Identity/Access Management Analyst II

If you are looking to make an impact on a meaningful scale, come join us as we embrace the Power of One!

We strive to be an employer of choice and establish a reputation for being a talent rich organization where Associates can grow their career caring for others. For over a century, we’ve served the health care needs of the people of Memphis and the Mid-South.

The IAM Analyst II is an experienced member of the Identity and Access Management team that reports directly to the IAM Manager. This role acts as a subject matter expert and escalation point for IAM-related issues and initiatives. The IAM Analyst II is responsible for more complex identity governance activities, access provisioning architecture, role modeling, access certification, integration of enterprise systems, and user lifecycle management. The analyst will lead projects and initiatives that directly support the organization's zero trust architecture and regulatory compliance requirements. The ideal candidate has a technical background and possesses 4-6 years of experience in technology and security administration across large heterogeneous networks, including third-party entities. The IAM Analyst II works closely with teammates and other departments to establish and manage a process of enterprise-wide identities and access controls granted to systems and applications. The analyst uses IAM tools and platforms to support and manage provisioning, de-provisioning and exception changes, ensuring they are clearly tracked, reported and reviewed according to established policies. Daily, the analyst verifies solutions are healthy, tightly managed and performing optimally to prevent unauthorized access. The IAM Analyst II will provide L2 support for relevant IAM issues submitted via the ServiceNow ticketing system. To be successful, the analyst must have a good understanding of security principles and practical hands-on experience with host and application configurations, on and off-premise solutions, directory services, and zero trust principles. This position requires a strong technical background, deep understanding of identity security concepts, and the ability to engage confidently with end users, business leaders, and IT teams. The IAM Analyst II must demonstrate ownership, collaboration, and accountability in a remote work environment with high autonomy and visibility. It is a priority that the individual while working remotely be on time, visible online in MS Teams, be responsive and be ready to join ad hoc meetings. This role will also include being a part of an after-hours on-call rotation. The IAM Analyst II must possess a high degree of integrity, trustworthiness, and confidence and represent the MLH and the management team with the highest level of professionalism, while modeling appropriate behavior as exemplified in MLH Mission, Vision and Values.

Working at MLH means carrying the mission forward of caring for our community and impacting the lives of patients in every way through compassion, a deliberate focus on service expectations and a consistent thriving for excellence.

A Brief Overview
The IAM Analyst II is an experienced member of the Identity and Access Management team that reports directly to the IAM Manager. This role acts as a subject matter expert and escalation point for IAM-related issues and initiatives. The IAM Analyst II is responsible for more complex identity governance activities, access provisioning architecture, role modeling, access certification, integration of enterprise systems, and user lifecycle management. The analyst will lead projects and initiatives that directly support the organization's zero trust architecture and regulatory compliance requirements. The ideal candidate has a technical background and possesses 4-6 years of experience in technology and security administration across large heterogeneous networks, including third-party entities.

The IAM Analyst II works closely with teammates and other departments to establish and manage a process of enterprise-wide identities and access controls granted to systems and applications. The analyst uses IAM tools and platforms to support and manage provisioning, de-provisioning and exception changes, ensuring they are clearly tracked, reported and reviewed according to established policies. Daily, the analyst verifies solutions are healthy, tightly managed and performing optimally to prevent unauthorized access. The IAM Analyst II will provide L2 support for relevant IAM issues submitted via the ServiceNow ticketing system. To be successful, the analyst must have a good understanding of security principles and practical hands-on experience with host and application configurations, on and off-premise solutions, directory services, and zero trust principles.

This position requires a strong technical background, deep understanding of identity security concepts, and the ability to engage confidently with end users, business leaders, and IT teams. The IAM Analyst II must demonstrate ownership, collaboration, and accountability in a remote work environment with high autonomy and visibility. It is a priority that the individual while working remotely be on time, visible online in MS Teams, be responsive and be ready to join ad hoc meetings. This role will also include being a part of an after-hours on-call rotation. The IAM Analyst II must possess a high degree of integrity, trustworthiness, and confidence and represent the MLH and the management team with the highest level of professionalism, while modeling appropriate behavior as exemplified in MLH Mission, Vision and Values.

