Guilford County, NC
Lead Identity and Access Management Analyst
Guilford County, NC, Greensboro, North Carolina, us, 27497
Salary :
$96,954.00 - $122,162.00 Annually
Location :
301 West Market Street Greensboro, NC
Job Type:
Full Time
Remote Employment:
Flexible/Hybrid
Job Number:
03455
Department:
Information Technology
Opening Date:
10/24/2024
GUILFORD COUNTY GOVERNMENT
Empower
Successful People
to thrive in a
Strong Community
supported by
Quality Government
Transparency & Communication | Equity & Inclusion | Accountability
Service & Outcomes Excellence | Our People Matter
Description
GENERAL STATEMENT OF DUTIESThe Lead Identity and Access Management (IAM) Analyst plays a vital role in assessing, analyzing, developing, maintaining, and improving processes governing the lifecycle of identities and user accounts across various systems and applications. The role involves hands-on technical work, collaboration with cross-functional teams, planning, coordinating and supervising all activities related to the IAM function including the creation, provisioning and deprovisioning of identities across county systems
DISTINGUISHING FEATURES OF THE CLASSThe Lead Identity and Access Management Analyst will work closely with the various departments including but not limited to Internal Audit, Risk Management, and other IT teams, to create and operationalize functional, and scalable, Identity and Access Management policies, guidelines, standards, procedures, and processes. Ensuring that authorized users have the appropriate access to County systems, data, and applications is a core component of the position. In addition, analyzing, improving, and automating current processes for granting and removing access based on the principles of least privilege is a key function of the role. The position is responsible for identifying, evaluating, and participating in the decision-making process for and implementation of new and emerging IAM automation technologies and solutions. This position works under the general direction of the IT Security Manager.
The role involves supervisory responsibilities including leading project teams, mentoring staff, and overseeing the work of IAM initiatives. It requires effective team management skills and the ability to guide and develop less experienced colleagues.
The Lead Identity and Access Management Analyst position is an IT grade 09.Examples of Duties
DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include, but are not limited to:
Manage the selection, deployment and maintenance of IAM tools, solutions and applications deemed appropriate for the organization.Responsible for overseeing the creation, management and maintenance of Active Directory user accounts, as well as phones, tokens, and bypass codes within the county's multi-factor authentication solution.Assign, delegate and support staff in the execution of day-to-day IAM operations and tasks.Coach, mentor and provide guidance to team members and staff with regard to IAM processes and best practices.Serve as the subject matter expert in the following identity related services: IAM, Active Directory, Conditional Access, and Multi-factor Authentication.Plan, execute and manage an IAM capability roadmap and strategy.Design and review new IAM security technologies, processes and procedures to ensure that the appropriate controls and tools are selected and operationalized.Collaborate with key stakeholders to develop IAM standards that iteratively support long term IAM modernization and transformation.Provide analysis and development knowledge for Identity Governance and Administration (IGA), Privilege Access Management (PAM), Single Sign-on (SSO), and/or Multi-Factor Authentication solutions, processes, policies, guidelines, standards, and procedures.Research, develop and build automated processes for the provisioning, deprovisioning of user accounts and assigning Role-Based access.Design, implement, document, and assist in the maintenance of Role-Based Access Control (RBAC) for account provisioning.Develop, implement, perform, and document Periodic Access Reviews for Active Directory, group membership, roles, and access for on-premises, cloud, SaaS and enterprise applications and systems.Provide technical expertise related to Active Directory Users and Computers, workflow automation between Active Directory, Azure Active Directory, Exchange, and Microsoft O365.Work with departments and key stakeholders to create and maintain role-based access controls for user accounts.Ensure account audits and access methods are conducted as required by the IAM program and regulatory requirements. Report any data discrepancies to appropriate personnel.Analyze & understand the risks associated with application security exposures and provide solutions to eliminate or reduce these exposures.Provide multi-factor authentication end-user support, issue management, resolution, assistance with the enrollment process, training, responding to inquiries, identifying, and implementing process improvements.Available to assist in addressing security-related problems and/or incidents; be part of end user on-call support for all in-place security solutions.Perform other related duties as assigned.RECRUITMENT STANDARDS
Knowledge, Skills, and Abilities
Knowledge and experience with MFA, SSO, and Role-based Access Control methods.Knowledge and experience with Active Directory, ADFS, and Azure Active Directory.Knowledge of Cryptography, PKI, Internal/External CA, and Certificate Management.Knowledge and experience with information security best practices.Familiarity with relevant standards and regulations (HIPAA, PCI, CJIS, NIST).Knowledge and Experience with Identity Lifecycle Management, provisioning and decommissioning user accounts, Privileged Access Management, and segregation of duties.Working knowledge of scripting such as PowerShell, Python, Java, JavaScript, PHP, Swift, HTML, CSS, SQL.Excellent troubleshooting skills and ability to identify and resolve issues in a timely manner.Team-oriented and skilled in working within a collaborative environment.
Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models etc.Effective written, oral, and interpersonal communication skills.Excellent comprehensive customer service skills.Ability to think logically, analyze, present ideas clearly, and make sound decisions.Ability to work efficiently, expeditiously, and independently with limited supervision.Ability to organize work in an effective manner and to manage multiple tasks and deadlines.
Typical Qualifications
MINIMUM QUALIFICATIONS
Associate's degree in Information Technology, Computer Science, or closely related field of study and five (5) years of progressively responsible technical systems experience in Information Technologies, with at least half of the years of experience directly related to identity and access management.
Preferred QualificationsFour-year degree in Computer Science, Information Technology, or a closely related field; from an accredited college or university and 3-4 years' experience in Information Security.
Familiarity with NIST Framework for Information Security and Identity and Access Management certifications such as Microsoft Certified: Identity and Access Administrator Associate SC: 300, CIST, CIAM, CIMP or CAMS.
Experience in project management, including leading teams or projects within an IAM environment. Demonstrated ability to supervise, mentor, and guide junior staff members.
*A skills assessment will be administered during the interview process.*I understand that an official copy of my college transcript will be required upon conditional offer of employment.Supplemental Information
CompensationThe full salary range is $96,954.00 (minimum) - $122,162.00 (market rate) - $157,066.00 (maximum). Salary placement will depend on directly related qualifications, with an excellent benefits package.
Click here
for more information about why you should consider working for Guilford County!
The Lead Identity and Access Management Analyst position is an IT grade 09.
Physical DemandsAn employee in this position must be able to physically perform the basic life operational functions of fingering, grasping, talking, hearing, and repetitive motions. The employee must be able to perform sedentary work exerting up to 10 pounds of force to move objects.
Working ConditionsWork consists of the normal office environment and work from home in a Hybrid model. No adverse environmental conditions.
May Require Driving
This position may require driving whether a County owned or personal vehicle to conduct county business such as but not limited to attending conferences, meetings, or any other county related functions. Motor Vehicle Reports may be verified for valid driver's license and that the driving record is compatible with the county's driving criteria. If a personal vehicle is operated for county business proper insurance is maintained as per Guilford County's vehicle use policy.
Special Note:
This generic class description gives an overview of the job class, its essential job functions, and recommended job requirements. However, for each individual position assigned to this class, there is available a completed job description with physical abilities checklist which can be reviewed before initiating a selection process. They can provide additional detailed information on which to base various personnel actions and can assist management in making legal defensible personnel decisions.
Guilford County is committed to providing Equal Employment Opportunity (EEO) to employees and applicants for employment regardless of color, religion, sex, national origin, age, disability, genetic information, sexual orientation or political affiliation. The County is committed to complying with all applicable federal, state and local laws that pertain to employment, and to providing a work environment that is free from discrimination of any kind. If you need an auxiliary aide, make the request forty-eight (48) hours in advance of the time the accommodation is needed by calling 336-641-3324.
We are excited about the opportunity of having you as a prospective new employee!
You probably already know our county is a wonderful county to live in, but did you know it is also a wonderful place to work?
Below are a few of the reasons why we love working for Guilford County.
We offer Health Insurance ( UnitedHealthCare ) to all benefitted employees working a minimum of 20 hours per week. The shared cost of the premium is based on scheduled/budgeted hours. If you are a full-time employee working 40 hours a week you can expect to pay less than $35 a month for medical coverage, dental coverage for $4 a month and vision coverage for $5 a month. That's less than $45 a month for medical, dental & vision coverage; that's unheard of.
