MCPNew: now works with Claude & AI assistants
cbi

cbi

Sr Identity and Access Management Analyst

Company

cbi

Role

Sr Identity and Access Management Analyst

Location

The Woodlands, Texas, US

Job type

Full-time

Found on Mokaru

2 days ago

Share this job

Salary

Not disclosed by employer

Job description

Company Overview

CB&I delivers integrated storage and asset‑management solutions that help customers operate safely, reliably, and efficiently across the lifecycle of their facilities. Through our two global business units - Storage Solutions, the world leader in tanks, terminals, and storage systems, and Asset Solutions, a leading provider of operations, management, wells and decommissioning services - we combine technical excellence with execution capability to extend asset life, optimize performance, and maximize value.

Overview

The Senior Identity and Access Management (IAM) Analyst is responsible for ensuring the right people securely access the right company data and systems. The incumbent will support and mature Identity and Access Management (IAM) capabilities across the enterprise by designing, implementing, and maintaining IAM-enabled access management practices that strengthen internal controls, support audit readiness, and enable efficient, scalable business operations.

This position is an Individual Contributor role. The role directly reports to the Director of Cybersecurity and routinely interacts with Global IT, Project Management, Engineering, Legal, and Risk Management.

Responsibilities

  • Serve as a subject matter expert for IAM and SOX logical access controls across financial systems.
  • Administer and optimize IAM-based access governance, including provisioning workflows, lifecycle management, group structures, and access certifications.
  • Design and maintain scalable IAM frameworks aligned to least privilege, RBAC, segregation of duties (SoD), and SOX compliance requirements.
  • Execute and support SOX logical access controls, including provisioning, modifications, terminations, privileged access management, and user access reviews (UARs).
  • Partner with system owners and business stakeholders to validate the appropriateness and alignment of access with business responsibilities.
  • Maintain strong access governance controls by proactively reviewing and remediating access risks, including excessive access, orphaned accounts, stale memberships, and SoD conflicts.
  • Support audit readiness through documentation, evidence preparation, remediation tracking, and control support activities.
  • Collaborate on system implementations and enhancements to ensure IAM controls are embedded, scalable, and supportable.
  • Drive continuous improvement and automation opportunities across IAM governance and access management processes.
  • Manage end-to-end identity lifecycle processes (joiner, mover, leaver) for employees, contractors, and project-based users.
  • Provision and deprovision access across enterprise systems, engineering applications, and project platforms (e.g., JD Edwards, Autodesk platforms).
  • Maintain and support identity repositories including Microsoft Entra ID (Azure AD) and on-premises Active Directory.
  • Perform and support user access reviews, certifications, and remediation activities.
  • Implement and support authentication mechanisms including SSO, MFA, and conditional access policies.
  • Collaborate on IAM platform configuration, integrations, and enhancements (e.g., SailPoint, Okta, Microsoft Entra ID, CyberArk).
  • Automate provisioning workflows to improve efficiency and reduce manual processes.
  • Integrate IAM controls with cloud platforms (Azure, AWS) and SaaS applications, including federation and role mapping.
  • Provide guidance, training, and mentoring to IT staff and business stakeholders.

Qualifications

  • Bachelor’s Degree in Information Technology, Cybersecurity, or related field.
  • Industry certifications such as: CISSP or CISM; Microsoft SC-300 (Identity and Access Administrator) or other relevant IAM or security certifications
  • 10+ Years of Information Technology experience.
  • 5+ years of hands-on experience in IAM, IT security, or infrastructure roles.
  • Strong hands-on experience with enterprise IAM platforms such as Microsoft Entra ID, Okta, SailPoint, or equivalent.
  • Demonstrated hands-on experience implementing and managing authentication, authorization, and federation technologies including SSO, MFA, SAML, OAuth 2.0, OpenID Connect, and directory services such as Active Directory and LDAP.
  • Demonstrated hands-on experience applying and supporting identity security principles and best practices including Zero Trust Architecture, adaptive authentication, conditional access policies, segregation of duties (SoD), and identity threat detection and response.
  • Demonstrated hands-on experience supporting cloud and hybrid identity architectures across platforms such as Azure AD (Entra ID), AWS IAM, and GCP IAM, including integration with on-premises environments.
  • Hands-on experience with access governance, SoD enforcement, and audit/compliance processes.
  • Strong analytical, problem-solving, and communication skills.
  • Experience in Engineering, Procurement, and Construction (EPC) or industrial environments is desired.
  • Scripting or automation experience (PowerShell, Python).

