Engineer, Identity & Access Governance

Job Description

Description

This position is ideal for mid-level to join the Technology Governance, Risk & Compliance (TechGRC) team within Information Security as an Engineer, Identity & Access Governance (IAG), assisting to govern and secure user identities and access to systems and applications across the organization. Partnering with cross-functional teams including other Information Security teams and Information Technology, you'll provide guidance and oversight to ensure individuals have appropriate access to the right resources and information while maintaining compliance with internal policies and external regulations. This role is crucial in ensuring our organization's information and systems are continuously protected through comprehensive identity and access controls.

Role expectations

Identity Federation & Lifecyle Management: Assist in the management of identity federation services and identity lifecycle workflows.

Role-Based Access Control (RBAC): Coordinate role-based access entitlement definition, controls and reviews, ensuring alignment with organizational structures, business needs and work duties.

User Access Governance: Coordinate user access controls, including provisioning, de-provisioning, and maintaining user entitlements across various systems and applications. Assist technology teams with the onboarding into single sign-on (SSO) to streamline user authentication and access.

Privileged User Access Governance: Conduct regular privileged access reviews, ensuring that privileged user access is appropriate based on roles, responsibilities, and compliance requirements.

Non-human Account Governance: Review categorization and ownership of non-human accounts, ensuring accuracy and mapping with CMDB. Monitor and coordinate secret rotations with IT teams.

Monitoring Control & Compliance: Ensure continuous operational enforcement of identity and access management (IAM) policies, procedures, and compliance with regulatory requirements. Conduct periodic control design and operating assessments to identity improvement areas.

Phishing-resistant MFA: Ensure timely user onboarding into Passwordless sign-in, Device Conditional Access and Windows Hello for Business with phishing-resistant MFA methods. Actively monitor onboarding and report progress update with high accuracy and relevant breakdowns such as region, entity, methods.

Project Management: Review project questionnaire and documentation, ensuring alignment with identity & access policies and standards. Track implementations until completion.

Guidance & Awareness: Develop guidelines to onboard end-users into standard practices and tools such as Passwordless and Windows Hello.

Documentation & Reporting: Create effective documentation on identity & access governance policies, procedures, standards, controls, and configurations. Produce periodic reports with key metrics on governance activities, monitoring controls, usage patterns and compliance status. Provide insights for ongoing improvements in security posture.

Service Delivery: Process service requests as per defined service levels (on-time, on-quality) in partnership with key stakeholders.

Collaboration & Communication: Work closely with IT, Information Security, HR, and business units to ensure seamless identity & access lifecycle management.

Continuous Improvement: Stay up-to-date with emerging trends, tools, and good practices in identity & access management. Propose improvements on processes, controls, technologies and tools.

Other duties as assigned to meet business needs, contribute to broader projects and support colleagues.

What we're looking for

Education: Bachelor's degree or equivalent work experience.

Experience: 5+ years' working experience ideally in information security or information technology.

Communication: Presentation and communication skills.

Analytical Skills: Ability to analyze security challenges and propose actionable solutions.

Problem Solving: Ability to address and resolve issues in identity and access governance.

Teamwork: Strong ability to work both collaboratively and independently achieving some of the goals set with little guidance.

Project Management: Ability to collaborate in multiple projects, priorities, and deadlines in a fast-paced environment.

Strong English-speaking skills with experience working at a global company.

Understanding of the Microsoft 365 suite of tools relating to managing user identities, entitlement and accesses.

Solid understanding of IAM concepts, RBAC, SSO, MFA, least privilege, segregation of duty and need to know principles, and security frameworks.

Certifications: Certified Identity Management Professional (CIMP), or other related credentials are a plus.

Pay Transparency

If provided, base salary or wage rate ranges are the range in which Align reasonably expects to set a candidate’s pay for the posted position. Actual placement depends on the individual skills and experience level of a candidate plus the total compensation and equity across team members. For other locations outside of the primary location, the base salary range will be adjusted geographically.

For Field Sales roles, the salary listed is the base pay only and does not include the applicable incentive compensation plan. A cost of living adjustment may be added to base pay for higher cost areas in the U.S.

Our internship hourly rates are a standard pay determined based on the position and your location, year in school, degree, and experience.

Full-time