×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Sr. IAM Analyst - Risk and Compliance

Job in Somerville, Middlesex County, Massachusetts, 02145, USA
Listing for: Mass General Brigham
Full Time position
Listed on 2026-01-16
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below

Site:
Mass General Brigham Incorporated

Mass General Brigham relies on a wide range of professionals, including doctors, nurses, business people, tech experts, researchers, and systems analysts to advance our mission. As a not-for-profit, we support patient care, research, teaching, and community service, striving to provide exceptional care. We believe that high-performing teams drive groundbreaking medical discoveries and invite all applicants to join us and experience what it means to be part of Mass General Brigham.

Job Summary

The Senior IAM Analyst – Risk & Compliance is responsible for ensuring that Identity and Access Management controls are designed, implemented, and operated in alignment with regulatory, security, and risk management requirements. This role serves as the primary liaison between IAM engineering/operations teams, Information Security operations, internal and external auditors, and application owners.

The role focuses on governance, control effectiveness, policy enforcement, metrics, and audit readiness across the IAM ecosystem, including Identity Governance & Administration (IGA), Access Management, Privileged Access Management (PAM), and directory services.

This position requires strong analytical skills, deep understanding of IAM control frameworks, and the ability to translate regulatory and audit requirements into actionable IAM controls and operational processes.

Qualifications

Essential Functions:

IAM Risk & Control Management
ню>

  • Own and maintain IAM-related controls mapped to frameworks such as NIST 800-53, NIST CSF, HIPAA Security Rule, and Mass General Brigham security policies
  • Partner with IAM Engineering and Operations teams to ensure controls are properly designed, implemented, and operating effectively
  • Identify IAM control gaps, assess risk, and drive remediation plans with clear owners and timelines
  • Evaluate IAM processes for alignment with least privilege, separation of duties, and zero trust principles

Metrics, Reporting & Continuous Improvement

  • Define and report IAM risk and compliance KPIs, such as:
    • Certification completion and exception rates
    • Orphaned and dormant account trends
    • Privileged access violations
    • Access request SLA adherence
      • fuels>
  • Use data to identify trends, emerging risks, and opportunities for automation or control enhancement
  • Contribute to continuous improvement of IAM governance processes and tooling

Audit & Compliance Support

  • Act as the primary IAM point of contact for:
    • Internal audits
    • External audits
    • Regulatory inquiries
  • Prepare audit evidenceாய், narratives, and walkthroughs for IAM controls including:
    • User lifecycle management
    • Access requests and approvals
    • Access certifications
      • .Requirements
  • Track audit findings, manage remediation efforts, and validate closure

Access Governance & Certification Oversight

  • Provide risk and compliance oversight for access certification campaigns (manager, application owner, privileged access)
  • Define and enforce certification standards, review quality thresholds, and escalation criteria
  • Analyze certification results Է identifying systemic risk, role sprawl, or control weaknesses

Policy, Standards & Procedures

  • Develop and maintain IAM-related:
    • Policies
    • Standards
    • Procedures
    • Control documentation
  • Ensure policies are actionable, enforceable, and aligned with technical implementations
  • Support annual policy reviews and exception management processes

Cross-Functional Collaboration

  • Collaborate closely with:
    • IAM Engineering and Operations
    • Information Security Operations and Program Governance
    • Privacy and Legal teams
    • Internal Audit
    • Application and Infrastructure owners
  • Serve as a trusted advisor on IAM risk topics to technical and non-technical stakeholders

Education:

  • Bachelor’s or Associate’s Degree preferred

Licenses and Certification:

  • Relevant certifications such as CIS alloy, CISA, CRISC
    , or IAM platform certifications (e.g., Saviynt, Okta, Cyber Ark) – Preferred

Work Experience:

  • 5+ years of progressively responsible experience in Identity and Access Management, Information Security, or IT Risk & Complaint, preferably in large, regulated healthcare or academic medical environment
  • Demonstrated experience supporting audits, regulatory inquiries, and control…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search