Senior Identity & Access Management (IAM) Analyst

IT SCRTY ANL 4 (000661)

UCPath Position ID: TBD_628

Position Description History/Status

Approved Date:

11/19/2024 3:56:29 PM

Date Last Edited:

11/19/2024 3:56:26 PM

Last Action Effective Date:

4/29/2024

Organization Details

Business Unit (Location):

LACMP

Organization Code:

5000O

Organization:

ADMINISTRATIVE VICE CHANCELLOR         

Division Code:

5901D

Division:

ADMINISTRATION                         

Department:

455400 - IT SERVICES

Position Details

UCPath Position Number:

TBD_628

Position Description ID

172832

UC Payroll Title:

IT SCRTY ANL 4 (000661)

Business Title:

Senior Identity & Access Management (IAM) Analyst

Personnel Program

Management and Senior Professional (MSP)

Salary Grade:

Grade 25

Job Code FLSA:

Exempt

Union Code (Collective Bargaining Unit):

99: Non-Represented (PPSM)

Employee Relations Code:

E: All Others - Not Confidential

Employee Class (Appt Type):

2 - Staff: Career

Full-Time Equivalent (FTE)

1

SUPERVISION

UCPath Reports to Position Number:

41051981

Reports to Payroll Title:

IT SCRTY MGR 1

UCPath Department Head Position Number:

40068309

Department Head Payroll Title:

 INFO SYS MGR 4

GENERAL SUPERVISION - Indicates that the incumbent develops procedures for performance of variety of duties; or performs complex duties within established policy guidelines.

POSITION SUMMARY

The Senior Identity & Access Management (IAM) Analyst will be responsible for leading the solution design, implementation, and support of advanced identity and access management data, processes, and technologies from conception to post deployment.  The Sr. IAM Analyst will apply deep technical expertise in IAM tools, protocols, and architecture to create robust access controls, authentication mechanisms, and identity governance solutions that align with organizational goals. This role has experience integrating IAM technologies into complex IT environments and will ensure seamless and secure access to applications, data, and services for internal and external users. This roll performs and guides technical evaluations and implements complex vendor or customized applications and plays a critical role in safeguarding sensitive information, ensuring regulatory compliance, and enabling seamless and secure access.

This role will work collaborate closely with the IAM Director, various departments and stakeholders across the university, as well as external vendors, to ensure quality of identity data, the establishment of data standards, and the appropriate access levels are granted to users in a timely, secure, and compliant manner, focusing on optimization and automation wherever possible. In addition, the position will evaluate and test new software and upgrades. The Senior IAM Analyst will produce documentation, procedures, and any necessary materials to support IAM services. The Senior IAM Analyst will also mentor and guide junior analysts in the team.

The Senior IAM Analyst will positively impact UCLA's operations and culture by protecting University

stakeholder's information and data in service of the institution's academic and research mission. This team member will advance the University's mission by delivering exceptional IAM service comprehensively and consistently across faculty, staff, students, and persons of interest. This role will execute UCLA's vision while modeling UCLA's culture and values.

The UCLA Information Security team enables UCLA’s mission by providing leadership and expertise that assures the confidentiality, integrity, safeguarding, and availability of the university’s digital information resources. The Information Security team enables efficient campus wide cyber incident detection and response procedures. In addition, the team implements risk management strategies to identify vulnerabilities and threats to campus information resources and enterprise systems. This includes executing a comprehensive information security plan, centered on implementing and enforcing technical and physical security measures to treat identified risks based on their sensitivity or criticality.

The Identity & Access Management team protects UCLA’s resources and digital assets as well as supports university business operations through effective and seamless access management. This includes account lifecycle management, authentication, and role-based access controls at the enterprise level. The IAM team is responsible for managing digital identities and ensuring the proper access controls are in place ensuring sensitive information protection. The team drives the creation and management of university IDs for faculty, staff, and students and the IAM infrastructure to guarantee secure and efficient access to information systems and resources. Furthermore, the team implements rigorous regulation of entitlements through granular access control and the auditing of all digital identities managed by UCLA by adhering to the best practices and latest regulatory standards.

