177 Iam Analyst jobs in the Philippines

Primary Details
Time Type: Full time

Worker Type: Employee

The purpose of this role is to oversee and manage access controls for safeguarding QBE data and resources globally, by leading identity and access management processes. This includes handling complex access requests, supporting senior analysts and team leaders on projects, and engaging with customers at various levels, including senior leadership.

Responsibilities:

• Manage demand through the global ticket and request management tool to ensure effective queue management.
• Maintain least privileged access to QBE systems for joiners, movers, leavers (JML) and authorised users, ensuring access is in line with job function.
• Respond to information security and access-related questions and inquiries, ensuring adherence to defined service processes and ITIL best practice guidelines.
• Consistent compliance with defined controls, processes, and security policies.
• Timeliness and accuracy in handling JML and additional access requests, meeting defined SLAs.
• Build and maintain strong relationships with business customers to ensure service delivery meets expectations.
• Provide advice and guidance for IT security and user access-related activities.
• Independently analyse requests to ensure proper separation of duties and least privileged concept is applied.
• Produce accurate management information for effective reporting and decision-making.
• Investigate and resolve access-related inquiries, minimising business disruption.

Work Experience:
Necessary Work Experience includes:

• Some relevant work experience.

Preferred Work Experience includes:

• Experience with identity and access management in a complex, fast-paced environment.
• Experience with Active Directory (AD), RACF, and other access management tools.
• Experience within financial services, preferably insurance industry.
• Experience working with outsourced service partners.

Qualifications:
Necessary Qualifications include:

• A Tertiary Degree or an equivalent combination of education and work experience.

Travel Frequency:
Infrequent (approximately 1-4 trips annually)

US Only - Physical Demands:
General office jobs: Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 lbs.

Skills:
Active Directory Software, Adaptability, Analytical Thinking, Critical Thinking, Customer Service, Decision Making, Identity and Access Management (IAM) Operations, Intentional collaboration, IT Security Operations, Managing performance, Operating Systems (OS), Problem Solving, Risk Management, Service Delivery, Stakeholder Management

How to Apply:

To submit your application, click "Apply" and follow the step by step process.

Equal Employment Opportunity:

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.

Primary Details

Time Type: Full timeWorker Type: EmployeeThe purpose of this role is to oversee and manage access controls for safeguarding QBE data and resources globally, by leading identity and access management processes. This includes handling complex access requests, supporting senior analysts and team leaders on projects, and engaging with customers at various levels, including senior leadership.

Responsibilities:

• Manage demand through the global ticket and request management tool to ensure effective queue management.
• Maintain least privileged access to QBE systems for joiners, movers, leavers (JML) and authorised users, ensuring access is in line with job function.
• Respond to information security and access-related questions and inquiries, ensuring adherence to defined service processes and ITIL best practice guidelines.
• Consistent compliance with defined controls, processes, and security policies.
• Timeliness and accuracy in handling JML and additional access requests, meeting defined SLAs.
• Build and maintain strong relationships with business customers to ensure service delivery meets expectations.
• Provide advice and guidance for IT security and user access-related activities.
• Independently analyse requests to ensure proper separation of duties and least privileged concept is applied.
• Produce accurate management information for effective reporting and decision-making.
• Investigate and resolve access-related inquiries, minimising business disruption.

Work Experience:

Necessary Work Experience includes:

• Some relevant work experience.

Preferred Work Experience includes:

• Experience with identity and access management in a complex, fast-paced environment.
• Experience with Active Directory (AD), RACF, and other access management tools.
• Experience within financial services, preferably insurance industry.
• Experience working with outsourced service partners.

Qualifications:

Necessary Qualifications include:

• A Tertiary Degree or an equivalent combination of education and work experience.

Travel Frequency:

Infrequent (approximately 1-4 trips annually)

US Only - Physical Demands:

General office jobs: Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 lbs.

Skills:

Active Directory Software, Adaptability, Analytical Thinking, Critical Thinking, Customer Service, Decision Making, Identity and Access Management (IAM) Operations, Intentional collaboration, IT Security Operations, Managing performance, Operating Systems (OS), Problem Solving, Risk Management, Service Delivery, Stakeholder Management

How to Apply:

To submit your application, click "Apply" and follow the step by step process.

