IAM Governance Analyst
Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
ROLE OVERVIEW
The IAM Governance Analyst is a critical execution role within the Identity and Access Management team. This position sits at the intersection of audit, compliance, and IAM operations — and that combination is intentional. We are looking for someone whose instincts are audit-minded: someone who understands what "done correctly" means from a controls and evidence perspective, and who brings that discipline to every task they touch.
The core of this role is supporting the User Access Review (UAR) campaigns using our IGA platform, supporting audit and compliance activities, and identifying gaps in access controls before they become findings. You do not need to be a deep IAM engineer — but you do need to be hands-on with IGA tools, precise in your work, and sharp enough to catch what others miss.
If you have a background in GRC, internal audit, or compliance and have worked closely with IAM processes — or if you come from an IAM background with strong audit and controls exposure — this role is built for you.
WHAT YOU'LL DO
User Access Reviews & Campaign Execution
- Plan, configure, launch, and manage User Access Review campaigns end-to-end using Saviynt or equivalent IGA platforms (SailPoint, Okta, etc.).
- Monitor campaign progress closely — tracking reviewer completion, chasing outstanding certifications, managing exceptions, and ensuring every campaign closes cleanly and on time.
- Maintain meticulous records of campaign activity, decisions, and outcomes that are audit-ready at any point during or after the review cycle.
- Validate access certification results for accuracy and completeness before closure — never assuming the output is correct without checking.
- Execute remediation actions resulting from access reviews, ensuring revocations and changes are completed, documented, and confirmed.
Audit & Compliance Support
- Support audit and compliance requirements related to identity and access management, including evidence collection, control testing, and documentation of access control validations.
- Prepare clear, accurate, and complete responses to audit inquiries — understanding that incomplete or ambiguous evidence is not acceptable.
- Perform auditing of access controls to verify that provisioning, deprovisioning, and access changes have been executed correctly and in line with policy.
Access Control & Gap Analysis
- Evaluate current IAM methods and controls against established policies and standards, identifying gaps that could lead to unauthorized or excessive access.
- Review business processes to identify access control weaknesses and gather requirements for controls that are not yet in place.
- Document findings in a structured, evidence-based manner that is clear to both technical teams and audit stakeholders.
- Work with the IAM Governance Manager and cross-functional teams to drive remediation of identified gaps to closure.
WHAT WE'RE LOOKING FOR
Background & Experience
- 3+ years of experience in one or more of the following: GRC, internal audit, IT compliance, or identity and access management — ideally with meaningful exposure to the others.
- Hands-on experience executing User Access Review campaigns using an IGA platform such as Saviynt, SailPoint, or a comparable tool. Candidates familiar with one platform will be expected to learn Saviynt quickly.
- Demonstrated experience supporting or executing audit and compliance activities — including evidence gathering, control testing, and working directly with auditors or audit teams.
- Working knowledge of compliance frameworks such as NIST, ISO, SOX, SOC2, or Privacy, and an understanding of how these frameworks translate into access control requirements.
- Experience with data analysis and the ability to interpret access data, identify anomalies, and communicate findings clearly to both technical and non-technical audiences.
- Expert proficiency in Microsoft Excel — pivot tables, data validation, and working with large datasets are a regular part of this role. Strong working knowledge of PowerPoint and Microsoft 365.
What Will Set You Apart
- You think like an auditor even when no one is watching. You document your work, validate your outputs, and flag issues before they become problems — not after.
- You are exceptionally detail-oriented. You notice discrepancies others overlook, and you treat accuracy as non-negotiable, not a nice-to-have.
- You are comfortable working with ambiguity and incomplete information without letting it stall your work — you know when to proceed, when to ask, and when to escalate.
- You pick up new tools and processes quickly. If you've worked in SailPoint or another IGA platform, you'll be productive in Saviynt without a long ramp-up.
- You communicate proactively — you provide clear status updates, flag risks early, and never let something slip without surfacing it.
- You are organized, manage your time well, and can handle multiple concurrent priorities without dropping detail on any of them.
Location
Poland
The #TeamGBT Experience
Work and life: Find your happy medium at Amex GBT.
Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.
Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.
Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.
We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.
And much more!
All applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.
Click Here for Additional Disclosures in Accordance with the LA County Fair Chance Ordinance.
Furthermore, we are committed to providing reasonable accommodation to qualified individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the hiring process. For details regarding how we protect your data, please consult the Amex GBT Recruitment Privacy Statement.
What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!