Access and Identity Analyst - Jobs in Vancouver, BC

Job Description

Staff - Non UnionJob CategoryM&P - AAPSJob ProfileAAPS Salaried - Information Systems and Technology, Level CJob TitleAccess and Identity AnalystDepartmentOCIO | Identity & Access ManagementCompensation Range$5,790.42 - $8,341.58 CAD MonthlyPosting End DateJune 3, 2021Note: Applications will be accepted until 11:59 PM on the day prior to the Posting End Date above.Job End DateMay 31, 2023Job SummaryThe Access and Identity Analyst develops, implements and manages user account and access administration processes in accordance with Information Security regulations, policies and service management best practices. The incumbent acts as a Subject Matter Expert to UBC IT and the Office of the CIO, coordinates operational activities, and provides senior user account and access management support and consultation. Acts as Tier 2 and responds to escalations, inquiries, or investigations for supported systems and services. Provides after-hours on-call support on a rotational basis.Organizational StatusThe Identity and Access Management Function is a combination of business process management and the technology used to manage data on IT systems and applications about users. The managed data includes user objects, identity attributes, security entitlements and authentication attributes.As UBC’s user community continues to grow outside its traditional organizational boarders so does the complexity of the user ecosystem and the need to bolster information security controls.This position reports to Manager, Identity and Access Management (IAM). Works independently and jointly within the IAM team. Collaborates with management and staff from all sections of Information Technology, Cybersecurity, other administrative and academic offices, and faculty to coordinate application support. Interacts directly with other University technology professionals.Work PerformedConsults with users on present or proposed business procedures, problems, and requirements in order to define systems needs and streamline system workflow.Supports the monitoring and analysis of systems issues and contributes to recommendations for all systems supported infrastructure as part of regular operations.Prepares documentation and definitions of system specific dependencies to assist in problem analysis including user and technical manuals.Contributes to the development of best practices, standards, procedures and quality objectives across systems infrastructure or platforms.Leads coordination in resolving identity issues with CWL accounts and affiliated identifiers. Reviews IAM’s account populations identifying issues that conflict with UBC’s security and entitlement policies.Assists in the management of responses to breaches or violations of secure access and privacy policy or regulation.Contributes and provides input on the analysis and review of functional requirements, system features, integration requirements, security requirements, and scalability and performance requirements.Contributes to the ongoing planning and analysis of systems enhancements in support of current or new enterprise services. Participates in committees as required on behalf of UBC IT. Maintains communication and develops relationships with the user community in order to develop a sound knowledge of their business and their priorities. Develops recommendations and presents options for improvements and efficiency.Investigates and remains current with industry technology trends in the Information Security and IAM technologies field such as: Privileged Access Management, Multi-Factor Authentication, Business to Consumer, Business to Workforce, IAM program management, SIEM, systems development methodologies, web-services, and applications middleware.Provides second Tier operational support for production systems including troubleshooting system problem reports, resolving issues with production systems, defining operational support processes, patching systems and applications, documenting and reporting problems, and providing end user support as required.Assists with design, implementation, and support of IAM identity stores and log analysis.Develops expertise in the functionality of vendor product(s) andworks directly with the vendor's technical support centre in order to resolve product issues.Assists in the development of scripts to automate and improve processes, monitor servers, extract and convert data.Reviews, and provides recommendations to improve, support processes and methods of support delivery in order to provide technically accurate solutions to customers and to improve customer satisfaction. Assists with development of sound business continuity and disaster recovery plans for applications as part of the project delivery.Performs data analysis in preparation for conversion and clean up. Develops and/or prepares conversion programs and procedures; assists with conversion functions.Maintains appropriate professional designations and up-to-date knowledge of current information technology techniques and tools.Performs other related duties as required.Consequence of Error/JudgementInformation Technology plays a key role in enabling the University to achieve its goal of becoming one of the world's leading universities. The services supported by Information Technology require reliable application systems in order to provide critical functions that support