Telehealth UHC Virtual Visits are available to you with no copay or out of pocket expense.
We are excited to inform you Guilford County has an
Employee Wellness Center
(24/7 access) with strength training equipment, cardio machines and a group exercise room with virtual or in person coaching from our Wellness Specialist!
Employee Assistance Program , 100% funded by the county. A superb benefit for you and your family absolutely free. Confidential help with personal or work-related issues.
13 paid holidays, 12 sick days, and 12 vacation days a year.
That's 37 paid days a year, totaling almost 2 months of paid time off.
Employer contributes
5% into your 401(k)
- no match required.
Enrollment in the
State Retirement Plan
by contributing 6%.
Longevity pay
beginning at five years of service.
We provide a $10,000
Life and AD&D
benefit to eligible employees.
Flexible spending accounts
(FSA) allow you to set aside tax-free dollars for health care and dependent care.
Voluntary Life, AD&D, Short-Term and Long-Term Disability.
01
Which best describes your level of education?
High schoolAssociate's degreeBachelor's degreeMaster's degree or higher
02
If you have a degree, is the major field of study in Information Technology, Computer Science, or closely related field?
YesNoI do not have a degree
03
Which best describes your years of progressively responsible technical systems experience in Information Technologies, with at least half of the years of experience directly related to identity and access management.
Less than 1 year1 year less than 3 years3 years less than 5 years5 years less than 7 years7 years or more
04
Do you have experience with NIST Cyber Security Framework? (Must in include in application)
YesNo
05
Which certifications do you currently possess?(Select all that apply)
Microsoft CertifiedIdentity and Access Administrator Associate SC: 300CISTCIAMCIMPCAMSI do not have a certification.
06
Please share your experience in project management, including leading teams or projects within an IAM environment?
07
Please share your experience and ability to supervise, mentor, and guide junior staff members.
08
I understand that an official copy of my college transcript will be required upon conditional offer of employment.
YesNo
Required Question
$96,954.00 - $122,162.00 Annually
Location :
301 West Market Street Greensboro, NC
Job Type:
Full Time
Remote Employment:
Flexible/Hybrid
Job Number:
03455
Department:
Information Technology
Opening Date:
10/24/2024
GUILFORD COUNTY GOVERNMENT
Empower
Successful People
to thrive in a
Strong Community
supported by
Quality Government
Transparency & Communication | Equity & Inclusion | Accountability
Service & Outcomes Excellence | Our People Matter
Description
GENERAL STATEMENT OF DUTIESThe Lead Identity and Access Management (IAM) Analyst plays a vital role in assessing, analyzing, developing, maintaining, and improving processes governing the lifecycle of identities and user accounts across various systems and applications. The role involves hands-on technical work, collaboration with cross-functional teams, planning, coordinating and supervising all activities related to the IAM function including the creation, provisioning and deprovisioning of identities across county systems
DISTINGUISHING FEATURES OF THE CLASSThe Lead Identity and Access Management Analyst will work closely with the various departments including but not limited to Internal Audit, Risk Management, and other IT teams, to create and operationalize functional, and scalable, Identity and Access Management policies, guidelines, standards, procedures, and processes. Ensuring that authorized users have the appropriate access to County systems, data, and applications is a core component of the position. In addition, analyzing, improving, and automating current processes for granting and removing access based on the principles of least privilege is a key function of the role. The position is responsible for identifying, evaluating, and participating in the decision-making process for and implementation of new and emerging IAM automation technologies and solutions. This position works under the general direction of the IT Security Manager.
The role involves supervisory responsibilities including leading project teams, mentoring staff, and overseeing the work of IAM initiatives. It requires effective team management skills and the ability to guide and develop less experienced colleagues.
