Sr Identity and Access Management Analyst
Listed on 2026-07-08
-
IT/Tech
Cybersecurity, Information Security
Company Overview
CB&I delivers integrated storage and asset‑management solutions that help customers operate safely, reliably, and efficiently across the lifecycle of their facilities. Through our two global business units - Storage Solutions, the world leader in tanks, terminals, and storage systems, and Asset Solutions, a leading provider of operations, management, wells and decommissioning services - we combine technical excellence with execution capability to extend asset life, optimize performance, and maximize value.
OverviewThe Senior Identity and Access Management (IAM) Analyst is responsible for ensuring the right people securely access the right company data and systems. The incumbent will support and mature Identity and Access Management (IAM) capabilities across the enterprise by designing, implementing, and maintaining IAM‑enabled access management practices that strengthen internal controls, support audit readiness, and enable efficient, scalable business operations.
This position is an Individual Contributor role. The role directly reports to the Director of Cybersecurity and routinely interacts with Global IT, Project Management, Engineering, Legal, and Risk Management.
Responsibilities- Serve as a subject matter expert for IAM and SOX logical access controls across financial systems.
- Administer and optimize IAM‑based access governance, including provisioning workflows, lifecycle management, group structures, and access certifications.
- Design and maintain scalable IAM frameworks aligned to least privilege, RBAC, segregation of duties (SoD), and SOX compliance requirements.
- Execute and support SOX logical access controls, including provisioning, modifications, terminations, privileged access management, and user access reviews (UARs).
- Partner with system owners and business stakeholders to validate the appropriateness and alignment of access with business responsibilities.
- Maintain strong access governance controls by proactively reviewing and remediating access risks, including excessive access, orphaned accounts, stale memberships, and SoD conflicts.
- Support audit readiness through documentation, evidence preparation, remediation tracking, and control support activities.
- Collaborate on system implementations and enhancements to ensure IAM controls are embedded, scalable, and supportable.
- Drive continuous improvement and automation opportunities across IAM governance and access management processes.
- Manage end‑to‑end identity lifecycle processes (joiner, mover, leaver) for employees, contractors, and project‑based users.
- Provision and deprovision access across enterprise systems, engineering applications, and project platforms (e.g., JD Edwards, Autodesk platforms).
- Maintain and support identity repositories including Microsoft Entra (Azure AD) and on‑premises Active Directory.
- Perform and support user access reviews, certifications, and remediation activities.
- Implement and support authentication mechanisms including SSO, MFA, and conditional access policies.
- Collaborate on IAM platform configuration, integrations, and enhancements (e.g., SailPoint, Okta, Microsoft Entra , Cyber Ark).
- Automate provisioning workflows to improve efficiency and reduce manual processes.
- Integrate IAM controls with cloud platforms (Azure, AWS) and SaaS applications, including federation and role mapping.
- Provide guidance, training, and mentoring to IT staff and business stakeholders.
- Bachelor’s Degree in Information Technology, Cybersecurity, or related field.
- Industry certifications such as: CISSP or CISM;
Microsoft SC‑300 (Identity and Access Administrator) or other relevant IAM or security certifications - 10+ Years of Information Technology experience.
- 5+ years of hands‑on experience in IAM, IT security, or infrastructure roles.
- Strong hands‑on experience with enterprise IAM platforms such as Microsoft Entra , Okta, SailPoint, or equivalent.
- Demonstrated hands‑on experience implementing and managing authentication, authorization, and federation technologies including SSO, MFA, SAML, OAuth 2.0, OpenID Connect, and directory services such as Active Directory and LDAP.
- Demonstrated hands‑on experience…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).