all students, faculty and staff. These systems must be available on a 7x24 basis.Decisions and actions taken by the Access and Identity Analyst will have a direct impact on how efficiently and effectively the systems will perform and function. Errors in judgment, poor analysis, or failure to act decisively could have a detrimental effect on these systems. Unreliable systems or failure to meet contractual obligations for performance and availability will damage the reputation of Information Technology and UBC. This could adversely impact the University community, including the large majority of students, faculty and staff, and could have a negative impact on productivity, funding and revenue.Supervision ReceivedWorks under the general direction of Manager, Identity and Access Management and under the daily direction of Application Architects or senior technical staff as assigned. The Access and Identity Analyst must be able to work independently as well as contribute actively and collaborate openly as a team member.Supervision GivenMay mentor new members of the IAM team, and other resources who assist with application support and maintenance. May oversee the deliverables assigned to Contractors.Minimum QualificationsUndergraduate degree in a relevant discipline. Minimum of three years of related experience, or the equivalent combination of education and experience.Preferred QualificationsSolid knowledge and experience in identity management systems and securityExperience with CyberArk Privileged Access Management platform and integrations.Manage Duo MFA token workflows; troubleshoot emergent situations with user’s MFA devices and MFA protocols (OATH, U2F, WebAuthn, etc.).Administrate account and security groups within MS Active Directory and RedHat 389 Directory using Powershell and Python.Administrate Sailpoint IdentityIQ platform identities, roles, and entitlements. Ability to perform identity merges and role reconciliation.Experience with Azure and AWS identity management.Troubleshooting knowledge of Shibboleth Identity Provider.Significant experience focusing on IT system operationsCyberArk Privileged Access Management performing password rotations, password malfunctions, account creations, account changes, application integrations, creating password vaults, and developing PAM policies.Provide operational administration support for the DUO MFA proxies and self-service site.Write scripts to automate processes using scripting languages (Python, Bash, Powershell).Setup, manage, and query logging, monitoring, and anti-malware products, such as rsyslog, logstash, nagios, monit, AMP, etc.Experienced working with stakeholders and service ownersCommunicate complex technical and business issues in both precise technical terms and approachable plain language.Troubleshoot confidential personal identity account issues in time-sensitive, high-value situations on the phone, via email, and through the ServiceNow ticketing system.Synthesizing technical knowledge or resolved incidents into processes and KB articles, and liaise with UBC ITSCISCSISC teams to transition support for known issues to Tier-1.Knowledge of SaaS applications and security frameworkFamiliarity with other IAM services and related technologies such OracleSQL, CAS, Cisco AnyConnect, VMWare vSphere, Enhanced CWL (Multi-factor Authentication), Privileged Access Management, etc. a plus.Ability to take initiative and work with limited direction.Ability to effectively manage multiple tasks and priorities and work under pressure to meet time-sensitive and mission critical deadlines.CompetenciesCollaboration - Takes initiative to actively participate in team interactions. Without waiting to be asked, constructively expresses own point of view or concerns, even when it may be unpopular. Ensures that the limited time available for collaboration adds significant customer value and business results.Communication for Results - Converses with, and writes to, peers in ways that support transactional and administrative activities. Seeks and shares information and opinions. Explains the immediate context of the situation, asks questions with follow-ups, and solicits advice prior to taking action.Problem Solving - Investigates defined issues with uncertain cause. Solicits input in gathering data that help identify and differentiate the symptoms and root causes of defined problems. Suggests alternative approaches that meet the needs of the organization, the situation, and those involved. Resolves problems and escalates issues with suggestions for further investigation and options for consideration as required.Accountability - Checks assumptions about mutual expectations and clarifies standards of overall performance. Checks the scope of responsibilities of self and others. Monitors day-to-day performance and takes corrective action when needed to ensure desired performance is achieved.Information Systems Knowledge - Possesses a basic understanding of the strategy, structures, processes, and procedures of the enterprise in its relationship with the business and its activities. Troubleshoots in response to requests for technical support. Identifies problems and needs. Escalates problems to appropriate technical experts.Initiative - Volunteers to undertake tasks that stretch his or her capability. Identifies who can provide support and procures their input. Identifies problems and acts to prevent and solve them.