Identity and Access Management (IAM) Analyst II

Summary: The Identity & Access Management (IAM) Analyst II will support and execute core IAM operations, governance, and compliance activities within a regulated utility environment.

This role is ideal for a well-rounded IAM professional who can independently manage identity lifecycle processes (Joiner, Mover, Leaver), access provisioning, and governance controls while supporting audit readiness and regulatory compliance.

You'll play a key role in securing access to critical infrastructure systems, ensuring adherence to least privilege, and contributing to continuous improvement and automation across IAM processes.

Note: This is a highly hands-on, and execution-focused role., IAM Operations & Lifecycle Management

• Execute end-to-end identity lifecycle processes (Joiner, Mover, Leaver)
• Provision, modify, and revoke access across enterprise and regulated systems
• Enforce least privilege access for both privileged and non-privileged users
• Identify and remediate:
• Orphaned accounts
• Excessive or inappropriate access
• Segregation of duties conflicts
• Maintain alignment between HR systems, IAM platforms, directories, and applications

Access Governance & Compliance

• Support and execute access governance controls aligned to regulatory frameworks (e.g., NERC CIP, SOX, SOC)
• Perform access certifications and recertifications
• Support audit activities, evidence collection, and remediation tracking
• Ensure access changes are properly approved, documented, and audit-ready
• Identify and escalate control gaps, policy exceptions, and risks

Directory Services & Authentication

• Administer and support:
• Active Directory (on-premises) and Azure AD / Entra ID
• User accounts, groups, roles, and service accounts
• Manage MFA solutions (e.g., RSA or similar):
• Token provisioning, revocation, and tracking
• Support access across infrastructure, applications, and databases

ITSM & Operational Support

• Own and manage IAM-related service requests and incident queues
• Ensure tickets are properly approved, documented, and completed within SLAs
• Partner with Service Desk teams to improve request quality and consistency
• Coordinate with vendors and application teams for access-related activities

Quality Assurance & Control Validation

• Perform validation of IAM processes, including:
• Provisioning/deprovisioning accuracy
• JML completeness and timeliness
• Access certification outcomes
• Conduct reconciliation across IAM systems, HR platforms, and directories
• Validate privileged access, shared accounts, and MFA lifecycle events
• Support audit readiness and control attestation

Automation & Reporting

• Develop and support reporting for compliance, audit, and operational metrics
• Use tools such as PowerShell, Python, SQL, Excel, or Power Query
• Analyze trends and identify risks or process gaps
• Contribute to automation initiatives to improve efficiency and reduce manual effort

Process Improvement

• Execute IAM processes using defined workflows and procedures
• Identify opportunities to improve:
• Provisioning workflows
• Access request processes
• Role and entitlement models
• Maintain and enhance documentation, runbooks, and procedures

Collaboration

• Partner with:
• Cybersecurity and compliance teams
• HR and workforce administration
• IT and OT operations teams
• Application owners and system administrators
• Contribute to a team-oriented, high-accountability environment
• Act as a resource for complex IAM issues

Additional Responsibilities:

• Perform other job-related duties as assigned
• Storm role duties as assigned

• Bachelor's degree in Information Systems, Cybersecurity, or related field
• 2+ years of relevant experience required
• Hands-on experience with:
• Identity lifecycle management (JML)
• Access provisioning and deprovisioning
• Active Directory and Azure AD
• Experience supporting audit and compliance frameworks (e.g., SOX, SOC, ISO)
• Working knowledge of:
• RBAC and least privilege principles
• ITSM/ticket-based environments
• MFA technologies
• Strong analytical, troubleshooting, and problem-solving skills
• Ability to work independently and take ownership of responsibilities, * Experience in regulated industries (utilities, energy, financial services, healthcare)
• Familiarity with NERC CIP standards and critical infrastructure environments
• Experience with:
• Identity Governance platforms (e.g., SailPoint)
• SAP access provisioning and role governance
• SQL-based analysis and reporting
• Scripting/automation experience (PowerShell, Python)
• Experience managing privileged, shared, and service accounts
• Relevant certifications (e.g., Security+, IAM or SailPoint certifications)

Duquesne Light Company, headquartered in downtown Pittsburgh, is a leader in providing electric energy and has been in the forefront of the electric energy market, with a history rooted in technological innovation and superior customer service. Today, the company continues its role as a leader in the transmission and distribution of electric energy, providing a secure supply of reliable power to more than half a million customers in southwestern Pennsylvania. Duquesne Light Company is committed to creating a culture of inclusion. We value and respect the unique differences and experiences of our employees. We believe that our differences lead to better collaboration, innovation and outcomes. We want you to join our team!