GUILFORD COUNTY GOVERNMENT
Empower Successful People to thrive in a Strong Community supported by Quality Government
Transparency & Communication | Equity & Inclusion | Accountability
Service & Outcomes Excellence | Our People Matter
Description
GENERAL STATEMENT OF DUTIES
The Lead Identity and Access Management (IAM) Analyst plays a vital role in assessing, analyzing, developing, maintaining, and improving processes governing the lifecycle of identities and user accounts across various systems and applications. The role involves hands-on technical work, collaboration with cross-functional teams, planning, coordinating and supervising all activities related to the IAM function including the creation, provisioning and deprovisioning of identities across county systems
DISTINGUISHING FEATURES OF THE CLASSThe Lead Identity and Access Management Analyst will work closely with the various departments including but not limited to Internal Audit, Risk Management, and other IT teams, to create and operationalize functional, and scalable, Identity and Access Management policies, guidelines, standards, procedures, and processes. Ensuring that authorized users have the appropriate access to County systems, data, and applications is a core component of the position. In addition, analyzing, improving, and automating current processes for granting and removing access based on the principles of least privilege is a key function of the role. The position is responsible for identifying, evaluating, and participating in the decision-making process for and implementation of new and emerging IAM automation technologies and solutions. This position works under the general direction of the IT Security Manager.
The role involves supervisory responsibilities including leading project teams, mentoring staff, and overseeing the work of IAM initiatives. It requires effective team management skills and the ability to guide and develop less experienced colleagues.
The Lead Identity and Access Management Analyst position is an IT grade 09.
Examples of Duties
DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include, but are not limited to:
- Manage the selection, deployment and maintenance of IAM tools, solutions and applications deemed appropriate for the organization.
- Responsible for overseeing the creation, management and maintenance of Active Directory user accounts, as well as phones, tokens, and bypass codes within the county’s multi-factor authentication solution.
- Assign, delegate and support staff in the execution of day-to-day IAM operations and tasks.
- Coach, mentor and provide guidance to team members and staff with regard to IAM processes and best practices.
- Serve as the subject matter expert in the following identity related services: IAM, Active Directory, Conditional Access, and Multi-factor Authentication.
- Plan, execute and manage an IAM capability roadmap and strategy.
- Design and review new IAM security technologies, processes and procedures to ensure that the appropriate controls and tools are selected and operationalized.
- Collaborate with key stakeholders to develop IAM standards that iteratively support long term IAM modernization and transformation.
- Provide analysis and development knowledge for Identity Governance and Administration (IGA), Privilege Access Management (PAM), Single Sign-on (SSO), and/or Multi-Factor Authentication solutions, processes, policies, guidelines, standards, and procedures.
- Research, develop and build automated processes for the provisioning, deprovisioning of user accounts and assigning Role-Based access.
- Design, implement, document, and assist in the maintenance of Role-Based Access Control (RBAC) for account provisioning.
- Develop, implement, perform, and document Periodic Access Reviews for Active Directory, group membership, roles, and access for on-premises, cloud, SaaS and enterprise applications and systems.
- Provide technical expertise related to Active Directory Users and Computers, workflow automation between Active Directory, Azure Active Directory, Exchange, and Microsoft O365.
- Work with departments and key stakeholders to create and maintain role-based access controls for user accounts.
- Ensure account audits and access methods are conducted as required by the IAM program and regulatory requirements. Report any data discrepancies to appropriate personnel.
- Analyze & understand the risks associated with application security exposures and provide solutions to eliminate or reduce these exposures.
- Provide multi-factor authentication end-user support, issue management, resolution, assistance with the enrollment process, training, responding to inquiries, identifying, and implementing process improvements.
- Available to assist in addressing security-related problems and/or incidents; be part of end user on-call support for all in-place security solutions.
- Perform other related duties as assigned.
RECRUITMENT STANDARDS
Knowledge, Skills, and Abilities- Knowledge and experience with MFA, SSO, and Role-based Access Control methods.
- Knowledge and experience with Active Directory, ADFS, and Azure Active Directory.
- Knowledge of Cryptography, PKI, Internal/External CA, and Certificate Management.
- Knowledge and experience with information security best practices.
- Familiarity with relevant standards and regulations (HIPAA, PCI, CJIS, NIST).
- Knowledge and Experience with Identity Lifecycle Management, provisioning and decommissioning user accounts, Privileged Access Management, and segregation of duties.
- Working knowledge of scripting such as PowerShell, Python, Java, JavaScript, PHP, Swift, HTML, CSS, SQL.
- Excellent troubleshooting skills and ability to identify and resolve issues in a timely manner.
- Team-oriented and skilled in working within a collaborative environment.
- Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models etc.
- Effective written, oral, and interpersonal communication skills.
- Excellent comprehensive customer service skills.
- Ability to think logically, analyze, present ideas clearly, and make sound decisions.
- Ability to work efficiently, expeditiously, and independently with limited supervision.
- Ability to organize work in an effective manner and to manage multiple tasks and deadlines.
Typical Qualifications
MINIMUM QUALIFICATIONS
Associate’s degree in Information Technology, Computer Science, or closely related field of study and five (5) years of progressively responsible technical systems experience in Information Technologies, with at least half of the years of experience directly related to identity and access management.
Preferred QualificationsFour-year degree in Computer Science, Information Technology, or a closely related field; from an accredited college or university and 3-4 years’ experience in Information Security.
Familiarity with NIST Framework for Information Security and Identity and Access Management certifications such as Microsoft Certified: Identity and Access Administrator Associate SC: 300, CIST, CIAM, CIMP or CAMS.
Experience in project management, including leading teams or projects within an IAM environment. Demonstrated ability to supervise, mentor, and guide junior staff members. *A skills assessment will be administered during the interview process.*I understand that an official copy of my college transcript will be required upon conditional offer of employment.
Supplemental Information
Compensation
The full salary range is $96,954.00 (minimum) – $122,162.00 (market rate) – $157,066.00 (maximum). Salary placement will depend on directly related qualifications, with an excellent benefits package. Click here for more information about why you should consider working for Guilford County!
The Lead Identity and Access Management Analyst position is an IT grade 09.
Physical Demands
An employee in this position must be able to physically perform the basic life operational functions of fingering, grasping, talking, hearing, and repetitive motions. The employee must be able to perform sedentary work exerting up to 10 pounds of force to move objects.
Working ConditionsWork consists of the normal office environment and work from home in a Hybrid model. No adverse environmental conditions.
May Require Driving
This position may require driving whether a County owned or personal vehicle to conduct county business such as but not limited to attending conferences, meetings, or any other county related functions. Motor Vehicle Reports may be verified for valid driver’s license and that the driving record is compatible with the county’s driving criteria. If a personal vehicle is operated for county business proper insurance is maintained as per Guilford County’s vehicle use policy.
Special Note: This generic class description gives an overview of the job class, its essential job functions, and recommended job requirements. However, for each individual position assigned to this class, there is available a completed job description with physical abilities checklist which can be reviewed before initiating a selection process. They can provide additional detailed information on which to base various personnel actions and can assist management in making legal defensible personnel decisions.
-
Guilford County is committed to providing Equal Employment Opportunity (EEO) to employees and applicants for employment regardless of color, religion, sex, national origin, age, disability, genetic information, sexual orientation or political affiliation. The County is committed to complying with all applicable federal, state and local laws that pertain to employment, and to providing a work environment that is free from discrimination of any kind. If you need an auxiliary aide, make the request forty-eight (48) hours in advance of the time the accommodation is needed by calling 336-641-3324.