Service Credit Union is seeking an Identity and Access Management (IAM) Analyst who will serve as a guardian of employee and member-facing identity, safeguarding critical and confidential information belonging to Service Credit Union.
This is a hybrid identity role with two anchor accountabilities:
1. Co-administration of the SailPoint IdentityIQ platform, including identity lifecycle management, role-based access control (RBAC), access certifications, and automated provisioning across enterprise systems.
2. Business and technical liaison for the Passwordless Authentication platform, supporting rollout, day-to-day operations, user enrollment, exception handling, integration with SSO/MFA, and continuous improvement of the passwordless user experience.
The IAM Analyst also supports adjacent identity functions, including Multi-Factor Authentication (MFA), Single Sign-On (SSO), Privileged Access Management (PAM), and directory services, ensuring access is granted, modified, and removed in accordance with policy, approvals, and the principle of least privilege. The role works closely with Information Security, Infrastructure, Application Development, HR, and business units to deliver secure, compliant, and frictionless identity experiences.
“Members are the priority at Service Credit Union, and every role at the credit union is responsible for supporting member solutions and contributing positively to the member experience.”
Pay: Salaried position starting at$70,000. Flexible based on experience.
Hours: Full time, Monday – Friday, 8:30 – 5:00 (Hybrid opportunity available)
Work location: Portsmouth, NH
Benefits Include:
- Great health and dental benefits starting day one!
- PTO, long-term disability, and paid holidays.
- 401k with 8% company contribution after one year of employment.
- Paid leave policy after 12 consecutive months of employment.
- Free confidential mental health support program with Talkspace©
- Free identify theft protection through IdentityForce©
- Tuition reimbursement.
- Training and career growth opportunities.
The Day to Day:
SailPoint IAM Co-Administration
· Co-administer the SailPoint platform in partnership with the IAM Administrator and Engineering team, including configuration of lifecycle events, application onboarding, access request workflows, and certification campaigns.
· Execute and refine the RBAC model, reconciling discrepancies between assigned access rights and the access required for users to perform their job duties.
· Support access provisioning, de-provisioning, transfers, and offboarding events in alignment with established policies, standards, and procedures.
· Design, schedule, and monitor periodic access certification and Segregation of Duties (SoD) reviews, tracking remediation to closure.
· Maintain accurate documentation for SailPoint configurations, role models, connectors, and operational procedures.
Passwordless Authentication Platform Liaison & Support
· Act as the primary business liaison and Tier 2 support owner for the Passwordless Authentication platform, coordinating between the vendor, Information Security, IT Operations, and end users.
· Manage user enrollment, credential lifecycle (registration, recovery, revocation), device binding, and exception handling for passwordless authenticators (FIDO2 / passkeys / platform authenticators).
· Partner with Engineering to integrate passwordless authentication with SSO, conditional access, and downstream applications; validate authentication flows and fallback paths.
· Monitor platform health, authentication success/failure metrics, and user adoption; produce reports and recommend improvements to increase adoption and reduce friction.
· Develop end-user communications, FAQs, knowledge articles, and training materials to support the ongoing rollout and steady-state operation of passwordless authentication.
· Serve as subject matter resource for phishing-resistant authentication concepts and align platform practices with NIST 800-63 guidance and emerging industry standards.
Broader Identity & Access Functions
· Support the enrollment and administration of Multi-Factor Authentication (MFA), Single Sign-On (SSO), Privileged Access Management (PAM), and Mobile Device Management (MDM) integrations.
· Administer Active Directory, Entra ID (Azure AD), and related enterprise directory services in support of identity lifecycle events.
· Enforce organizational policies and procedures to ensure only authorized personnel have access to information, in compliance with the Minimum Necessary Rule and least-privilege principles.
· Ensure evidence of authorization is documented and archived according to internal standards, and support audit, examiner, and risk-assessment requests.
· Troubleshoot identity, authentication, and workflow issues independently or in collaboration with other IS teams, adhering to internal service standards and SLAs.
· Recommend and implement process improvements, automation, and orchestration of repeatable IAM tasks.
· Participate in projects to implement new IAM integrations, provisioning points, and RBAC extensions.
· Support incident research, evidence gathering for audits, and remediation of identity-related risks.
· Regular and reliable attendance is an essential function of this position.
· Other duties as assigned.
Experience and Qualifications:
· Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or equivalent relevant work experience.
· Minimum 3+ years of hands-on experience in Identity and Access Management, with demonstrated exposure to an enterprise IGA platform (SailPoint preferred) and at least 1+ year supporting modern authentication technologies (MFA, SSO, or passwordless).
· SailPoint IdentityNow / IdentityIQ Engineer or Administrator; Microsoft SC-300 (Identity and Access Administrator); CISSP, CISM, CRISC, or CISA. Or ability to acquire in first year of hire.
· Experience in a financial services, credit union, or other regulated environment is a plus.
· Working knowledge of identity governance concepts including lifecycle management, application on-boarding, access request, automated provisioning, password management, and role-based access control (RBAC).
· Hands-on experience with SailPoint IdentityIQ or Identity Security Cloud (workflows, rules, certifications, connectors) is strongly preferred.
· Working knowledge of passwordless / phishing-resistant authentication technologies: FIDO2, WebAuthn, passkeys, platform authenticators, and hardware security keys.
· Demonstrated experience administering Active Directory and Microsoft 365 / Entra ID environments.
· Familiarity with authentication and federation protocols: SAML, OAuth 2.0, OIDC, SCIM, LDAP.
· Knowledge of MFA platforms (e.g., Duo, Entra MFA) and PAM concepts.
· Familiarity with enterprise directories and relational databases (MSSQL, Oracle, MySQL).
· Strong analytical, organizational, and documentation skills; attention to detail.
· Excellent interpersonal, presentation, and written/verbal communication skills, able to translate technical concepts for business audiences.
· Proficient with Microsoft Excel, Outlook, Word, PowerPoint, and web-based administrative consoles.
· Ability to foster productive working relationships with internal staff, vendors, and cross-functional partners.
At Service Credit Union we celebrate our employees’ diverse backgrounds, ethnicities, gender identities, spiritual practices, abilities, and all the other traits that make us individuals. We follow the adage of treating others how we want to be treated while striving for understanding. Together, we create a unique credit union capable of serving our member’s needs with the same respect, empathy, and kindness we give each other.
Equal Opportunity Employer
Job Type: Full-time
Pay: From $70,000.00 per year
Benefits:
- 401(k)
- Dental insurance
- Flexible spending account
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Tuition reimbursement
- Vision insurance
Ability to Commute:
- Portsmouth, NH 03801 (Required)
Ability to Relocate:
- Portsmouth, NH 03801: Relocate before starting work (Required)
Work Location: In person