Identity & Access Management (IAM) Analyst II

Position Summary: The Identity & Access Management (IAM) Analyst II will support and execute core IAM operations, governance, and compliance activities within a regulated utility environment.

This role is ideal for a well-rounded IAM professional who can independently manage identity lifecycle processes (Joiner, Mover, Leaver), access provisioning, and governance controls while supporting audit readiness and regulatory compliance.

You'll play a key role in securing access to critical infrastructure systems, ensuring adherence to least privilege, and contributing to continuous improvement and automation across IAM processes.

Note: This is a highly hands-on, execution-focused role, not a managerial or purely advisory position., IAM Operations & Lifecycle Management

• Execute end-to-end identity lifecycle processes (Joiner, Mover, Leaver)
• Provision, modify, and revoke access across enterprise and regulated systems
• Enforce least privilege access for both privileged and non-privileged users
• Identify and remediate:
• Orphaned accounts
• Excessive or inappropriate access
• Segregation of duties conflicts
• Maintain alignment between HR systems, IAM platforms, directories, and applications

Access Governance & Compliance

• Support and execute access governance controls aligned to regulatory frameworks (e.g., NERC CIP, SOX, SOC)
• Perform access certifications and recertifications
• Support audit activities, evidence collection, and remediation tracking
• Ensure access changes are properly approved, documented, and audit-ready
• Identify and escalate control gaps, policy exceptions, and risks

Directory Services & Authentication

• Administer and support:
• Active Directory (on-premises) and Azure AD / Entra ID
• User accounts, groups, roles, and service accounts
• Manage MFA solutions (e.g., RSA or similar):
• Token provisioning, revocation, and tracking
• Support access across infrastructure, applications, and databases

ITSM & Operational Support

• Own and manage IAM-related service requests and incident queues
• Ensure tickets are properly approved, documented, and completed within SLAs
• Partner with Service Desk teams to improve request quality and consistency
• Coordinate with vendors and application teams for access-related activities

Quality Assurance & Control Validation

• Perform validation of IAM processes, including:
• Provisioning/deprovisioning accuracy
• JML completeness and timeliness
• Access certification outcomes
• Conduct reconciliation across IAM systems, HR platforms, and directories
• Validate privileged access, shared accounts, and MFA lifecycle events
• Support audit readiness and control attestation

Automation & Reporting

• Develop and support reporting for compliance, audit, and operational metrics
• Use tools such as PowerShell, Python, SQL, Excel, or Power Query
• Analyze trends and identify risks or process gaps
• Contribute to automation initiatives to improve efficiency and reduce manual effort

Process Improvement

• Execute IAM processes using defined workflows and procedures
• Identify opportunities to improve:
• Provisioning workflows
• Access request processes
• Role and entitlement models
• Maintain and enhance documentation, runbooks, and procedures

Collaboration

• Partner with:
• Cybersecurity and compliance teams
• HR and workforce administration
• IT and OT operations teams
• Application owners and system administrators
• Contribute to a team-oriented, high-accountability environment
• Act as a resource for complex IAM issues

Additional Responsibilities:

• Perform other job-related duties as assigned
• Storm role duties as assigned, Primary focus is on daily deliverables, outputs and reporting. Typically, accountable for managing one's own time and workflow. Responsible for using prescribed guidelines to analyze situations and solve problems. Work is typically of moderate complexity requiring the incumbent to draw on previous knowledge to perform role. Continues to build knowledge base and develop capabilities by partnering with more experienced staff as needed

Decision Impact

Problems and issues faced are vague but may be recognizable based on past experience. Accountable for some direct level of reasoning and decision making in straightforward situations based on precedents.

Hybrid Work

Position follows our hybrid work model, with a minimum of two days working in the office and the remaining days working remotely. Reporting location and frequency may be subject to change based on job role and department needs.

Storm Roles

All Non-Union Employees will serve in storm roles as appropriate to their role and skillset. Please be sure to discuss storm roles with the hiring manager for this position, as duties can vary across the Company. Examples of storm roles could include but aren't limited to duties such as: working with operations for service center support or with the communications, customer service or government affairs teams to respond to public and customer requests for information, etc.

Data Governance

Utilize data to make business decisions as appropriate for the position, support data stewardship activities and partner with IT on underlying data needs.

EQUAL OPPORTUNITY EMPLOYER Duquesne Light Holdings is committed to providing equal employment opportunity to all people in all aspects of the employment relationship, without discrimination because of race, age, sex, color, religion, national origin, disability, sexual orientation and gender identity or status as a Vietnam era or special disabled veteran or any other unlawful basis, as defined by applicable law, and fostering a workplace free of unlawful discrimination and retaliation. This policy affects decisions including, but not limited to, hiring, compensation, benefits, terms and conditions of employment, opportunities for promotion, transfer, layoffs, return from a layoff, training and development, and other privileges of employment. An integral part of Duquesne Light Holdings' commitment is to comply with all applicable federal, state and local laws concerning equal employment and affirmative action.

Duquesne Light Holdings is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful.

• Bachelor's degree in Information Systems, Cybersecurity, or related field

• 2+ years of relevant experience required

• Hands-on experience with:

• Identity lifecycle management (JML)

• Access provisioning and deprovisioning

• Active Directory and Azure AD

Experience supporting audit and compliance frameworks (e.g., SOX, SOC, ISO)

Working knowledge of:

• RBAC and least privilege principles
• ITSM/ticket-based environments
• MFA technologies

Strong analytical, troubleshooting, and problem-solving skills

Ability to work independently and take ownership of responsibilities, * Experience in regulated industries (utilities, energy, financial services, healthcare)

• Familiarity with NERC CIP standards and critical infrastructure environments

• Experience with:

• Identity Governance platforms (e.g., SailPoint)

• SAP access provisioning and role governance

• SQL-based analysis and reporting

Scripting/automation experience (PowerShell, Python)

Experience managing privileged, shared, and service accounts

Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy, providing a secure supply of reliable power to more than half a million customers in southwestern Pennsylvania. Duquesne Light Company is committed to creating a culture of inclusion. We value and respect the unique differences and experiences of our employees. We believe that our differences lead to better collaboration, innovation and outcomes. We want you to join our team!