This role is responsible for executing and enhancing the User Access Review (UAR) process across Client’s systems and applications. The analyst ensures that user entitlements are appropriate, aligned with the principle of least privilege, and compliant with internal security standards and regulatory expectations.
Role Attributes
- Proactive, analytical, and detail-oriented mindset.
- Clear and confident communicator with cross-functional stakeholders.
Key Responsibilities
User Access Review Execution:
- Conduct periodic reviews of user access rights across applications, databases, operating systems, networks, and security appliances.
- Validate access against the approved User Access Matrix and ensure alignment with users’ roles and responsibilities
Compliance and Governance:
- Ensure all UARs are auditable and comply with Client’s Information Security Standard
- Track and document review outcomes, including remediation actions for inappropriate access.
Process Management:
- Coordinate with application owners and business units to ensure timely completion of reviews.
- Support the onboarding of new applications into the UAR scope, ensuring a User Access Matrix is in place prior to review initiation
Continuous Improvement:
- Identify gaps or inefficiencies in the user entitlement process and recommend enhancements.
- Contribute to the development and refinement of access control policies and procedures.
Stakeholder Engagement:
- Collaborate with IT, Risk, and Compliance teams to align access review practices with broader governance frameworks.
ROLE PROFILE
- Provide guidance and training to reviewers on user entitlement process.
Team
- Collaborates with Security Engineering, GRC, IT, and other Fusion Centre pillars.
Requirements
Education:
- At least Diploma in Cybersecurity, Information Technology, or related discipline
Experience:
- 3–5 years of experience in information security, identity and access management (IAM), or IT audit.
- Hands-on experience with access review tools, entitlement governance, and user provisioning systems.
Skills:
- Understanding of access control principles and regulatory requirements.
- Excellent analytical, documentation, and communication skills.
Key Stakeholders
- Cyber Fusion Centre teams (SOC, Threat Intel, Engineering, GRC)
- Internal Audit, Risk, Compliance functions
- Third-party SOC vendors and service providers
- Technology and Infrastructure teams