Senior Cybersecurity BA - IAM...

Job Description Synechron is looking for an
experienced Security BA to join a global financial organisation for
a long term contract, based x3 days from London or Northern
offices. ROLE: Cloud-Specific IAM Knowledge (Required): AWS IAM -
In-depth understanding of IAM users/groups/roles/policies,
permission boundaries, service-linked roles, and AWS Organisations
(SCPs) - Hands-on experience reviewing existing IAM policies
(JSON), detecting overly broad permissions (e.g., “*” or wildcard
actions), and recommending fine-grained least-privilege models
Azure Active Directory & Azure RBAC - Knowledge of Azure AD
concepts: users, groups, applications/service principals, managed
identities, Conditional Access policies - Familiarity with Azure
RBAC roles (built-in and custom) and PIM (Privileged Identity
Management) best practices for just-in-time elevation GCP IAM -
Understanding of GCP IAM constructs: Principals (Users, Service
Accounts, Groups), Roles (primitive, predefined, custom), Service
Account Keys, and Organization-level policies - Experience
reviewing IAM policy bindings (via GCP IAM or Terraform state) and
recommending Organisation/Folder/Project-level least-privilege
structures Kubernetes RBAC & Cloud-Native Identities - Solid
grasp of Kubernetes RBAC entities—Role, Cluster Role, Role Binding,
ClusterRoleBinding—and how they map to Kubernetes API groups -
Awareness of how cloud-provider-managed Kubernetes (EKS, AKS, GKE)
integrates with cloud IAM (for example, IAM Authenticator in EKS,
GKE Workload Identity, Azure AD/Entra integration). SaaS
Application Identity Management - Familiarity with Single Sign-On
(SSO) protocols (SAML, OAuth 2.0/OIDC) and identity providers
(Azure AD, GCDS, AWS IAM) - Understanding of SCIM provisioning,
user lifecycle workflows (onboarding/offboarding), and entitlement
catalogue management for major SaaS (e.g., Office 365) EXPERIENCE:

• 5+ years as a Business Analyst focused on IT security,
  governance, or IAM - Hands-on experience mapping and documenting
  IAM processes in AWS, Azure, and GCP - Practical knowledge of AWS
  IAM (users/roles/policies), Azure AD & RBAC, and GCP IAM
  (roles/bindings) - Familiarity with Kubernetes RBAC (Role Bindings,
  ClusterRoleBindings) and how those ties into cloud IAM (EKS, AKS,
  GKE) - Proven track record analysing SaaS-based identity
  integrations (e.g., SAML SSO, SCIM provisioning) - Strong
  gap-analysis skills, able to pinpoint missing or weak access
  controls - Comfortable using cloud consoles, CLIs (AWS, Azure, GCP
  and Ali) and reviewing IaC (Terraform/CloudFormation) for
  IAM-related misconfigurations - Excellent stakeholder management;
  able to facilitate cross-functional workshops and drive consensus.
  Long Term Project - ASAP Start - Competitive Rates - London or
  Northern based (x3 days in office) Synechron's Diversity Statement
  Synechron are proud to be an equal opportunity employer. Our
  Diversity, Equity, and Inclusion (DEI) initiative Same Difference'
  is committed to fostering an inclusive culture promoting equality,
  diversity and an environment that is respectful to all. We
  encourage applicants from across diverse backgrounds, race,
  ethnicities, religion, age, marital status, gender, sexual
  orientations, or disabilities to apply. We offer flexible workplace
  arrangements, mentoring, internal mobility, learning and
  development programmes to support our global workforce. Empowerment
  and collaboration are at the core of how we operate. All employment
  decisions at Synechron are based on business needs, job
  requirements and individual qualifications, without regard to the
  applicant's gender, gender identity, sexual orientation, race,
  ethnicity, disabled or veteran status, or any other characteristic
  protected by law.