Skip To Main Content
epam-logo-black.svgepam-logo-black.svg
backBack to Search

Lead Business Analyst - IAM & PBAC

Remote in Mexico
Business Analysis, Security.IAM
Looking for something else?

Find a vacancy that works for you. Send us your CV to receive a personalized offer.

Find me a job

We are seeking a Lead Business Analyst specializing in Identity & Access Management (IAM) and Policy-Based Access Control (PBAC) to translate business needs into scalable security solutions and ensure alignment between stakeholders and engineering teams. This role requires strong analytical and documentation skills, along with deep knowledge of IAM concepts, architecture patterns, and policy-driven access models.

Responsibilities
  • Operate with minimal daily oversight while gathering, analyzing, and documenting business and functional requirements
  • Collaborate closely with business stakeholders, security architects, and engineering teams to define PBAC use cases and access control models
  • Translate business requirements into policy definitions, decision flows, and acceptance criteria for implementation teams
  • Facilitate workshops to identify access scenarios across workforce and customer-facing applications, including edge cases and regulatory needs
  • Define and document attributes required for PBAC decisioning, including identity, role, device, transaction, risk, and contextual data elements
  • Partner with engineering teams to ensure proper integration points for Policy Decision Point (PDP) and Policy Enforcement Points (PEP) are well understood and implemented
  • Support development and validation of policy rules, including both graphical and code-based representations where applicable
  • Document end-to-end workflows, including policy lifecycle, exception handling, and audit requirements
  • Engage with compliance and risk teams to ensure policies meet regulatory and audit expectations, including traceability and reporting
  • Support user acceptance testing (UAT) by defining test scenarios, validating outcomes, and ensuring alignment with business intent
  • Maintain clear and structured documentation, including BRDs, FRDs, process flows, and decision matrices
Requirements
  • 5+ years of experience as a Business Analyst in the IAM/Security domain
  • At least 1 year of relevant leadership experience
  • Strong background in PBAC, ABAC, and IAM implementations, including requirements gathering for access control policies
  • Proficiency in documentation and analysis tools such as Confluence, Jira, Visio, Lucidchart, or others
  • Strong understanding of IAM concepts, including SSO, Federation (SAML/OIDC), and MFA, along with Directory Services and access governance
  • Ability to work with cross-functional teams across security, engineering, product, and compliance
  • Excellent communication and stakeholder management skills
  • English proficiency at a B2+ level