Skills and Behaviors

  • In addition to providing IAM technical leadership, build and nurture strong partnerships across business, application teams, security, HR, and infrastructure, consistently aligning identity strategies to the organization’s vision, core values, and security principles.
  • Strong assessment and analytical expertise to interpret identity governance reports, access certifications, and security monitoring outputs to proactively identify risks, access anomalies, and control gaps, implementing corrective actions before impacting operations.
  • Strong knowledge of identity and access management concepts including Identity Lifecycle Management (Joiner, Mover, Leaver), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and least privilege access design.
  • In-depth understanding of authentication, authorization, and federation technologies including SSO, MFA, SAML, OAuth 2.0, OpenID Connect, and directory services such as Active Directory and LDAP.
  • Strong knowledge of privileged access management (PAM), identity governance and administration (IGA) platforms (e.g., SailPoint, Saviynt, Microsoft Entra ID), and access certification processes.
  • Strong understanding of identity security principles and best practices including Zero Trust Architecture, adaptive authentication, conditional access policies, segregation of duties (SoD), and identity threat detection and response.
  • Strong working knowledge of cloud and hybrid identity architectures across platforms such as Azure AD (Entra ID), AWS IAM, and GCP IAM, including integration with on-premises environments.
  • Solid understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, SOX, HIPAA) as they apply to identity governance, audit readiness, and compliance controls.
  • Solid understanding of encryption technologies and secure credential management including key management, secrets handling, and certificate-based authentication.
  • Strong knowledge of IAM automation and scripting using tools such as PowerShell, Python, and APIs to streamline provisioning, deprovisioning, and access workflows.
  • Familiarity with:
  • Identity analytics and identity threat detection tools
  • SOAR and SIEM integrations for identity monitoring
  • Zero Trust and Identity Security Posture Management (ISPM)
  • Cloud-native identity services and Saas integrations
  • Understanding of risk scoring models, access review methodologies, and industry frameworks related to identity security (e.g., NIST 800-63, MITRE ATT&CK for credential access).
  • Familiarity with enterprise systems such as ERP platforms, engineering tools, and project systems.
  • Must have excellent organizational, project management, and communication skills with the ability to manage multiple IAM initiatives and priorities effectively.
  • Leverages strong communication and collaboration skills to work with global stakeholders across security, IT, audit, and business units to resolve complex identity and access issues.
  • Ability to perform peer reviews of IAM configurations, policies, workflows, and documentation to ensure accuracy, compliance, and adherence to best practices.
  • Possesses strong verbal and written communication skills in English, with demonstrated ability to translate complex IAM concepts to all levels of the organization, including executives, auditors, engineers, and subject matter experts.
  • Serve as a subject matter expert for IAM and SOX logical access controls across financial systems.
  • Administer and optimize IAM-based access governance, including provisioning workflows, lifecycle management, group structures, and access certifications.
  • Design and maintain scalable IAM frameworks aligned to least privilege, RBAC, segregation of duties (SoD), and SOX compliance requirements.
  • Execute and support SOX logical access controls, including provisioning, modifications, terminations, privileged access management, and user access reviews (UARs).
  • Partner with system owners and business stakeholders to validate the appropriateness and alignment of access with business responsibilities.
  • Maintain strong access governance controls by proactively reviewing and remediating access risks, including excessive access, orphaned accounts, stale memberships, and SoD conflicts.
  • Support audit readiness through documentation, evidence preparation, remediation tracking, and control support activities.
  • Collaborate on system implementations and enhancements to ensure IAM controls are embedded, scalable, and supportable.
  • Drive continuous improvement and automation opportunities across IAM governance and access management processes.
  • Manage end-to-end identity lifecycle processes (joiner, mover, leaver) for employees, contractors, and project-based users.
  • Provision and deprovision access across enterprise systems, engineering applications, and project platforms (e.g., JD Edwards, Autodesk platforms).
  • Maintain and support identity repositories including Microsoft Entra ID (Azure AD) and on-premises Active Directory.
  • Perform and support user access reviews, certifications, and remediation activities.
  • Implement and support authentication mechanisms including SSO, MFA, and conditional access policies.
  • Collaborate on IAM platform configuration, integrations, and enhancements (e.g., SailPoint, Okta, Microsoft Entra ID, CyberArk).
  • Automate provisioning workflows to improve efficiency and reduce manual processes.
  • Integrate IAM controls with cloud platforms (Azure, AWS) and SaaS applications, including federation and role mapping.
  • Provide guidance, training, and mentoring to IT staff and business stakeholders.
  • Bachelor's Degree in Information Technology, Cybersecurity, or related field.
  • Industry certifications such as: CISSP or CISM; Microsoft SC-300 (Identity and Access Administrator) or other relevant IAM or security certifications
  • 10+ Years of Information Technology experience.
  • 5+ years of hands-on experience in IAM, IT security, or infrastructure roles.
  • Strong hands-on experience with enterprise IAM platforms such as Microsoft Entra ID, Okta, SailPoint, or equivalent.
  • Demonstrated hands-on experience implementing and managing authentication, authorization, and federation technologies including SSO, MFA, SAML, OAuth 2.0, OpenID Connect, and directory services such as Active Directory and LDAP.
  • Demonstrated hands-on experience applying and supporting identity security principles and best practices including Zero Trust Architecture, adaptive authentication, conditional access policies, segregation of duties (SoD), and identity threat detection and response.
  • Demonstrated hands-on experience supporting cloud and hybrid identity architectures across platforms such as Azure AD (Entra ID), AWS IAM, and GCP IAM, including integration with on-premises environments.
  • Hands-on experience with access governance, SoD enforcement, and audit/compliance processes.
  • Strong analytical, problem-solving, and communication skills.
  • Experience in Engineering, Procurement, and Construction (EPC) or industrial environments is desired.
  • Scripting or automation experience (PowerShell, Python).
Resume ExampleCover Letter Example