Equal Employment Opportunity:

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.

The role involves managing
user identities
,
access controls
,
privileged accounts
, and
encryption key safekeeping
, while enforcing
least privilege
and
segregation of duties (SoD)
principles.

Key Responsibilities

Access Provisioning & Control

• Evaluate, approve, and provision access requests across
  systems
  ,
  networks
  ,
  databases
  , and
  applications
  .
• Maintain and update
  user access profiles
  based on defined roles, ensuring
  least privilege
  access.
• Perform regular
  access reviews
  , recertifications, and cleanups to validate user entitlements.

Identity Lifecycle Management

• Develop and manage
  identity and role-based access models
  (RBAC, MAC, DAC).
• Integrate identity models for
  local
  ,
  network
  ,
  federated
  , and
  web identities
  .

Privileged Access & Key Management

• Administer and secure
  superuser IDs
  ,
  privileged accounts
  , and
  encryption keys
  .
• Ensure tracking, safekeeping, and retrieval of credentials is compliant with internal controls.
• Monitor privileged access activity for suspicious behavior or policy violations.

Policy, Compliance & Audit

• Develop, implement, and maintain
  IAM policies
  , standards, and procedures.
• Ensure compliance with
  internal audit
  ,
  regulatory
  , and
  security frameworks
  (e.g., ISO 27001, NIST).
• Provide IAM documentation and reporting for audits and risk assessments.

Security Collaboration

• Work cross-functionally with IT teams, system owners, and business units to align access controls with security standards.
• Escalate access violations, policy breaches, or risks to Information Security leadership.

Skills & Qualifications

Education & Experience

• Bachelor's degree in
  Computer Science
  ,
  Information Security
  ,
  Cybersecurity
  , or related field.
• Minimum
  2–5 years
  experience in
  IAM
  ,
  IT security
  , or
  access control operations
  .

Technical Skills

• Access control frameworks
  : Role-Based (RBAC), Mandatory (MAC), Discretionary (DAC)
• IAM tools/systems
  : Active Directory, LDAP, IAM platforms (e.g., SailPoint, Okta)
• Privileged access management
  (PAM) and encryption key handling
• Least privilege
  ,
  SoD (segregation of duties)
  ,
  identity federation
• Secure handling of
  superuser credentials
  ,
  service accounts
  , and
  elevated permissions

Core Competencies

• High attention to detail with strong
  analytical
  and
  problem-solving
  skills
• Solid understanding of
  compliance
  ,
  risk
  , and
  governance
  requirements
• Strong verbal and written
  communication skills
• Ability to manage sensitive data with
  discretion and confidentiality
• Experience working in
  regulated environments
  (e.g., finance, healthcare, government) is a plus

Job Description:

• Able to make quick decisions and solve technical problems to provide an efficient environment for project implementation
• Identify resource and equipment requirements, efficient capacity planning and manage software and hardware availability
• Must provide presentations for technical training to teams and customers when required and serve as a technical mentor to team members
• Handles tools issues including, but not limited to monitoring of tools, and implementing company systems, policies, and procedures regarding tools
• Perform Pre-Technical Support such as Demo, Meetings, Presentations, Design & Preparing Bill of Materials for clients & End-users.
• Conduct Access Control site surveys in preparation for producing proposals for potential clients
• Testing of equipment prior to delivery & or installation to ensure proper performance and compliance with customer requirements
• Deliver service and support to partners & end-users using phone via remote connection, chat, email or over the Internet or Onsite.
• Develop and implement efficient device integrations.
• Interact with customers (Partners & End-users) to provide and process information in response to technical inquiries, concerns, and requests about products and services.
• Gather customer's information and determine the issue by evaluating and analyzing the requirement.
• Diagnose and resolve technical hardware and software issues of Door Access, Lift Access, Turnstile, Barrier Access, Input/Output, Rack, VMS, Gate Automation.
• Research required information using available resources.
• Follow standard processes and procedures.
• Identify and escalate priority issues per Client specifications.
• Redirect problems to appropriate resource.
• Accurately process and record service call transactions using a computer and designated software.
• Offer alternative solutions where appropriate with the objective of retaining customers' and clients' business.
• Revising and improving technical manuals & SLD
• Identify issues in efficiency and suggest improvements
• Must provide functional direction, project vision and leadership for the team toward setting and meeting business goals
• Responsible on conducting technical training to newly hired employees and partners.
• Provides quality Access Control service by enforcing quality and customer service standards
• Ensures all work on the site are performed to company quality standards and practices
• Can also provide technical assistance via telephone and/or email
• Should attend to the technical needs of the clients and in the office
• Check installed equipment and systems as per specifications on site
• Performs other tasks that may be assigned by immediate superior from time to time.

