Sr. IAM Analyst, User Access Review

San Francisco, CA - USA

Monthly Salary: Not Disclosed

Posted on: 20 hours ago

Vacancies: 1 Vacancy

Job Summary

Role:

The Sr. IAM Analyst User Access Review is responsible for managing and executing the enterprise-wide User Access Review (UAR) process to ensure compliance least-privilege enforcement and regulatory readiness. This role focuses on maintaining visibility into who has access to what systems ensuring that user permissions are appropriate and that periodic reviews meet audit and regulatory standards (SOX SOC2 ISO 27001 PCI etc.). Youwill collaborate closely with application owners auditors compliance and IT to ensure user entitlements are validated certified and remediated efficiently and accurately.

What Youll Do:

Program Management & Operations

Own and execute the User Access Review (UAR) lifecycle across all critical applications systems and cloud environments.
Coordinate quarterly and annual access reviews for key systems (finance trading custody HR and developer platforms).
Track completion rates exceptions and remediation progress; escalate overdue reviews as necessary.
Maintain UAR calendar review templates and stakeholder communications.

Access Data & Analysis

Gather normalize and analyze entitlement data from IAM systems
Identify excessive or orphaned privileges toxic combinations (segregation of duties violations) and inactive accounts.
Automate entitlement reviews using identity governance tools
Produce audit-ready evidence packages for internal and external auditors.

Process Automation & Improvement

Partner with IAM engineers to automate access certification workflows and reporting.
Integrate UAR processes with onboarding/offboarding and role-based access control (RBAC) policies.
Define and document standard operating procedures (SOPs) for recurring review cycles.
Continuously improve UAR accuracy efficiency and audit defensibility.

Stakeholder Collaboration

Collaborate with Application Owners Business Managers HR and Compliance to validate access levels and maintain least privilege.
Work with Internal Audit and External Auditors to provide supporting evidence and respond to findings.
Partner with Security and Compliance to ensure access reviews align with regulatory frameworks (SOX PCI DSS FFIEC etc.).

Metrics & Reporting

Develop and maintain dashboards for access review completion exceptions and risk metrics.
Provide monthly and quarterly reports to leadership and compliance teams.
Measure success through KPIs such as completion rates remediation turnaround and privilege reduction percentages.

What Youll Need:

Education & Experience

Bachelors degree in Information Security Computer Science or related discipline (or equivalent experience).
25 years of experience in IAM Security Operations or Compliance in a financial or fintech environment.
Hands-on experience with IAM platforms (Okta Azure AD SailPoint Saviynt CyberArk).
Familiarity with cloud access management (AWS GCP or Azure).
Knowledge of regulatory compliance frameworks: SOX SOC2 ISO 27001 PCI DSS or FFIEC.

Technical & Professional Skills

Understanding of RBAC ABAC and least-privilege principles.
Experience generating and validating access entitlement reports.
Familiar with scripting or automation tools (Python PowerShell or SQL) for data analysis or reporting.
Strong Excel / data visualization skills (Power BI Tableau etc.).
Excellent written and verbal communication for stakeholder engagement.

Preferred Certifications

CompTIA Security or CySA
(ISC)² Certified Identity and Access Manager (CIAM)
Certified Information Systems Auditor (CISA) desirable for audit-heavy environments

Required Experience:

Senior IC

Role:The Sr. IAM Analyst User Access Review is responsible for managing and executing the enterprise-wide User Access Review (UAR) process to ensure compliance least-privilege enforcement and regulatory readiness. This role focuses on maintaining visibility into who has access to what systems ensur...

Role:

What Youll Do:

Program Management & Operations

Own and execute the User Access Review (UAR) lifecycle across all critical applications systems and cloud environments.
Coordinate quarterly and annual access reviews for key systems (finance trading custody HR and developer platforms).
Track completion rates exceptions and remediation progress; escalate overdue reviews as necessary.
Maintain UAR calendar review templates and stakeholder communications.

Access Data & Analysis

Gather normalize and analyze entitlement data from IAM systems
Identify excessive or orphaned privileges toxic combinations (segregation of duties violations) and inactive accounts.
Automate entitlement reviews using identity governance tools
Produce audit-ready evidence packages for internal and external auditors.

Process Automation & Improvement

Partner with IAM engineers to automate access certification workflows and reporting.
Integrate UAR processes with onboarding/offboarding and role-based access control (RBAC) policies.
Define and document standard operating procedures (SOPs) for recurring review cycles.
Continuously improve UAR accuracy efficiency and audit defensibility.

Stakeholder Collaboration

Collaborate with Application Owners Business Managers HR and Compliance to validate access levels and maintain least privilege.
Work with Internal Audit and External Auditors to provide supporting evidence and respond to findings.
Partner with Security and Compliance to ensure access reviews align with regulatory frameworks (SOX PCI DSS FFIEC etc.).

Metrics & Reporting

Develop and maintain dashboards for access review completion exceptions and risk metrics.
Provide monthly and quarterly reports to leadership and compliance teams.
Measure success through KPIs such as completion rates remediation turnaround and privilege reduction percentages.

What Youll Need:

Education & Experience

Bachelors degree in Information Security Computer Science or related discipline (or equivalent experience).
25 years of experience in IAM Security Operations or Compliance in a financial or fintech environment.
Hands-on experience with IAM platforms (Okta Azure AD SailPoint Saviynt CyberArk).
Familiarity with cloud access management (AWS GCP or Azure).
Knowledge of regulatory compliance frameworks: SOX SOC2 ISO 27001 PCI DSS or FFIEC.

Technical & Professional Skills

Understanding of RBAC ABAC and least-privilege principles.
Experience generating and validating access entitlement reports.
Familiar with scripting or automation tools (Python PowerShell or SQL) for data analysis or reporting.
Strong Excel / data visualization skills (Power BI Tableau etc.).
Excellent written and verbal communication for stakeholder engagement.

Preferred Certifications

CompTIA Security or CySA
(ISC)² Certified Identity and Access Manager (CIAM)
Certified Information Systems Auditor (CISA) desirable for audit-heavy environments

Required Experience:

Senior IC

Key Skills

Active Directory
Identity & Access Management
LDAP
SAFe
Assistive Technologies
Authentication
Pediatrics Experience
NVDA
Sailpoint
SSH
SSO
Oracle

Apply Now

About Company

SoFi

Why do 10M+ members trust SoFi? Financial solutions for school, marriage, starting a family, home buying, retirement, or whatever’s next. Member FDIC.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click