Identity & Access Management Analyst (Hybrid/Remote)

Job no: 516883
Work type: Staff Full Time
Location: UMass Amherst
Department: IT Information Security
Union: PSU
Categories: Computer & Information Technology

Identity and Access Management Analyst

About UMass Amherst

UMass Amherst, the Commonwealth's flagship campus, is a nationally ranked public research university offering a full range of undergraduate, graduate and professional degrees. The University sits on nearly 1,450-acres in the scenic Pioneer Valley of Western Massachusetts, and offers a rich cultural environment in a bucolic setting close to major urban centers. In addition, the University is part of the Five Colleges (including Amherst College, Hampshire College, Mount Holyoke College, and Smith College), which adds to the intellectual energy of the region.

Job Summary

The Identity Access Management Analyst is a technical staff member of the Information Security organization supporting mission-critical IT applications, business processes, and infrastructure services provided by the Information Technology department. This entry level position will collaborate with university business stakeholders to administer Identity and Access Management (IAM) capabilities that enable the full life cycle of UMass Amherst account identities, credentials, and entitlements according to security, privacy, and compliance requirements. This position requires basic knowledge in Governance, Risk, and Compliance (GRC), a good understanding of data security, academic business operations and compliance-related laws, regulations, and audits.

Essential Functions

Identity Access Management and Administration

• Cross-trains information security staff members to function in a backup capacity.
• Works with Human Resources for all new user and user transfer/termination events with respect to access and authorization controls.
• Interacts with end users, managers, and data custodians to ensure compliance with access controls and audit procedures.
• Provides operational support for authentication/authorization services such as Multi-Factor Authorization (MFA), Active Directory, and Identity Management (IdM).
• Identifies and resolves gaps in the business processes which may include security/authorization set-up, user documentation, data interface design, data migration and reconciliation.
• Executes day-to-day Identity and Access Management (IAM) control activities which may include, but not limited to, access provisioning/de-provisioning, entitlement review & access recertification, role-based authorization, segregation of duties, and computer account management.

Security Office Functions

• Interfaces with, and responds to, internal and state auditor’s requests as needed
• Participates in information security strategic and tactical planning, disaster recovery, and business continuity planning
• Ensures compliance with all federal, state, and local legislation relative to university information security
• Assists with security risk assessments/audits in accordance with established security policies and procedures
• Administers, contributes to, or coordinates security awareness, education, and outreach, which focus on protecting the confidentiality, integrity, and availability of university information. Ensures the members of the university community are aware of applicable security laws and regulations and of their impact upon information uses at the university. Prepares and delivers training material independently or via third party training partners.

Promote the University’s commitment to customer service by:

• Ensuring optimum service to all internal and external partners in response to requests for service and information.
• Building effective partnerships with co-workers throughout the University by freely sharing appropriate information and providing assistance when needed.
• Maintaining an environment that is welcoming to persons of all backgrounds, nationalities, and roles.

Other Functions

Performs other related duties as assigned to accomplish the academic, administrative, and research goals of the University.

Minimum Qualifications

• Ability to work in a team environment, take direction and guidance, prioritize, and meet deadlines for wide-ranging technical projects.
• High School diploma with 4 years of IT experience; an associate's degree may be substituted for 2 years of required experience; a bachelor's degree may be substituted for 4 years of required experience.
• Ability to establish and maintain effective working relationships in a positive, services-oriented manner.
• Ability to use a combination of independent research, experience, testing, and escalation to efficiently balance the most appropriate and cost-effective solution.
• Familiarity with security, privacy, audit and compliance requirements applicable to IAM in higher education (GDPR, HIPAA, PCI DSS, etc.).
• Given the nature and responsibilities of the position, only U.S. persons (any individual who is a citizen of the United States, a permanent resident alien of the United States, or a protected individual as defined by 8 U.S.C.1324b(a)(3)) will be considered for this position.
• Demonstrated oral and written communication skills to collaborate effectively.
• Knowledge of IAM principles and policy, such as segregation of duties analysis, access reviews, provisioning/de-provisioning, authorization and authentication protocols, and access governance.

Preferred Qualifications

• Knowledge of authentication protocols such as Active Directory, LDAP, Kerberos, SAML desired; knowledge of asset management products.
• Hands-on experience with Identity Management Software (Grouper, coManage, MidPoint).
• Knowledge Critical Security Controls.
• Prior IT operations experience in higher education environment.

Physical Demands/Working Conditions

• Typical Office Activities.

Additional Details

• Requires demonstrated excellence taking ownership of problems and transferring knowledge. Ever changing laws and policies must be monitored to ensure business practices and procedures are updated to maintain compliance.
• Extensive communication with internal audiences including faculty, staff, students, and campus technicians; External audiences including UMass System Information Technology support resources (Application Specialists, Technical Support; Security).
• Exercises discretion and independent judgment. As a member of the Information Security team, decisions may affect the integrity of campus information assets.
• May encounter sensitive issues related to the cybersecurity posture of the university. This involves restricted and confidential data (personally identifiable data) and IT security-related matters, which require extreme confidentiality.
• This position administers access to university data and assets. Errors, oversight, and mistakes may have a significant impact to the University.

Work Schedule

Monday-Friday 9am to 5pm

This position has the opportunity for a hybrid work schedule, which is defined by the University as an arrangement where an employee’s work is regularly performed at a location other than the campus workspace for a portion of the week. As this position falls within the Professional Staff Union, it is subject to the terms and conditions of the Professional Staff Union collective bargaining agreement.

Salary Information

Level 27

PSU Hiring Ranges

Special Instructions to Applicants

Submit a resume, cover letter and contact information for three (3) professional references in order to ensure consideration; applications will be accepted until the position has been filled.

UMass Amherst is committed to a policy of equal opportunity without regard to race, color, religion, gender, gender identity or expression, age, sexual orientation, national origin, ancestry, disability, military status, or genetic information in employment, admission to and participation in academic programs, activities, and services, and the selection of vendors who provide services or products to the University. To fulfill that policy, UMass Amherst is further committed to a program of affirmative action to eliminate or mitigate artificial barriers and to increase opportunities for the recruitment and advancement of qualified minorities, women, persons with disabilities, and covered veterans. It is the policy of the UMass Amherst to comply with the applicable federal and state statutes, rules, and regulations concerning equal opportunity and affirmative action.