Just imagine your future with us…
At Aurecon we see the future through a very different lens. Do you?

Innovation, eminence and digital are at the heart of everything we do. Are you excited about the future?

Are you driven by the opportunity to work on some of the most challenging and complex projects around the world and to learn from the best? We are.

Diversity is at the core of everything we do. We work together to create a culture based on respect, trust and inclusiveness. Our differences are what fuel our creativity.

What will you do?
Identity and Access Management (IDAM)
, is an IT security discipline, framework, and set of solutions for managing digital identities and access to resources. IDAM encompasses the provisioning and de-provisioning of identities, securing and authenticating identities, and authorizing access to resources and/or performing certain actions.

While a person (user) has a singular digital identity, they may have multiple accounts representing them, each with different access controls depending on the resource and context. The overarching goal of IDAM is to ensure that any given identity has access to the right resources (applications, databases, networks, etc.) within the correct context.

The
Identity and Access Management Specialist
is responsible for ensuring that the right people and things have the right access to the right resources at the right time, thereby maintaining security, efficiency, and compliance within the organization.

Here are the key things you will do to 'bring ideas to life'.

• Managing user onboarding, termination, and role changes.
• Managing file share access provisioning and user access provisioning/de-provisioning.
• Administering user authentication using tools such as Multi-Factor Authentication (MFA).
• Managing access to software and systems based on Active Directory.
• Managing admin consent requests in Azure Active Directory.
• Handling manual onboarding, termination, and role changes for privileged accounts.
• Managing RBAC roles to ensure appropriate access control across systems and applications.
• Regularly review and update role assignments to align with organizational needs and security policies.
• Conducting regular account reviews, including those for expired, dormant, and late-terminated accounts.
• Managing access to shared and personal mailboxes, creating shared mailboxes, and handling the creation and administration of distribution lists (DLs).
• Working closely with IT teams and stakeholders to integrate IAM solutions with existing systems and applications
• Implement & Configure enterprise app integrations in Azure AD, ensuring secure authentication and provisioning.
• Translate & Action Designs – Work from approved architectural designs, ensuring secure and efficient implementation.
• Manage Change & Risk – Raise, document, and implement changes while mitigating security risks.
• Optimize & Troubleshoot – Identify and resolve authentication, provisioning, and authorization issues.
• Configure and enforce Conditional Access Policies (CAP) to secure authentication and reduce attack surface.
• Implement risk-based access controls, including MFA enforcement, device compliance, and session controls.

What can you bring to the team?
Skills
Firstly, strong sense of responsibility, flexibility, and adaptability to varying request. Demonstrate excellent time management and organisational skills. And as part of a new team, you will have the opportunity to shape this role and have input into how we evolve it over time to WOW our employees and make an even bigger impact on the world. You will also need the following:

• At least 3 years of working experience in the related field is required for this position
• Has solid understanding of Group Policy and network architecture
• Knowledge and experience in the use of Service Management systems/tools (desirable)
• Experience in Microsoft Active Directory or CyberArk
• Has background with Azure Cloud Active Directory
• Experience in Azure Enterprise Applications, SAML, and SCIM integrations with deep knowledge of identity security best practices
• Expert understanding of Admin Consent workflows and User Delegated Permissions in OAuth/OpenID Connect
• Experience in reading and modifying scripts using PowerShell
• Experience with the concepts of user directories, identity lifecycle management, and identity attestation.
• Experience in Privileged Access Management
• Experience in Microsoft Office 365 platforms
• Experience with the concepts of authentication (e.g., Multi-Factor Authentication or MFA), authorization, Role-Based Access Control (RBAC), Single Sign-On (SSO)
• Proven experience in eliciting requirements and testing is a plus
• Familiar with ITIL v3/v4
• Experience in a global shared services organisation (desirable)

Our
Aurecon Attributes
describe the types of people we bring together for clients. We don't expect you to have all eight of the attributes, but one that is unique to you.