The Lead Identity and Access Management Analyst position is an IT grade 09.Examples of Duties
DUTIES AND RESPONSIBILITIES
Essential duties and responsibilities include, but are not limited to:
Manage the selection, deployment and maintenance of IAM tools, solutions and applications deemed appropriate for the organization.Responsible for overseeing the creation, management and maintenance of Active Directory user accounts, as well as phones, tokens, and bypass codes within the county's multi-factor authentication solution.Assign, delegate and support staff in the execution of day-to-day IAM operations and tasks.Coach, mentor and provide guidance to team members and staff with regard to IAM processes and best practices.Serve as the subject matter expert in the following identity related services: IAM, Active Directory, Conditional Access, and Multi-factor Authentication.Plan, execute and manage an IAM capability roadmap and strategy.Design and review new IAM security technologies, processes and procedures to ensure that the appropriate controls and tools are selected and operationalized.Collaborate with key stakeholders to develop IAM standards that iteratively support long term IAM modernization and transformation.Provide analysis and development knowledge for Identity Governance and Administration (IGA), Privilege Access Management (PAM), Single Sign-on (SSO), and/or Multi-Factor Authentication solutions, processes, policies, guidelines, standards, and procedures.Research, develop and build automated processes for the provisioning, deprovisioning of user accounts and assigning Role-Based access.Design, implement, document, and assist in the maintenance of Role-Based Access Control (RBAC) for account provisioning.Develop, implement, perform, and document Periodic Access Reviews for Active Directory, group membership, roles, and access for on-premises, cloud, SaaS and enterprise applications and systems.Provide technical expertise related to Active Directory Users and Computers, workflow automation between Active Directory, Azure Active Directory, Exchange, and Microsoft O365.Work with departments and key stakeholders to create and maintain role-based access controls for user accounts.Ensure account audits and access methods are conducted as required by the IAM program and regulatory requirements. Report any data discrepancies to appropriate personnel.Analyze & understand the risks associated with application security exposures and provide solutions to eliminate or reduce these exposures.Provide multi-factor authentication end-user support, issue management, resolution, assistance with the enrollment process, training, responding to inquiries, identifying, and implementing process improvements.Available to assist in addressing security-related problems and/or incidents; be part of end user on-call support for all in-place security solutions.Perform other related duties as assigned.RECRUITMENT STANDARDS
Knowledge, Skills, and Abilities
Knowledge and experience with MFA, SSO, and Role-based Access Control methods.Knowledge and experience with Active Directory, ADFS, and Azure Active Directory.Knowledge of Cryptography, PKI, Internal/External CA, and Certificate Management.Knowledge and experience with information security best practices.Familiarity with relevant standards and regulations (HIPAA, PCI, CJIS, NIST).Knowledge and Experience with Identity Lifecycle Management, provisioning and decommissioning user accounts, Privileged Access Management, and segregation of duties.Working knowledge of scripting such as PowerShell, Python, Java, JavaScript, PHP, Swift, HTML, CSS, SQL.Excellent troubleshooting skills and ability to identify and resolve issues in a timely manner.Team-oriented and skilled in working within a collaborative environment.
Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models etc.Effective written, oral, and interpersonal communication skills.Excellent comprehensive customer service skills.Ability to think logically, analyze, present ideas clearly, and make sound decisions.Ability to work efficiently, expeditiously, and independently with limited supervision.Ability to organize work in an effective manner and to manage multiple tasks and deadlines.
Typical Qualifications
MINIMUM QUALIFICATIONS
Associate's degree in Information Technology, Computer Science, or closely related field of study and five (5) years of progressively responsible technical systems experience in Information Technologies, with at least half of the years of experience directly related to identity and access management.
Preferred QualificationsFour-year degree in Computer Science, Information Technology, or a closely related field; from an accredited college or university and 3-4 years' experience in Information Security.
Familiarity with NIST Framework for Information Security and Identity and Access Management certifications such as Microsoft Certified: Identity and Access Administrator Associate SC: 300, CIST, CIAM, CIMP or CAMS.
Experience in project management, including leading teams or projects within an IAM environment. Demonstrated ability to supervise, mentor, and guide junior staff members.
*A skills assessment will be administered during the interview process.*I understand that an official copy of my college transcript will be required upon conditional offer of employment.Supplemental Information
CompensationThe full salary range is $96,954.00 (minimum) - $122,162.00 (market rate) - $157,066.00 (maximum). Salary placement will depend on directly related qualifications, with an excellent benefits package.
