Sr. Identity & Access Analyst - IT Security - Full Time

Position Summary:

The Senior Identity and Access Management (IAM) Analyst is responsible for advanced operational support, analysis, and continuous improvement of identity and access controls within the Cybersecurity IAM team. This role serves as a senior individual contributor, providing subject matter expertise across IAM processes and tooling while supporting secure, compliant, and efficient access to Guthrie systems and information. The Senior IAM Analyst performs complex access analysis, troubleshooting, and workflow optimization; leads IAM operational initiatives; supports audits and compliance efforts; and partners with IT, clinical, and business stakeholders to ensure least‑privilege access aligned with healthcare workflows. Core responsibilities include Identity Governance and Administration (IGA), Privileged Access Management (PAM), Single Sign‑On (SSO), Multi‑Factor Authentication (MFA), federation, and access lifecycle management across Azure AD, Active Directory, LDAP, and Epic EMR. This role operates with a high degree of autonomy and may mentor junior analysts and support engineers.

Required Education and Experience:

High school diploma required; 5+ years of experience in Identity and Access Management, information security, or related IT roles 3+ years of hands‑on experience with IAM, PAM, MFA, and access lifecycle management processes Experience supporting IAM in a regulated environment Obtain one relevant professional security certification within 6 months of hire/in role Obtain the Epic security certification within 6 months of hire/in role Preferred Qualifications Bachelor's degree in a relevant field preferred Experience supporting Epic EMR security and clinical access workflows 7+ years of experience in Identity and Access Management, information security, or related IT roles 5+ years of hands‑on experience with IAM, PAM, MFA, and access lifecycle management processes Healthcare experience strongly preferred Familiarity with healthcare regulations and security frameworks (HIPAA, NYSDOH, HITRUST

CSF, NIST CSF

) Experience with scripting or automation (PowerShell or similar) to improve IAM workflows Relevant Professional certification such as CompTIA Security+, ISC2 SSCP, or equivalent Epic Security certification Core Competencies & Skills Advanced understanding of IAM operational processes and controls Strong analytical and troubleshooting skills for complex identity‑based access issues Ability to independently manage workload and prioritize competing requests Strong written and verbal communication skills for documentation, training, and stakeholder engagement Experience documenting standards, procedures, and control evidence Ability to translate business and clinical requirements into effective access controls Familiarity with emerging technology such as AI to support improvements to IAM services

Essential Functions:

Identity & Access Management Operations Perform advanced provisioning and deprovisioning of regular, privileged, and Epic EMR user access Administer and support IAM platforms including Azure AD, Active Directory, PAM, MFA, SSO, and federation Identify, analyze, and resolve complex IAM and access workflow issues; recommend process improvements Support and execute account lifecycle management processes to ensure appropriate access is granted and removed Participate in IAM tool integrations, upgrades, testing, and operational enhancements Adoption and utilization of AI to increase operational efficiencies Governance, Risk, and Compliance Participate in periodic user access reviews and entitlement certifications across the organization Support audits, regulatory reviews, and risk assessments by gathering and validating IAM control evidence Ensure IAM controls operate effectively to support HIPAA Security and Privacy Rule compliance Assist with documenting IAM control gaps, risks, and remediation recommendations Support efforts to acquire and sustain

HITRUST CSF

certification Process Improvement & Collaboration Develop and maintain IAM playbooks, procedures, and standards documentation Establish and track operational IAM metrics and reporting for management Partner with IT, clinical, and business stakeholders to align access controls with workflows Provide guidance and informal mentoring to IAM Analysts and junior team members Participate in project work to ensure IAM requirements are addressed in system designs and operating procedures Working Conditions & Expectations Full Remote with monthly on‑call Requires attention to detail, independent judgment, and ability to manage multiple priorities Frequent interaction with IT, clinical staff, vendors, and auditors No direct people management responsibility