Finally, we value that each of our team members brings something different to Aurecon. We look for people who have had a broad range of experiences throughout their career and can demonstrate how they have worked as part of a team to bring ideas to life. Does that sound like you?

About Us
We've re-imagined engineering.

Aurecon is an engineering and infrastructure advisory company, but not as you know it

For a start, our clients' ideas drive what we do. Drawing on our deep pool of expertise, we co-create innovative solutions with our clients to some of the world's most complex challenges. And through a range of unique creative processes and skills, we work to re-imagine, shape and design a better future.

We listen deeply and intently, which helps us see opportunities, possibilities and potential that others can't. Think engineering. Think again.

Want to know more?
You can learn more about what it's like to work at Aurecon by visiting the careers section of our website.

If you are intrigued or excited by what you have read, then we want to hear from you. Apply now

About Us
Turnkey is helping to make the world a safer place to do business. As a global consulting provider of risk management, identity and access management and cyber security solutions to companies who run enterprise software, we help some of the largest companies in the world to manage their business risks and protect their most important assets from internal and external threats.

We are a fast growing and dynamic company with a fun, relaxed but professional culture. We have an exciting opportunity to appoint a Senior Security Consultant to join our team who will be key in supporting our rapid growth plans and ambitious over the next five years.

In joining our team, you can expect to be working on challenging IAM projects across a wide range of global clients and industries. The nature of projects will be diverse and will vary across the categories of advisory, assurance, managed services, and system implementation. Whilst being actively engaged in solving business problems, our core practice remains specialised in technical solutions for our clients.

About You
We are looking for an independent, pro-active, and ambitious individual who is committed to making a meaningful contribution to Turnkey. A highly experienced individual who can help us continue the growth of our IAM practice, partnerships with the respective IAM vendors and relationships with our clients, whilst being able to help us deliver successful projects across our global clients.

The candidate will be part of our IAM delivery team, utilising their strong technical experience to implement IAM solutions that best fit our clients' needs.

We are looking for a driven individual with at least three years' practical experience in delivering and providing engineering/consulting services on SailPoint IIQ/IDN Projects within the Identity & Access Management domain to join our team as a Senior Consultant (SC). The successful candidate will have a high level of technical ability, and a good understanding of business and strategic needs and challenges, enabling them to ensure design and delivery of the best technical solutions every time.

The ideal candidate will be a Subject Matter Expert (SME) in designing and delivering identity and access management solutions, across some of the following areas:

• Identity Governance and Administration (IGA)
• Identity Management (IDM)
• Ideally with good conceptual/practical knowledge of:
• Access Management (inc. Single Sign-On (SSO)/Multi-Factor Authentication (MFA)/Password-less Authentication)
• Privileged Access Management (PAM)
• Consumer Identity (CIAM)

The key technologies we are looking for experience in are:

• SailPoint IIQ/IDN
• Optionally any skill in the following technologies would be favourable, but not essential:
• Okta, CyberArk, SAP IDM, Micro Focus, Thychotic
• Knowledge of integrations of SailPoint with SAP, HYPR, Okta, CyberArk, ServiceNow will also be an advantage, but not mandatory.

We are looking ideally for someone with the following attributes:

• 3+ years of professional work experience as an IAM consultant, with a proven track record of delivering projects
• Background in both delivering and working with major IAM vendors, specifically:
• 3+ years in delivering SailPoint IIQ/IDN technologies
• Optionally, a nice-to-have would be experience in integrating with other IAM technologies, such as Okta/Cyber Ark (PAM)/ServiceNow/SAP technologies
• Working both as part of a team, or individually, and familiar with the relevant non-technical project activities (i.e., project planning, stakeholder management, change management, schedule management, quality assurance, etc)
• Detailed understanding of business processes and how they contribute to enterprise risks
• Strong written and verbal communication skills
• Ability to act as an SME to install, design, engineer and configure IAM solutions to meet the client need
• Detailed understanding of risk and control principles and how processes are implemented and improved in an IAM system (e.g., JML, PAM, Access Request, Access Review, Adaptive Risk, RBAC, SSO, MFA, etc.)
• Ability to work with a client, as part of a team to deliver an IAM solution across all aspects of the SDLC (Analyse, Design, Develop/Configure, Test, Deploy, Document)
• Understanding of regulatory frameworks, and their application to IAM, e.g. SOx, ISO27001, NIST, HIPAA, GDPR, PSD2, etc.
• Ideally, an Education in Business, IT, IT security or related field
• Ability to effectively manage own time and priorities effectively

