Access Management, Governance Risk & Compliance
GRC Analyst / Multi-Tenant Access Control
Overview: The Multi‑Tenant Access Control & Role Governance Analyst will play a critical role within the Governance, Risk, and Compliance (GRC) organization, supporting Organization’s transformation from a single‑tenant to a secure, compliant, multi‑tenant platform.
This role will focus on strengthening SOX compliance, defining and governing Role‑Based Access Control (RBAC), and establishing scalable access governance processes that enable secure growth while maintaining business agility.
Key Responsibilities
Lead the evolution of access control from a single‑tenant to a multi‑tenant architecture, ensuring security and compliance are built in by design.
Drive remediation of SOX compliance gaps related to access control and role governance.
Serve as a primary contributor to the Role Discovery and Governance Program, including analysis, documentation, and rationalization of 200+ existing roles. Collaborate with GRC, Security, Engineering, and Product teams to design and maintain a centralized Role Catalog as a single source of truth.
Document business purpose, ownership, access usage, and entitlement consumption for each role to eliminate ambiguity and enable future RBAC migration.
Design and help implement a formal governance framework covering the full role lifecycle (creation, modification, review, deprecation).
Analyze the current role landscape to identify opportunities for role simplification, consolidation, and retirement of redundant or inactive roles.
Partner with business process owners and engin
eering teams to embed compliant access controls into system and process design. Support internal and external audits, including SOX audits, control testing, evidence collection, and remediation of findings.
Act as a trusted advisor on IAM, role governance, and access risk in a fast‑scaling SaaS environment.
Required Skills & Experience
3–5 years of experience in Information Security, GRC, or IAM roles. Strong hands‑on experience with Identity and Access Management (IAM) and Role‑Based Access Control (RBAC).
Direct, demonstrated experience supporting SOX compliance, audit readiness, and control remediation.
Experience analyzing and documenting access models, roles, and entitlements across complex platforms. Ability to communicate complex security and risk concepts clearly to both technical and non‑technical stakeholders.
Proven track record of cross‑functional collaboration with Engineering, Product, Security, and business teams.
Strong analytical and investigative skills with the ability to identify root causes and drive remediation plans. Ability to balance security, compliance, and business needs with a pragmatic, solution‑oriented mindset.
