Cloud IAM Business Analyst

Job Title: IAM Business Analyst
Location: Sheffield -3 x days a week
Salary/Rate: £409 per day Inside IR35
Start Date: June 2025
Job Type: 5 Month Contract

Company Introduction
My client is urgently seeking an IAM Business Analyst for an inital 5 month contract based in Sheffield.

Job Responsibilities/Objectives

1. Should excel at eliciting and documenting requirements, mapping "as-is" and "to-be" access-management processes, conducting gap analysis, and producing clear reports and presentations for stakeholders.
2. Strong communication skills to align Security, DevOps, and business teams, plus a data-driven mindset for analysing IAM logs and evaluating risk.
3. On the cloud side, they must understand IAM constructs in AWS (users, roles, policies, permission boundaries), Azure (Azure AD, RBAC, PIM), GCP (principals, roles, policy bindings), and Alibaba Cloud (RAM users, groups, roles, and policy management), as well as how Kubernetes RBAC (roles, bindings) integrates with cloud-native identities.
4. Additionally, they should be familiar with SaaS identity management-SSO protocols (SAML, OAuth/OIDC), SCIM provisioning, and entitlement workflows-to identify gaps, over-privileged accounts, and recommend least-privilege controls across multi-cloud (including Ali Cloud) and SaaS environments.

Required Skills/Experience

1. AWS IAM: In-depth understanding of IAM users/groups/roles/policies, permission boundaries, service-linked roles, and AWS Organisations (SCPs). Hands-on experience reviewing existing IAM policies (JSON), detecting overly broad permissions (e.g., "*" or wildcard actions), and recommending fine-grained least-privilege models
2. Azure Active Directory & Azure RBAC: Knowledge of Azure AD concepts: users, groups, applications/service principals, managed identities, Conditional Access policies. Familiarity with Azure RBAC roles (built-in and custom) and PIM (Privileged Identity Management) best practices for just-in-time elevation.
3. GCP IAM: Understanding of GCP IAM constructs: Principals (Users, Service Accounts, Groups), Roles (primitive, predefined, custom), Service Account Keys, and Organisation-level policies. Experience reviewing IAM policy bindings (via GCP IAM or Terraform state) and recommending Organisation/Folder/Project-level least-privilege structures.
4. Kubernetes RBAC & Cloud-Native Identities: Solid grasp of Kubernetes RBAC entities-Role, Cluster Role, Role Binding,ClusterRoleBinding-and how they map to Kubernetes API groups. Awareness of how cloud-provider-managed Kubernetes (EKS, AKS, GKE) integrates with cloud IAM (for example, IAM Authenticator in EKS, GKE Workload Identity, Azure AD/Entra integration).
5. Hands-on experience mapping and documenting IAM processes in AWS, Azure, and GCP.
6. Practical knowledge of AWS IAM (users/roles/policies), Azure AD & RBAC, and GCP IAM (roles/bindings).
7. Familiarity with Kubernetes RBAC (Role Bindings, ClusterRoleBindings) and how those ties into cloud IAM (EKS, AKS, GKE).
8. Proven track record analysing SaaS-based identity integrations (e.g., SAML SSO, SCIM provisioning).
9. Strong gap-analysis skills, able to pinpoint missing or weak access controls.
10. Comfortable using cloud consoles, CLIs (AWS, Azure, GCP and Ali) and reviewing IaC (Terraform/CloudFormation) for IAM-related misconfigurations.
11. Excellent stakeholder management; able to facilitate cross-functional workshops and drive consensus.

If you are interested in this opportunity, please apply now with your updated CV in Microsoft Word/PDF format.

Disclaimer
Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies.

Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally. Please see our website for our full diversity statement.