The following attributes, while not mandatory, will be advantageous:

• Professional certifications such as CISSP, CISA, ITIL, etc.
• Product certifications from SailPoint, or other IAM vendors such as Okta or CyberArk
• Experience of working within a team to help develop a client IAM strategy
• Experience of working in professional services consulting, ideally experience with the 'Big-4' or similar
• Understanding of and experience in developing solutions using one or more of the following languages: XML; JavaScript; Bean Shell; or other languages
• Understanding of the following concepts/technologies: LDAP; FIDO; SAML; OAUTH; Active Directory; Linux; Databases (SQL/JDBC); Networking (including High Availability, Fault Tolerance, etc), Virtualisation technology
• Architecture experience, or certification, (e.g. TOGAF)
• Implementation and project methodologies (e.g. PRINCE2/AGILE)

Your responsibilities will include:

• Working as part of a team to deliver large/complex IAM implementations across varying project delivery methodologies (Waterfall, Agile, Design thinking)
• Work with clients to understand their requirements and configure solutions to best fit those needs
• Work with our clients and senior team to help design and define strategies, business cases, and provide RFP support, when needed.
• The main part of this role will be working as part of our SailPoint Delivery Team, to Design, Develop/Configure and Implement IAM Solutions Sets - this will predominantly be SailPoint IIQ/IDN
• The expectation will be that you are highly skilled in the design and configuration of SailPoint capabilities (e.g., Life Cycle Management, Application Onboarding, Workflows, Provisioning, Access Review, Reports, Roles, SoDs, etc.)
• NOTE: Where some experience in SailPoint capabilities may need improving, or keeping up to date, e.g. Role Mining, AI, ML, etc. or additional training/certifications are required, we will provide full training and certification paths.
• We will also provide training and certifications in other technologies such as Okta, CyberArk, HYPR, ServiceNow, as per requirement or as part of your development.
• When appropriate, assist in our ability to provide support related services to our existing Managed Service Clients
• Advise clients on controls relating to regulatory or legislative compliance, e.g. SOX; GDPR; PSD2 etc.
• Review and advise on security design and remediation projects
• Build and maintain good relationships with our client project team resources
• Develop and maintain relationships with third parties and vendors, e.g. SailPoint, SAP, ServiceNow, Microsoft to enhance the relationship with Turnkey and deliver value to our clients
• Provide SME knowledge to junior members of the team and provide knowledge transfer activities as part of our training initiatives
• Work with the IAM team to develop internal tools, innovative new propositions and on R&D projects
• When needed, work alongside our Sales, Marketing & Innovation team to provide materials/Pre-Sales support for sales activities
• Writing and reviewing reports and other client-facing deliverables, to a high standard
• Striving for continuous development of team and self
• Assisting with thought leadership activities, where appropriate

You will be part of the Datacenter & Cloud Engineering and Services team (DCES), who are responsible for Vestas On-prem and Cloud platforms.
Vestas Digital Solutions is responsible for a wide range of activities all related to supporting and promoting the digital agenda. The DCES team accelerates digital product development by providing enterprise-ready cloud platforms, such as Identity and Access Management Product Areas.
The Identity and Access Management (IAM) Product Area is critical in ensuring and hardening Vestas going forward.
Strategic goal supported:

• Quality - by improving IT security for our clients
• Scalability - by standardization and automation of IAM implementation processes, to accelerate time to implementation
• Higher end-user experience - by faster time to implementation

The outcome will be:

• Increased IT security and decreased risk exposure
• Faster onboarding of new tools and services by automation of processes
• Vestas is 100% in control of the IAM function

Infrastructure Services > DataCenter & Cloud, Engineering and Services (DCES) > IAM Chapter
Responsibilities

