Senior Cloud Identity and Access Management Specialist

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

Cloud IAM_Senior

Key Responsibilities:

• Design, implement, and manage cloud Identity and Access Management (IAM) solutions across AWS, Azure, and/or GCP environments.
• Develop and maintain identity lifecycle management processes, including onboarding, offboarding, and role modifications.
• Configure and oversee role-based access control (RBAC), least privilege access, and permission boundaries.
• Implement and support Single Sign-On (SSO), Multi-Factor Authentication (MFA), and conditional access policies.
• Integrate IAM platforms with enterprise applications, Software as a Service (SaaS) solutions, and on-premises systems.
• Manage privileged access using Privileged Access Management (PAM) and Privileged Identity Management (PIM) solutions (e.g., Azure PIM, AWS IAM Access Analyzer, third-party PAM tools).
• Monitor, audit, and review access logs and identity activities to identify anomalies and security risks.
• Support identity federation using standards such as SAML, OAuth 2.0, OpenID Connect, and LDAP.
• Assist in conducting cloud security assessments, access reviews, and compliance audits.
• Automate IAM workflows using scripts, APIs, or Infrastructure as Code (IaC) tools (e.g., Terraform, ARM, CloudFormation).
• Collaborate with security, cloud, DevOps, and compliance teams to ensure effective identity governance.
• Maintain documentation for IAM policies, procedures, and operational runbooks.
• Respond to IAM-related incidents and conduct root cause analysis.

Preferred Requirements:

• Over 3 years of hands-on experience in Cloud IAM or Identity Security.
• Strong experience with at least one major cloud provider:
• AWS IAM
• Azure Entra ID (Azure AD)
• GCP IAM
• Solid understanding of authentication and authorization concepts.
• Experience with identity federation standards, including SAML, OAuth, and OpenID Connect.
• Familiarity with Zero Trust security models.
• Experience implementing MFA, conditional access, and adaptive authentication.
• Knowledge of Privileged Access Management (PAM/PIM) solutions.
• Experience with access reviews, entitlement management, and compliance controls.
• Exposure to IAM automation using PowerShell, Python, REST APIs, or Terraform.
• Understanding of cloud security best practices and regulatory requirements (e.g., ISO 27001, SOC 2, GDPR).
• Ability to analyze logs and security alerts from IAM systems.
• Relevant Certifications Preferred:
• Microsoft SC-300 / AZ-500
• AWS Certified Security – Specialty
• Certified Identity and Access Manager (CIAM)
• Strong communication skills and the ability to work effectively in cross-functional teams.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.