What you will do

• When necessary, assist with responsibilities of IAM Analyst I.
• Serve as L2 escalation point for IAM support, troubleshooting complex issues and providing guidance to junior team members.
• Implement identity controls and settings that align with policies and governance structure.
• Work closely with security leadership, teammates, and stakeholders to evaluate and implement access models that align with organizational risk posture.
• Ensure authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests, ensuring consistent application of access principles, and recommending improvements. Perform system access audits and monitor system usage for policy compliance.
• Lead identity-related projects, including system integrations, RBAC/ABAC design, and automation initiatives.
• Design, implement, and maintain access certification campaigns, joiner/mover/leaver workflows, and privilege reviews.
• Collaborate with IT, HR, and application owners to define and maintain IAM policies and provisioning logic.
• Analyze and refine user roles and entitlements to improve security and simplify access requests.
• Represent the IAM team in cross-functional meetings, communicating effectively with business units and leadership.
• Conduct regular audits and reconcile entitlements to ensure appropriate access.
• Develop documentation for processes, standards, and runbooks.
• Identify opportunities for automation and efficiency improvements within IAM workflows.
• Support incident investigations involving identity misuse or inappropriate access.
• Collect key performance indicators and related operational metrics, and track SLAs used to validate success as well as future areas of improvement.
• Escalate issues when required.

Education Qualifications

• High School Diploma or Equivalent
• Bachelor's Degree Computer sciences
• Bachelor's Degree Business Administration/Management
• Bachelor's Degree Healthcare Administration

Experience Qualifications

• 3-5 years Identity and Access Management Must have at least four (4) years of experience in Identity and Access Management using modern toolsets. Must have familiarity with administering directory services, Windows and Azure AD, SSO, MFA, and role-based access controls (RBAC).
• Preferred: Experience in healthcare or heavily regulated industry. Experience with one or more scripting languages (e.g, Python, Java, Powershell, Bash)

Skills and Abilities

• Ability to assess a situation, seek multiple perspectives, and, if necessary, gather more information to arrive at an appropriate solution.
• Be able to listen effectively and decompose complex technical issues and be able to articulate root cause to non-technical customers.
• Understand process improvement by reviewing current processes and using judgment and experience to recommend new and innovative processes.
• Knowledge of current cybersecurity technologies, practices, and standards (e.g., NIST, ISO) and their relationship to IAM
• Advanced experience with IAM technologies, including IGA platforms (e.g., Sailpoint), PAM (e.g., CyberArk), MFA, and SSO solutions.
• Proficient in identity lifecycle processes, RBAC design, and role engineering.
• Extensive experience working with Active Directory, Azure AD, and federated identity models.
• Advanced understanding of identity vs. authentication vs. access control elements and how they work together.
• Extensive experience administering IAM systems, access controls, security and risk management, and security governance fundamentals.
• Ideally familiar with one or more regulatory requirements and laws such as HIPAA or PCI. Additionally, experience in NIST preferred.
• Preferable experience with one or more scripting languages (e.g., Python, Java, Powershell, Bash)
• Ability to manage time and tasks in a rapidly changing and fast paced environment.
• Strong written and oral communication skills across varying levels of the organization.
• Ability to communicate with end users, vendors, and management effectively and ability to document procedures and processes.

Licenses and Certifications

• Preferred: Certified Information Security Manager - Information Systems Audit and Control Association
• Preferred: Certified Information Systems Auditor (CISA)
• Preferred: Certified Information Systems Security Professional - International Information System Security Certification Consortium
• Preferred: GIAC Security Essentials (GSEC) certification
• Preferred: Systems Security Certified Practitioner certification (SSCP)

Supervision Provided by this Position

• May mentor or guide junior analysts
• May lead workstreams or initiatives but does not have direct supervisory responsibilities.

Physical Demands

• Remote work with high availability during business hours and participation in the after-hours on-call rotation.
• Be available for onsite work as needs require.
• Must be highly responsive by phone, in MS Teams, and ServiceNow ticketing.
• Occasional travel to MLH facilities may be required.
• Must maintain strict confidentiality and uphold the highest standards of professionalism and trust.

Our Associates are passionate about what they do, the service they provide and the patients they serve. We value family, team and a Power of One culture that requires commitment to the highest standards of care and unity.

Boasting one of the South's largest medical centers, Memphis blends a friendly community, a thriving and growing downtown, and a low cost of living. We see each day as a new opportunity to make a difference in the lives of the people in our community.