• Design, develop, test, implement, and integrate PAM systems and solutions
• Assess requirements for PAM solutions to meet stakeholders' needs
• Design technical cybersecurity controls and define standards and best practices
• Define requirements and design specifications for PAM solutions
• Provide escalation support for production PAM infrastructure systems
• Identify and document privileged account management business and technical use cases
• Develop PAM best practices and solutions for common client problems
• Facilitate the continuous adoption, training, communication, and education of PAM capabilities
• Administer and manage CyberArk components such as Vault, CPM, PSM, PSMP, PVWA, AAM, PTA, and related modules
• Oversee and analyze vault logs, ensuring smooth operation and addressing security concerns
• Implement software upgrades, patches, and releases for CyberArk applications
• Handle the creation, modification, and administration of safes and user accounts
• Streamline account onboarding processes across various platforms
• Conduct routine health checks of all CyberArk PAS components
• Serve as an on-call support engineer

Qualifications

• Bachelor's degree in Computer Science or equivalent experience
• At least five years of experience in the Identity Security domain
• Knowledgeable about Identity Providers such as Active Directory and Azure AD, as well as 2FA/MFA, SSO, LDAP and OpenLDAP
• In-depth understanding of Privileged and Access Management practices and solutions like CyberArk Identity and Password Vault
• Comprehensive understanding of Identity Governance and Administration Principles
• Familiar with the Identity and Access management platform OMADA Identity Suite or other identity governance equivalents
• Knowledgeable about cloud platforms and their underlying resources
• Proficiency in programming/scripting languages such as C#, Python, and PowerShell, (JAVA could be an add-on)
• Attentive customer focus, with effective problem-solving and analytical skills
• Technology-agnostic

Competencies

• Understanding how to navigate a large IT organization
• Ability to work with a vast array of information and to cope with changing information
• Effective communication skillset
• Eager to grasp new concepts, they do not hesitate to pose questions to expand their knowledge
• Pursue continuous improvement
• Ability to work creatively and proficiently in a problem-solving environment
• Exhibits initiative
• Fluent in English, oral and written
• Can conduct training sessions for your colleagues on technical matters

What We Offer
We offer you an engaging role with great professional and personal development opportunities in an inspiring, progressive, international work environment at an established manufacturer of wind turbines. We offer attractive company perks like fitness subsidy, health insurance, pension, life insurance, medical allowance, travel allowance, internet allowance, etc. We have a modern, inspiring office overlooking Manila Bay, conveniently located near public transport. We believe in work-life balance and plan annual off-site outings, team building, and sports events. In Vestas, you will experience an innovative environment, enhancing your personal as well as professional growth.

Additional Information
We do amend or withdraw our jobs and reserve the right to do so at any time, including before the advertised closing date. Please be advised to apply on or before the
31st of August 2025.
Additional Benefits

• Fitness Subsidy
• Retirement Benefit Plan

BEWARE – RECRUITMENT FRAUD
It has come to our attention that there are a number of fraudulent emails from people pretending to work for Vestas. Read more via this link,

DEIB Statement
At Vestas, we recognise the value of diversity, equity, and inclusion in driving innovation and success. We strongly encourage individuals from all backgrounds to apply, particularly those who may hesitate due to their identity or feel they do not meet every criterion. As our CEO states, "Expertise and talent come in many forms, and a diverse workforce enhances our ability to think differently and solve the complex challenges of our industry". Your unique perspective is what will help us powering the solution for a sustainable, green energy future.

About Vestas
Vestas is the energy industry's global partner on sustainable energy solutions. We are specialised in designing, manufacturing, installing, and servicing wind turbines, both onshore and offshore.

Across the globe, we have installed more wind power than anyone else. We consider ourselves pioneers within the industry, as we continuously aim to design new solutions and technologies to create a more sustainable future for all of us. With more than 185 GW of wind power installed worldwide and 40+ years of experience in wind energy, we have an unmatched track record demonstrating our expertise within the field.

With 30,000 employees globally, we are a diverse team united by a common goal: to power the solution – today, tomorrow, and far into the future.

Vestas promotes a diverse workforce which embraces all social identities and is free of any discrimination. We commit to create and sustain an environment that acknowledges and harvests different experiences, skills, and perspectives. We also aim to give everyone equal access to opportunity.

