Job Description
Job Title: Business Analyst - Entra ID/SSO
Job Location: Deerfield Beach FL
Key Responsibilities:
• Analyze AD / Entra ID identity data, group memberships, and access patterns to identify inconsistencies, redundant permissions, and remediation needs.
• Define and document rule-based access policies, group standards, and governance models.
• Partner with IAM engineers and application teams to redesign group structures for cleaner and more predictable access flows.
• Support SSO integration requirements for SailPoint and CyberArk-based app integrations.
• Assist in mapping entitlements and ensuring correct provisioning, de-provisioning, and lifecycle rules.
• Work with security, IAM, and application stakeholders to gather functional and non-functional requirements related to access, identity data, SSO, and policy changes.
• Translate complex IAM requirements into clear user stories, acceptance criteria, workflows, and process documentation.
• Participate in and facilitate workshops, interviews, and working sessions to align on future-state access models.
• Perform detailed data analysis on identity attributes, group memberships, entitlements, and access logs.
• Document data flows, mappings, and integration points across IAM systems.
• Validate data quality, identify anomalies, and support cleanup efforts.
• Create test plans, test scripts, and validation scenarios for AD/Entra, SailPoint, and CyberArk IAM workflows.
• Support UAT and coordinate defect tracking with technical teams.
• Ensure access rules and SSO flows behave according to the new governance policies.
• Serve as the conduit between IAM engineering, InfoSec, Application Owners, and business stakeholders.
• Communicate risks, impacts, and progress related to access remediation and policy changes.
• Assist teams in understanding the downstream implications of identity and access changes.
Required Qualifications:
• 5+ years of Business Analyst experience with strong exposure to IAM, AD/Entra ID, SSO, access governance, or security remediation projects.
• Knowledge of Microsoft Active Directory / Entra ID group structures, attribute management, and lifecycle events.
• Demonstrated ability to analyze complex identity data sets and interpret access patterns.
• Experience supporting projects involving SailPoint, CyberArk, or similar access management tools.
• Strong ability to document rules, policies, user stories, workflows, and system processes.
• Experience supporting integrations and reviewing access-related requirements for applications.
• Solid understanding of SDLC, Agile methodologies, and BA best practices.
• Excellent communication skills with the ability to translate technical access concepts into business-friendly language.
• Highly organized, self-directed, and comfortable working across multiple workstreams.
Preferred Qualifications:
• Experience with IAM remediation programs, audits, or compliance-driven access cleanup.
• Working knowledge of SQL for identity/data analysis.
• Experience with data mapping, data quality checks, or access data profiling.
• CBAP, CDMP, or related BA certifications.