Click here
for more information about why you should consider working for Guilford County!
The Lead Identity and Access Management Analyst position is an IT grade 09.
Physical DemandsAn employee in this position must be able to physically perform the basic life operational functions of fingering, grasping, talking, hearing, and repetitive motions. The employee must be able to perform sedentary work exerting up to 10 pounds of force to move objects.
Working ConditionsWork consists of the normal office environment and work from home in a Hybrid model. No adverse environmental conditions.
May Require Driving
This position may require driving whether a County owned or personal vehicle to conduct county business such as but not limited to attending conferences, meetings, or any other county related functions. Motor Vehicle Reports may be verified for valid driver's license and that the driving record is compatible with the county's driving criteria. If a personal vehicle is operated for county business proper insurance is maintained as per Guilford County's vehicle use policy.
Special Note:
This generic class description gives an overview of the job class, its essential job functions, and recommended job requirements. However, for each individual position assigned to this class, there is available a completed job description with physical abilities checklist which can be reviewed before initiating a selection process. They can provide additional detailed information on which to base various personnel actions and can assist management in making legal defensible personnel decisions.
Guilford County is committed to providing Equal Employment Opportunity (EEO) to employees and applicants for employment regardless of color, religion, sex, national origin, age, disability, genetic information, sexual orientation or political affiliation. The County is committed to complying with all applicable federal, state and local laws that pertain to employment, and to providing a work environment that is free from discrimination of any kind. If you need an auxiliary aide, make the request forty-eight (48) hours in advance of the time the accommodation is needed by calling 336-641-3324.
We are excited about the opportunity of having you as a prospective new employee!
You probably already know our county is a wonderful county to live in, but did you know it is also a wonderful place to work?
Below are a few of the reasons why we love working for Guilford County.
We offer Health Insurance ( UnitedHealthCare ) to all benefitted employees working a minimum of 20 hours per week. The shared cost of the premium is based on scheduled/budgeted hours. If you are a full-time employee working 40 hours a week you can expect to pay less than $35 a month for medical coverage, dental coverage for $4 a month and vision coverage for $5 a month. That's less than $45 a month for medical, dental & vision coverage; that's unheard of.
Telehealth UHC Virtual Visits are available to you with no copay or out of pocket expense.
We are excited to inform you Guilford County has an
Employee Wellness Center
(24/7 access) with strength training equipment, cardio machines and a group exercise room with virtual or in person coaching from our Wellness Specialist!
Employee Assistance Program , 100% funded by the county. A superb benefit for you and your family absolutely free. Confidential help with personal or work-related issues.
13 paid holidays, 12 sick days, and 12 vacation days a year.
That's 37 paid days a year, totaling almost 2 months of paid time off.
Employer contributes
5% into your 401(k)
- no match required.
Enrollment in the
State Retirement Plan
by contributing 6%.
Longevity pay
beginning at five years of service.
We provide a $10,000
Life and AD&D
benefit to eligible employees.
Flexible spending accounts
(FSA) allow you to set aside tax-free dollars for health care and dependent care.
Voluntary Life, AD&D, Short-Term and Long-Term Disability.
01
Which best describes your level of education?
High schoolAssociate's degreeBachelor's degreeMaster's degree or higher
02
If you have a degree, is the major field of study in Information Technology, Computer Science, or closely related field?
YesNoI do not have a degree
03
Which best describes your years of progressively responsible technical systems experience in Information Technologies, with at least half of the years of experience directly related to identity and access management.
Less than 1 year1 year less than 3 years3 years less than 5 years5 years less than 7 years7 years or more
04
Do you have experience with NIST Cyber Security Framework? (Must in include in application)
YesNo
05
Which certifications do you currently possess?(Select all that apply)
Microsoft CertifiedIdentity and Access Administrator Associate SC: 300CISTCIAMCIMPCAMSI do not have a certification.
06
Please share your experience in project management, including leading teams or projects within an IAM environment?
07
Please share your experience and ability to supervise, mentor, and guide junior staff members.
08
I understand that an official copy of my college transcript will be required upon conditional offer of employment.
YesNo
Required Question