy and relevance.
• Follow risk management and compliance procedures.
• Keep up to date with developments in my area of specialty
• Communicate confidently in a clear, concise and articulate manner - verbally and in written form.
• Seek opportunities to learn about the wider economy alongside the business models/corporate governance and/or regulatory environment of our clients
• Uphold the firm's code of ethics and business conduct

Basic Qualifications:

Degree Required: Bachelors or masters

Minimum Years of Experience: Over 5 to 8 years of hands-on IAM implementation, and operations support

Preferred Knowledge/Skills: Relevant experience in end-to-end support of IAM services and certifications like CISSP, CISM, CISA, GIAC (GCIH, GSEC, GCIA), CCSP, or equivalent is desirable.

Certifications specific to IAM are an advantage.

• IGA (SailPoint IIQ) - SailPoint Certified IdentityIQ Engineer
• IGA (SailPoint ISC) - SailPoint Certified Identity Security Engineer (Cloud)
• IGA (Saviynt) - Saviynt Certified IGA Professional (SCIP)
• PAM(CyberArk) - Cyberark CDE
• PAM (Delinea) - Delinea Secret Server
• AM (Okta) - Okta Certified Professional
• AM (Ping)- Ping Federate Professional
• AM (Ping) - Ping Directory Professional
• AM (Ping) - Ping Identity Professional

Demonstrates knowledge and/or a proven record of success in one or more of the following areas:

Identity Governance and Administration:

• Configuring, administering, and supporting Identity Governance and Administration (IGA) tools such as SailPoint ISC/IIQ, Saviynt, or equivalent platforms.
• Implementing and optimizing access request management, approval of workflows, and automated provisioning/de-provisioning processes to enhance efficiency and governance adherence.
• Applying user lifecycle management best practices including role-based access control (RBAC), segregation of duties (SoD), and least privilege principles aligned to client policy and regulatory requirements.
• Managing identity workflows, role and entitlement models, and access approval processes tailored to client-specific business needs and compliance requirements.
• Performing periodic access reviews/certifications, supporting remediation activities, and maintaining audit-ready evidence for IAM controls and processes.
• Having experience in integrating applications with IGA solutions.

Privileged Access Management (PAM)

• Administering Privileged Access Management (PAM) solutions including CyberArk, Delinea, ensuring secure privileged account onboarding, credential rotation, session management, and policy enforcement.
• Strong knowledge of CyberArk solutions, including PAM, PAS, Cloud, and other related modules (PTA, EPM, Alero, etc).
• Experience in Secrets Server administration and policy management.
• Experience in the upgrade of the CyberArk or Delinea PAM components.
• Provide overall direction and oversight into the PAM functions across the organization, including Password Vaulting of elevated user and application service accounts.
• Coordination with infrastructure, security, and application teams for privileged access controls
• Well versed with automation scripts in Rest-API.
• Knowledge on customization of CyberArk Platforms, Connectors/Plugins (with AutoIT/Shell Scripting) and good knowledge on auto-detection configuration and usage of Discovery Scanning tools.

Access Management (AM)

• Supporting Access Management (AM) capabilities including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and federation protocols (SAML, OAuth, OpenID Connect) using platforms such as PingID, Okta, Microsoft Entra ID, or equivalent.
• Advanced knowledge of identity federation, Single Sign-On (SSO), and Multi-Factor Authentication (MFA) solutions.
• Strong understanding of IAM concepts and protocols (SAML, OAuth, OpenID Connect).
• Experience with Enterprise Provisioning, Roles based Access Controls, Single-Sign On, external and internal federation and systems integration.
• Knowledge of regulatory compliance requirements related to identity management (e.g., GDPR, HIPAA).
• Proficiency in integrating IAM solutions with a wide range of applications and platforms.
• Experience with APIs, SDKs, and automation scripting (e.g., Python, PowerShell) for complex IAM workflows.

Demonstrates knowledge and/or a proven record of success in the following areas:

• Owning incident, problem, and change management activities related to IAM/PAM services, following ITIL practices and using service management platforms such as ServiceNow and Jira.
• Developing and maintaining operational documentation, runbooks, knowledge articles, and standard operating procedures (SOPs) to enable consistent delivery and audit readiness.
• Driving automation and integration using scripting (PowerShell, Python, Ruby), REST APIs, and tooling (e.g., Postman) to reduce manual effort and improve service reliability.
• Collaborating cross-functionally with IT security, risk, compliance, and application owners to onboard systems and validate secure integrations into the IAM architecture.
• Monitoring service health, support SLA adherence, perform root cause analysis (RCA) for recurring issues, and recommend continuous improvements.

Responsibilities:

Service Delivery & Operations

• Provide operational support for IGA, PAM, and AM platforms including monitoring, troubleshooting, and break/fix.
• Execute standard changes (new app onboarding, connector configuration, policy updates) and support platform upgrades and patching activities under change control.
• Participate in on-call rotations and major incident responses for IAM services, coordinating with stakeholders until resolution.
• Maintain accurate ticket updates, communication, and documentation to ensure timely resolution and customer satisfaction.
• Handle L3 escalations for IAM incidents and complex service requests, driving technical triage and resolution.
• Lead complex application onboarding, including requirements of gathering, integration design, connector configuration, and end-to-end validation.

Engineering, Automation & Continuous Improvement

• Design and implement repeatable automation for joiner/mover/leaver processes, privileged access onboarding, and access review remediation using scripts and APIs.
• Create dashboards/metrics to track operational performance (ticket trends, SLA compliance, access review completion, privileged account coverage) and identify improvement opportunities.
• Contribute to platform hardening, configuration standards, and secure-by-default patterns for IAM services.
• Provide architecture guidance and solution design for IAM capabilities and integrations, aligning to target-state architecture and security standards.
• Deliver strategic recommendations and roadmaps for IAM tooling, automation, and process improvements based on risk, compliance, and operational insights.
• Plan and execute IAM tool migrations and platform transitions (including upgrades and consolidations), ensuring controlled cutover, minimal disruption, and stakeholder readiness.

Governance, Compliance & Reporting

• Ensure IAM activities are executed in accordance with PwC policies, client governance frameworks, and applicable regulatory requirements.
• Support audits by producing evidence of IAM controls, process adherence, and remediation actions; maintain traceability for access approvals and certifications.
• Assist in preparing periodic status reports and operational summaries for client and internal stakeholders.

Tools Knowledge:

Identity & Access Management: Active Directory, SailPoint Identity Now IIQ/ISC, CyberArk, Saviynt, Ping Access/Federate, Microsoft Entra ID, Okta, ForgeRock

Scripting & Automation: PowerShell, Python, Ruby, REST APIs

Support & Management Platforms: ServiceNow, Jira, Git

Databases & Protocols: SQL (MSSQL/Oracle), Java fundamentals, SAML, OAuth, OpenID Connect

Utilities: Postman, Putty, WinSCP

Travel Requirements

Not Specified

Job Posting End Date