IGA Analyst

Location(s)

Details

Kemper is one of the nation’s leading specialized insurers. Our success is a direct reflection of the talented and diverse people who make a positive difference in the lives of our customers every day. We believe a high-performing culture, valuable opportunities for personal development and professional challenge, and a healthy work-life balance can be highly motivating and productive. Kemper’s products and services are making a real difference to our customers, who have unique and evolving needs. By joining our team, you are helping to provide an experience to our stakeholders that delivers on our promises. 

The IAM Analyst is a key member of Kemper’s Identity & Access Management team within the Office of the CISO. Reporting to IAM leadership, this role is responsible for maintaining and strengthening enterprise identity governance practices, standards, and controls.

The IAM Analyst executes and sustains User Access Review (UAR) processes, including quality assurance and continuous improvement efforts, ensuring alignment with SOX, ITGC, and other regulatory requirements. The role partners with application owners, infrastructure, IAM engineering, and business stakeholders to assess access risk, support IAM initiatives, and enhance identity lifecycle controls.

This position operates with limited supervision and serves as a subject matter expert in access certifications and identity risk reduction.

Key Responsibilities – Identity Governance Operations

Own and continuously improve operational controls supporting enterprise user access reviews (UAR), role governance, and entitlement management. Perform advanced analysis of identity and access data to identify control gaps, toxic access, orphaned accounts, and policy violations. Proactively investigate and resolve identity governance issues across systems, workflows, and data feeds.  Understand IAM/IGA tooling (e.g., SailPoint, Azure AD, Okta, ForgeRock, CyberArk). Perform advanced data analysis using Excel and reporting tools to identify identity risk trends. Support the development of identity analytics and metrics for leadership reporting. Assist with role mining, access modeling, and governance automation initiatives.
Ensure identity controls operate effectively and align with internal policy and regulatory requirements.

Key Responsibilities – Audit, Risk, and Compliance

Lead preparation and validation of ITGC access control evidence for SOX and regulatory audits.
Produce high-quality audit documentation and support internal and external auditors.
Partner with control owners to remediate access control deficiencies and track closure.
Support compliance programs, including SOX, HIPAA, PCI-DSS, SOC 2, and NYDFS, as applicable.
Identify opportunities to reduce manual controls through automation and governance improvements.

Key Responsibilities – Access Review and Lifecycle Governance

Drive quality and completeness of access certification campaigns.
Validate entitlement descriptions, role mappings, and reviewer accuracy.
Monitor joiner/mover/leaver (JML) control effectiveness and escalate risk conditions.
Maintain authoritative records of access permissions, changes, and certifications.

Key Responsibilities – Stakeholder Engagement

Partner with application owners, business leaders, and technology teams to strengthen identity controls.
Provide guidance on IAM and PAM policy adherence.
Support IAM security and compliance training development and delivery.
Coordinate across security, infrastructure, and application teams to resolve access issues.

Key Responsibilities – Continuous Improvement

Recommend and implement process improvements that increase automation, accuracy, and audit readiness.
Contribute to IAM/IGA roadmap initiatives.
Support maturity advancement toward risk-based identity governance.

Qualifications

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent practical experience.
3–5 years of direct experience in Identity and Access Management with a strong focus on Identity Governance and Administration.
Demonstrated experience in access certifications, user lifecycle management (JML), role and entitlement governance, identity analytics, privileged access management, and ITGC access controls.
Strong understanding of SSO, SAML, OAuth, OIDC, identity federation, and multi-factor authentication.
Hands-on experience with IAM platforms such as SailPoint, Azure AD/Entra ID, Okta, ForgeRock, or CyberArk.
Advanced Excel skills, including pivot tables and data analysis.
Excellent written and verbal communication skills with strong attention to detail.

Preferred Qualifications

Experience supporting SOX, NYDFS, or highly regulated environments.
Experience with role mining or access modeling.
Familiarity with ServiceNow, SailPoint, and Active Directory.
Relevant certifications (CIAM, CISA, or similar).

This position works in the Kemper office.

The range for this position is $79,500 to $132,900. When determining candidate offers, we consider experience, skills, education, certifications, and geographic location among other factors. This job is also eligible for our Kemper benefits package (Medical, Dental, Vision, PTO, 401k, etc.)

Kemper is proud to be an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, disability status or any other status protected by the laws or regulations in the locations where we operate. We are committed to supporting diversity and equality across our organization and we work diligently to maintain a workplace free from discrimination.  Kemper does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Kemper and Kemper will not be obligated to pay a placement fee. 

Kemper will never request personal information, such as your social security number or banking information, via text or email.  Additionally, Kemper does not use external messaging applications like WireApp or Skype to communicate with candidates.  If you receive such a message, delete it.  

#LI-AK