IGA Analyst

Location(s)

The IAM Analyst is a key member of Kemper’s Identity & Access Management team within the Office of the CISO. Reporting to IAM leadership, this role is responsible for maintaining and strengthening enterprise identity governance practices, standards, and controls.

The IAM Analyst executes and sustains User Access Review (UAR) processes, including quality assurance and continuous improvement efforts, ensuring alignment with SOX, ITGC, and other regulatory requirements. The role partners with application owners, infrastructure, IAM engineering, and business stakeholders to assess access risk, support IAM initiatives, and enhance identity lifecycle controls.

This position operates with limited supervision and serves as a subject matter expert in access certifications and identity risk reduction.

Own and continuously improve operational controls supporting enterprise user access reviews (UAR), role governance, and entitlement management. Perform advanced analysis of identity and access data to identify control gaps, toxic access, orphaned accounts, and policy violations. Proactively investigate and resolve identity governance issues across systems, workflows, and data feeds. Understand IAM/IGA tooling (e.g., SailPoint, Azure AD, Okta, ForgeRock, CyberArk). Perform advanced data analysis using Excel and reporting tools to identify identity risk trends. Support the development of identity analytics and metrics for leadership reporting. Assist with role mining, access modeling, and governance automation initiatives.
Ensure identity controls operate effectively and align with internal policy and regulatory requirements.

Lead preparation and validation of ITGC access control evidence for SOX and regulatory audits.
Produce high-quality audit documentation and support internal and external auditors.
Partner with control owners to remediate access control deficiencies and track closure.
Support compliance programs, including SOX, HIPAA, PCI-DSS, SOC 2, and NYDFS, as applicable.
Identify opportunities to reduce manual controls through automation and governance improvements.

Drive quality and completeness of access certification campaigns.
Validate entitlement descriptions, role mappings, and reviewer accuracy.
Monitor joiner/mover/leaver (JML) control effectiveness and escalate risk conditions.
Maintain authoritative records of access permissions, changes, and certifications.

Partner with application owners, business leaders, and technology teams to strengthen identity controls.
Provide guidance on IAM and PAM policy adherence.
Support IAM security and compliance training development and delivery.
Coordinate across security, infrastructure, and application teams to resolve access issues.

Recommend and implement process improvements that increase automation, accuracy, and audit readiness.
Contribute to IAM/IGA roadmap initiatives.
Support maturity advancement toward risk-based identity governance.

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience.
3–5 years of direct experience in Identity and Access Management with a strong focus on Identity Governance and Administration.
Demonstrated experience in access certifications, user lifecycle management (JML), role and entitlement governance, identity analytics, privileged access management, and ITGC access controls.
Strong understanding of SSO, SAML, OAuth, OIDC, identity federation, and multi-factor authentication.
Hands-on experience with IAM platforms such as SailPoint, Azure AD/Entra ID, Okta, ForgeRock, or CyberArk.
Advanced Excel skills, including pivot tables and data analysis.
Excellent written and verbal communication skills with strong attention to detail.

Experience supporting SOX, NYDFS, or highly regulated environments.
Experience with role mining or access modeling.
Familiarity with ServiceNow, SailPoint, and Active Directory.
Relevant certifications (CIAM, CISA, or similar).

This position works in the Kemper office.

The range for this position is $79,500 to $132,900. When determining candidate offers, we consider experience, skills, education, certifications, and geographic location among other factors. This job is also eligible for our Kemper benefits package (Medical, Dental, Vision, PTO, 401k, etc.)