Senior Identity and Access Management Analyst
About UMass Amherst
UMass Amherst, the Commonwealth's flagship campus, is a nationally ranked public research university offering a full range of undergraduate, graduate and professional degrees. The University sits on nearly 1,450-acres in the scenic Pioneer Valley of Western Massachusetts, and offers a rich cultural environment in a bucolic setting close to major urban centers. In addition, the University is part of the Five Colleges (including Amherst College, Hampshire College, Mount Holyoke College, and Smith College), which adds to the intellectual energy of the region.
The Senior Identity Access Management Analyst is a technical staff member of the Information Security organization supporting mission-critical IT applications, business processes, and infrastructure services provided by the Information Technology department. The Identity Access Management Analyst will collaborate with university business stakeholders to develop and administer Identity and Access Management (IAM) capabilities that enable the full lifecycle management of UMass Amherst account identities, credentials, and entitlements according to security, privacy, and compliance requirements. This position will perform security analysis and risk assessment and improve security by setting policies and standards. This position requires deep knowledge in Governance, Risk, and Compliance (GRC), solid understanding of data security, academic business operations, compliance-related laws, regulations and audits.
Identity Access Management and Administration
- Executes and improves Identity and Access Management (IAM) control activities which may include, but not limited to, access provisioning/de-provisioning, entitlement review & access recertification, role-based authorization, segregation of duties, and computer account management.
- Collaborates with Human Resources to maintain access and authorization controls.
- Identifies and resolves gaps in the business processes which may include security/authorization set-up, user documentation, data interface design, data migration and reconciliation.
- Interacts with end users, managers, and data custodians to ensure compliance with access controls and audit procedures.
- Provides operational support and oversight for authentication/authorization services such as Multi-Factor Authorization (MFA), Active Directory, and Identity Management (IdM).
- Works with stakeholders, vendors, UITS, and internal IT departments, identifies, documents, and leads remediation of information security and operational issues impacting university identity management systems
- Cross-trains information security staff members to function in a backup capacity
Security Office Functions
- Develops security awareness, education, and outreach programs which focus on protecting the confidentiality, integrity, and availability of university information. Ensures the members of the university community are aware of applicable security laws and regulations and of their impact upon information uses at the university. Prepares and delivers training material independently or via third party training partners.
- Interfaces with, and responds to, internal and state auditor’s requests as needed.
- Performs security risk assessments/audits in accordance with established security policies and procedures.
- Researches, recommends, and promotes IT security policies and guidelines which focus on protecting confidentiality, integrity, and availability of university data and computer assets local and in the cloud.
- Ensures compliance with all federal, state, and local legislation relative to university information security.
- Leads information security strategic and tactical planning, disaster recovery, and business continuity planning.
Promote the University’s commitment to customer service by:
- Building effective partnerships with co-workers throughout the University by freely sharing appropriate information and providing assistance when needed.
- Ensuring optimum service to all internal and external partners in response to requests for service and information.
- Maintaining an environment that is welcoming to persons of all backgrounds, nationalities, and roles.
Performs other related duties as assigned to accomplish the academic, administrative, and research goals of the University.
- High school diploma with 7 years of IT experience; an Associate's degree may be substituted for 2 years of required experience; a Bachelor's degree may be substituted for 4 years of required experience
- Working knowledge of security, privacy, audit and compliance requirements applicable to IAM in higher education (GDPR, HIPAA, PCI DSS, etc.)
- Well-versed in IAM principles and policy, such as segregation of duties analysis, access reviews, provisioning/de-provisioning, authorization and authentication protocols, and access governance.
- Working knowledge of Active Directory, including security group structures and policies.
- Demonstrated experience with enterprise application security administration tools and IdM application suites.
- Knowledge of Multi-Factor Authentication (MFA) solutions and technologies.
- Demonstrated oral and written communication skills to prepare and deliver information security procedures, standards, and guidelines to a technical and non-technical audience.
- Ability to work in a team environment, take direction and guidance, prioritize, and meet deadlines for wide-ranging technical projects.
- Ability to use a combination of independent research, experience, testing, and escalation to efficiently balance the most appropriate and cost-effective solution.
- Ability to establish and maintain effective working relationships in a positive, services-oriented manner.
- Given the nature and responsibilities of the position, only U.S. persons (any individual who is a citizen of the United States, a permanent resident alien of the United States, or a protected individual as defined by 8 U.S.C.1324b(a)(3)) will be considered for this position.
- Hands-on experience with Identity Management Software (Grouper, coManage, MidPoint).
- Knowledge Critical Security Controls.
- Knowledge of authentication protocols such as Active Directory, LDAP, Kerberos, SAML desired; knowledge of asset management products.
- Prior IT operations experience in higher education environment.
- ITIL Foundations Certification.
Physical Demands/Working Conditions
- Typical Office Activities.
- Exercises discretion and independent judgment. As a key member of the Information Security team, decisions may affect the integrity of campus information assets.
- This position administers access to university data and assets. Errors, oversight, and mistakes may have a significant impact to the University.
- May encounter sensitive issues related to the cybersecurity posture of the university. This involves restricted and confidential data (personally identifiable data) and IT security-related matters, which require extreme confidentiality.
- Requires deep knowledge and experience combined with demonstrated excellence taking ownership of problems, leading projects, and transferring knowledge. Ever changing laws and policies must be monitored to ensure business practices and procedures are updated to maintain compliance.
- May supervise student or part-time employees.
- Extensive communication with internal audiences including faculty, staff, students, and campus technicians; External audiences including UMass System Information Technology support resources (Application Specialists, Technical Support; Security).
Monday-Friday 9am to 5pm
This position has the opportunity for a hybrid/remote work schedule, which is defined by the University as an arrangement where an employee’s work is regularly performed at a location other than the campus workspace for a portion of the week. As this position falls within the Professional Staff Union, it is subject to the terms and conditions of the Professional Staff Union collective bargaining agreement.
PSU Hiring Ranges
Special Instructions to Applicants
Submit a resume, cover letter and contact information for three (3) professional references; applications will be accepted until the position has been filled.
UMass Amherst is committed to a policy of equal opportunity without regard to race, color, religion, gender, gender identity or expression, age, sexual orientation, national origin, ancestry, disability, military status, or genetic information in employment, admission to and participation in academic programs, activities, and services, and the selection of vendors who provide services or products to the University. To fulfill that policy, UMass Amherst is further committed to a program of affirmative action to eliminate or mitigate artificial barriers and to increase opportunities for the recruitment and advancement of qualified minorities, women, persons with disabilities, and covered veterans. It is the policy of the UMass Amherst to comply with the applicable federal and state statutes, rules, and regulations concerning equal opportunity and affirmative action.