Sr. IAM Analyst, User Access Review

Shape a brighter financial future with us. Together with our members, we’re changing the way people think about and interact with personal finance. We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world. Role: The Sr. IAM Analyst – User Access Review is responsible for managing and executing the enterprise-wide User Access Review (UAR) process to ensure compliance, least-privilege enforcement, and regulatory readiness. This role focuses on maintaining visibility into who has access to what systems, ensuring that user permissions are appropriate, and that periodic reviews meet audit and regulatory standards (SOX, SOC2, ISO 27001, PCI, etc.). Youwill collaborate closely with application owners, auditors, compliance, and IT to ensure user entitlements are validated, certified, and remediated efficiently and accurately. What You’ll Do: Program Management & Operations Own and execute the User Access Review (UAR) lifecycle across all critical applications, systems, and cloud environments. Coordinate quarterly and annual access reviews for key systems (finance, trading, custody, HR, and developer platforms). Track completion rates, exceptions, and remediation progress; elevate overdue reviews as necessary. Maintain UAR calendar, review templates, and stakeholder communications. Access Data & Analysis Gather, normalize, and analyze entitlement data from IAM systems. Identify excessive or orphaned privileges, toxic combinations (segregation of duties violations), and inactive accounts. Automate entitlement reviews using identity governance tools. Produce audit-ready evidence packages for internal and external auditors. Process Automation & Improvement Partner with IAM engineers to automate access certification workflows and reporting. Integrate UAR processes with onboarding/offboarding and role-based access control (RBAC) policies. Define and document standard operating procedures (SOPs) for recurring review cycles. Continuously improve UAR accuracy, efficiency, and audit defensibility. Stakeholder Collaboration Collaborate with Application Owners, Business Managers, HR, and Compliance to validate access levels and maintain least privilege. Work with Internal Audit and External Auditors to provide supporting evidence and respond to findings. Partner with Security and Compliance to ensure access reviews align with regulatory frameworks (SOX, PCI DSS, FFIEC, etc.). Metrics & Reporting Develop and maintain dashboards for access review completion, exceptions, and risk metrics. Provide monthly and quarterly reports to leadership and compliance teams. Measure success through KPIs such as completion rates, remediation turnaround, and privilege reduction percentages. What You’ll Need: Education & Experience Bachelor’s degree in Information Security, Computer Science, or related discipline (or equivalent experience). 2–5 years of experience in IAM, Security Operations, or Compliance in a financial or fintech environment. Hands‑on experience with IAM platforms (Okta, Azure AD, SailPoint, Saviynt, CyberArk). Familiarity with cloud access management (AWS, GCP, or Azure). Knowledge of regulatory compliance frameworks: SOX, SOC2, ISO 27001, PCI DSS, or FFIEC. Technical & Professional Skills Understanding of RBAC, ABAC, and least‑privilege principles. Experience generating and validating access entitlement reports. Familiar with scripting or automation tools (Python, PowerShell, or SQL) for data analysis or reporting. Excellent written and verbal communication for stakeholder engagement. Preferred Certifications CompTIA Security+ or CySA+ (ISC)² Certified Identity and Access Manager (CIAM) Certified Information Systems Auditor (CISA) – desirable for audit‑heavy environments Compensation and Benefits The base pay range for this role is $124,800.00 - $234,000.00. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location. Payment frequency: Annual. This role is also eligible for a bonus, long‑term incentives and competitive benefits. More information about our employee benefits can be found in the link above. SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law. The Company hires the best qualified candidate for the job, without regard to protected characteristics. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. SoFi is committed to an inclusive culture. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com. Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time. #J-18808-Ljbffr