Identity & Access Management (IAM)

1.Design and lead implementation of scalable IAM solutions and support of the university's advanced IAM processes and technologies, including provisioning, deprovisioning, authentication, and access control aligned with organizational security policies and industry standards, ensuring robust identity governance and access management.

2.Lead initiatives to centralize identity and access management across multiple platforms, ensuring scalability and high availability.

15%

Identity & Access Management (IAM)

1.Ensure that IAM processes comply with organizational security policies, industry regulations, Federal NIST recommendations, international standards such as REFEDS, and mandated California and University of California policies.

2.Collaborates with IAM director, IAM Engineer, IT teams and external and internal stakeholders to gather requirements, design, and implement IAM processes and technologies that meet the university's access, entitlement, and security policies and goals.

15%

Identity & Access Management (IAM)

1.Ensures standards and framework compliance by providing well-documented standards, data models, and information system diagrams.

2.Participates in the design and integration review of all critical IAM system designs and provides technical guidance in the selection and implementation processes.

3.Performs regular audits and reviews of user access levels, ensuring compliance with university policies and regulatory requirements, and providing recommendations for improvements.

10%

Identity & Access Management (IAM)

1.Provides guidance to internal and external teams who develop highly complex systems supporting or depending on IAM procedures or frameworks.

2.Investigates and resolves complex access-related issues, working with the appropriate teams to identify root causes and implement corrective actions.

3.Monitors, analyzes, and optimizes IAM system performance and security, recommending improvements and enhancements as necessary.

4.Develops, implements, and maintains security policies, procedures, and guidelines related to IAM, while ensuring alignment with the university's overall security strategy.

5%

Problem Solving

1.Identifies, evaluates, and implements advanced IAM measures to safeguard against emerging threats, ensuring the confidentiality, integrity and availability of IAM data and systems.

2.Perform regular audits of IAM systems to ensure compliance with internal policies and external regulations.

10%

Customer Service

1.Responds to stakeholder inquiries and concerns regarding IAM and security, integrating business requirements to provide clear and concise information and guidance, thereby ensuring alignment with organizational objectives and customer satisfaction.

2.Actively engages with stakeholder to understand their needs and translates their business requirements into IAM functional reequipments and automated processes.

10%

Continuous Improvement

1.Routinely evaluates and improves IAM processes and procedures, utilizing automation and tooling to increase efficiency and accuracy.             

2.Maintains up-to-date knowledge of IAM technologies, trends, and regulatory requirements, and recommends changes to the university's IAM program as needed.

3.Lead continuous assessment of IAM technologies and practices, identifying opportunities for IAM architecture optimization, process and user experience improvement, automation, and enhanced security measures.

4.Monitor the evolving threat landscape and recommend updates or changes to IAM policies and technologies to mitigate potential risks.

10%

Project Planning & Management

1.Manages complex IAM projects, including testing upgrades, security fixes, and other system changes, ensuring successful delivery within scope, budget and timeline.

2.Facilitates collaboration with cross-functional project teams to deliver comprehensive identity data solutions, provisioning, and authentication services. This role involves proactive engagement in complex partner projects, ensuring seamless integration and troubleshooting across various business verticals.

10%

Communications & Training

1.Provide guidance and training to IT staff and business users on IAM policies and best practices.

2.Provides timely communications to stakeholders, technical staff, and management as required. Communicates and report identity and access incidents and issues to university and IT leaders.3.              3.Provides guidance, training, and mentorship to university staff and junior IAM analysts on IAM processes and best practices.

10%

Other

Actively contributes to promoting equity, diversity, and inclusion across the organization and UCLA’s campus. Actively promotes the organization’s core values and consistently integrates innovation, employee fulfillment, teamwork, respect, excellence, integrity, service, and accountability into each aspect of their work. Maintains current knowledge of University policy and procedure; effectively, consistently and fairly applies University policy and/or campus/division procedures for assigned area; complies with University, Campus and division policies and procedures regarding privacy of identity information, authorized use of University resources and the appropriate access to University systems and data. Performs other related responsibilities as requested and when necessary.

5%

•

Performs other duties as assigned.

•

Complies with all policies and standards.