To learn more about our company and life at Vestas, we invite you to visit our website at and follow us on our social media channels. We also encourage you to join our Talent Universe to receive notifications on new and relevant postings.

The Identity and Access Management Officer is responsible for overseeing and maintaining secure access to the organization's IT systems, ensuring that access rights are provisioned, monitored, and maintained in accordance with best practices and compliance standards. The role involves managing user identities, access controls, privileged accounts, and encryption key safekeeping, while enforcing least privilege and segregation of duties (SoD) principles.

Access Provisioning & Control

• Evaluate, approve, and provision access requests across systems, networks, databases, and applications.
• Maintain and update user access profiles based on defined roles, ensuring least privilege access.
• Perform regular access reviews, recertifications, and cleanups to validate user entitlements.

Identity Lifecycle Management

• Develop and manage identity and role-based access models (RBAC, MAC, DAC).
• Ensure accurate onboarding, role transfers, and offboarding access across platforms.
• Integrate identity models for local, network, federated, and web identities.

Privileged Access & Key Management

• Administer and secure superuser IDs, privileged accounts, and encryption keys.
• Ensure tracking, safekeeping, and retrieval of credentials is compliant with internal controls.
• Monitor privileged access activity for suspicious behavior or policy violations.

Policy, Compliance & Audit

• Develop, implement, and maintain IAM policies, standards, and procedures.
• Ensure compliance with internal audit, regulatory, and security frameworks (e.g., ISO 27001, NIST).
• Provide IAM documentation and reporting for audits and risk assessments.

Security Collaboration

• Work cross-functionally with IT teams, system owners, and business units to align access controls with security standards.
• Escalate access violations, policy breaches, or risks to Information Security leadership.

Education & Experience

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field.
• Minimum 2–5 years experience in IAM, IT security, or access control operations.

Technical Skills

• Proficient in:

• Access control frameworks: Role-Based (RBAC), Mandatory (MAC), Discretionary (DAC)

• IAM tools/systems: Active Directory, LDAP, IAM platforms (e.g., SailPoint, Okta)
• Privileged access management (PAM) and encryption key handling

• Strong understanding of:

• Least privilege, SoD (segregation of duties), identity federation

• Secure handling of superuser credentials, service accounts, and elevated permissions

Core Competencies

• High attention to detail with strong analytical and problem-solving skills
• Solid understanding of compliance, risk, and governance requirements
• Strong verbal and written communication skills
• Ability to manage sensitive data with discretion and confidentiality

Key Responsibilities:

• Monitor, investigate, and respond to access-related incidents and anomalies.
• Support and maintain IAM tools, including Azure AD, Microsoft Entra ID, and PIM (Privileged Identity Management).
• Perform regular audits of user roles and access permissions across subscriptions and AD groups.
• Execute and support onboarding/offboarding processes to enforce least privilege access principles.
• Provide first-level support related to IAM operations.
• Collaborate with cloud and security teams to review role assignments, service principals, and RBAC policies.
• Maintain compliance documentation related to access control changes and audit responses.
• Contribute to continuous improvement initiatives in IAM governance and automation.
• Document and maintain runbooks and process flows for IAM tasks and escalation procedures.
• Participate in incident reviews and support investigations related to identity threats or misconfigurations.

Qualifications:

Essential

• Solid understanding of identity management principles and IAM lifecycle operations.
• Experience with Microsoft Entra ID/Azure AD, including RBAC and PIM role activations.
• Familiarity with AuditLogs and interpreting access activity via KQL queries.
• Strong troubleshooting and analytical skills with attention to data accuracy.
• Experience with support tools such as ServiceNow, Log Analytics, and Azure Monitor.
• Basic scripting knowledge (PowerShell or KQL) for automation and reporting.
• Understanding of compliance frameworks such as ISO, SOC, or GDPR.
• Strong written and verbal English communication skills.
• Ability to work in a rotational shift environment and collaborate across time zones.

Desirable

• Certification in Azure Security Engineer Associate or related Microsoft certifications.
• Experience in Entra ID role design and JIT (Just-In-Time) access governance.
• Familiarity with enterprise IAM platforms (SailPoint, Okta, etc.)
• Knowledge of ITIL practices, especially in incident and change management.
• Experience in working with multi-tenant environments or hybrid cloud setups.

WTW is an Equal Opportunity Employer