•

Complies with the University of California, Los Angeles (UCLA) Principles of Community.

•

This position description is not intended to be a complete list of all responsibilities, duties or skills required for the job and is subject to review and change at any time, with or without notice, in accordance with the needs of the organization.

QUALIFICATIONS

Bachelor's Degree

Cybersecurity, information technology, computer science, public administration, business administration, communications, or related field, or equivalent combination of experience/training.

Required

Five years

Experience working in one or more of the following fields: IAM, cybersecurity, computer science, computer information systems, or related field.

Required

Advanced experience using identity and access tools and systems in a distributed IT environment

Required

Expert knowledge and experience of IAM principles, technologies, and best practices, including experience with role-based access control (RBAC), attribute-based access control (ABAC).

Required

Expert knowledge and experience of IAM principles, technologies, and best practices, including experience with access governance (IGA), and privileged access management (PAM).

Required

Advanced experience in supporting IT security requirements with identity and access logs and audit records. Expertise relating to the design and development of software across the organization.

Required

Experience working in a project-based environment using leading project management practices including schedule management, status reporting, and communication of project risks and issues.

Required

Experience participating in activities to advance an inclusive environment that values equity, diversity, inclusion and belonging.

Required

Seven or more years

Experience working in one or more of the following fields: IAM, cybersecurity, computer science, computer information systems, etc.

Preferred

Experience in complex higher education environments, serving academic research and administrative functions of a large public university.

Preferred

Demonstrated skills applying secure user authentication and account management standards to vendor provisioning solutions, computer software, and hardware at scale.

Required

Demonstrated skill at administering complex access data based on validated data source systems.

Required

Familiarity with directory services (e.g., Active Directory, LDAP), and authentication and federation (e.g., Single Sign-On (SSO)) technologies, and multi-factor authentication (MFA) solutions.

Required

Demonstrated ability to translate business needs into long-term architecture solutions.

Required

Strong written and verbal communication skills and is able to communicate complex technical ideas to a diverse community of colleagues and stakeholders. Can relay technical information to audiences of technical and non-technical stakeholders.

Required

Able to establish and advance positive working relationships and a strong rapport with a diverse community of colleagues including team members, stakeholders, and customers.

Required

Advanced organizational skills and is able to balance competing priorities and deliver concurrent projects to various stakeholder types.

Required

Advanced problem-solving skills; ability to uncover root of difficult problems and scope solutions based on knowledge of available resources and timelines as well as awareness of vision and strategy. 

Required

Seeks information from multiple and diverse sources to inform solutions. Demonstrated ability to make decisions with integrity.

Required

Thinks creatively and introduces innovations such as the incorporation of new technologies or processes. Thrives in an ever-changing, fast-paced environment.

Required

SPECIAL REQUIREMENTS AND/OR CONDITIONS OF EMPLOYMENT

Background Check: Continued employment is contingent upon the completion of a satisfactory background investigation.

Live Scan Background Check: A Live Scan background check must be completed prior to the start of employment.

LOCATION AND PHYSICAL, ENVIRONMENTAL, MENTAL (PEM) REQUIREMENTS

Environment and Work Location Information

Environment Type:

Non-Clinical Setting

Location Setting:

Campus

Location:

Standing/Walking

X

Sitting

X

Bending/Stooping

X

Squatting/Kneeling

X

Climbing

X

Lifting/Carrying/Push/Pull 0-25 lbs

X

Lifting/Carrying/Push/Pull 26-50 lbs

X

Lifting/Carrying/Push/Pull over 50 lbs

X

Physical requirements other

X

Chemicals, dust, gases, or fumes

X

Loud noise levels

X

Marked changes in humidity or temperature

X

Microwave/Radiation

X

Operating motor vehicles and/or equipment

X

Exposures other

X

Sustained attention and concentration

X

X

Complex problem solving/reasoning

X

X

Ability to organize & prioritize

X

X

Communication skills

X

X

Numerical skills

X

X

Mental demands other

X

X

Classification 3:  Position in which exposure to blood, body fluids or tissues is not part of the position description. The normal routine task involves no exposure to blood, body fluids or tissues and the employee can decline to perform tasks which involve a perceived risk without retribution.