Connecting People. Uniting the World. There’s never been a more exciting time to join United Airlines! As a global company that operates in hundreds of locations around the world — with millions of customers and tens of thousands of employees — we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly.

We’re on a path to becoming the best airline in aviation history. Join our Cybersecurity and Digital Risk (CDR) team to help lead the industry in cyber safety, security and resilience. Uniteds CDR team plays a critical role in protecting our operations by enabling secure and resilient systems, managing threats and vulnerabilities, and ensuring swift response and recovery. Our mission is to seamlessly embed cybersecurity and digital risk management into every aspect of our business. We help drive progress and growth through trusted digital solutions, safeguarding assets and empowering our team, all while promoting a cyber-safe and secure environment that supports resilient airline operations.

United offers a competitive benefits package aimed at keeping you happy, healthy, and well-traveled. From employee-run "Business Resource Group" communities to world-class benefits like parental leave, 401(k), and privileges like space-available travel, United is truly a one-of-a-kind place to work. Are you ready to travel the world and help us keep our airline cyber safe? Apply today!

Job overview and responsibilities

The Senior Analyst - Identity & Access Management (IAM) plays a critical role in analyzing and improving Workforce Identity & Access Management systems and partner integrations to enhance United’s overall security posture. This position focuses on proactive business analysis, collaboration across teams, and supporting security objectives and key results to continuously optimize the organizations security landscape, reduce security risks, and improve workforce experiences related to authorization and authentication.

The Senior IAM Analyst will perform analysis of workforce authentication and authorization requirements, support enforcement of access management controls, and leads documentation and requirements capture for functional and technical access management solutions. This position will identify security risks, communicate authentication and authorization best practices across the organization, and proactively recommend and implement strategies for automation and increased efficiency within access management process and technology.

This role also actively participates in compliance efforts by ensuring workforce IAM systems adhere to relevant regulations and internal policies and supporting regular audits and assessments to proactively identify and address potential compliance gaps. The ideal analyst will continuously stay abreast of evolving IAM best practices, industry standards, and emerging threats, including adapting and implementing technologies and processes to maintain a robust and secure IAM environment.

• Collaborates across the organization to:
  lead successful delivery of workforce access management solutions (requirements capture and sign off for functional, technical, and user experience features, collaboration with engineering through an Agile SDLC process, test acceptance, documentation and communication)
• Champion IAM best practices and the adoption of Cybersecurity & Digital Risk authentication and authorization standards
• Partners with workforce stakeholders (developers, architects, users, compliance) on enhancing and optimizing workforce access integrations and experiences, ensuring that security and compliance requirements are met
• Supports workforce IAM observability and continuous improvement efforts, including:
• Partnering with leadership to define and track OKRs (Objectives and Key Results), and KPIs (Key Progress Indictors)
• Identifying and executing on continuous improvement efforts to reduce security risk and improve workforce identity experiences, and analyzing internal and external trend data for to identify strengths and opportunities for improvement
• Prepare and present reports on workforce IAM key initiatives, OKRs, KPIs, compliance status, audit findings, and risk assessments to management and other stakeholders
• Works across the organization (technology, compliance, security, architecture) to ensure IAM workforce process and technology capabilities are aligned with the overall organizational security strategy to reduce risk, including partnering to drive
• standards updates and automation of compliance requirements
• Partners with team architects and engineers to identify and drive forward architectural enhancements aligned with organizational goals
• Support, update and maintain IAM policies, procedures, and standards to ensure compliance with regulatory requirements and industry best practices
• Support internal and external IT audits by facilitating and collecting evidence, logs, and artifacts requested by internal and external Audit partners

• Bachelors degree
• 4+ years of related experience
• A strong understanding of relevant cybersecurity regulations, laws, and risk assessment frameworks and programs such as ISO, NIST 800-53, CMMC, SOX
• Expertise analyzing and documenting functional & nonfunctional requirements for various IAM domains such as Access Management, Identity Life cycle Management, or Privileged Access Management with a focus on creating clarity around the “Why”,
• “What”, and “When” of requirement deliverables
• Independently collaborates with business stakeholders to facilitate requirements gathering using a variety of techniques like interviews, surveys, review of historical data, workshop sessions and structured walkthrough of the processes
• Excellent analytical skills with experience reviewing complex data to solve problems, identify potential compliance issues, assess risks and communicate to both technical and non-technical stakeholders
• Demonstrated problem solver with proven experience of navigating complex identity projects, addressing roadblocks, and delivering on key success metrics
• Prior experience in creating IAM governance documents and collateral such as policies, procedures, standards, and guidelines
• Strong understanding of modern authentication and authorization protocols and concepts, such as OIDC, SAML, SSO, MFA, OpenID
• Knowledge of identity proofing and identity verification technologies, adaptive risk-based authorization, and Zero Trust concepts
• Experienced in managing multiple dependencies between IAM projects with a proven track record of successful IAM deployments
• Ability to adapt quickly to changes in scope and direction of the project and collaborate and communicate effectively with both technical and non-technical stakeholders
• In depth understanding of at least one of these area specific tools: Okta, Ping, MS Entra/Azure, DUO, or Auth0
• Strong written and verbal communication skills with the ability to effectively communicate concepts to technical and non-technical audiences as well as across levels of leadership, appropriately adapting style and language for the audience
• Able to mentor junior talent across the team, engage in building and enhancing team culture, and influence without authority
• Demonstrated attention to detail with qualitative and quantitative
  information
• Strong pragmatic problem-solving skills with the ability to adapt quickly and independently to changes in scope and strategic direction
• Must be legally authorized to work in the United States for any employer without sponsorship
• Successful completion of interview required to meet job qualification
• Reliable, punctual attendance is an essential function of the position

• Masters degree IN STEM - Cybersecurity, Risk Management, Computer Science
• CISA, CISM, CISSP, CRISC
• 6+ years of related experience
• Knowledge of organizational standards and policies (ISO, NIST 800-53 and 800-171)
• Knowledge of compliance regulations (SOX, PCI, FAA, GDRP, PII)
• Prior experience with large-scale Identity transformation projects or leading requirements gathering for MFA and Passwordless implementations at large global organizations.
• Prior experience supporting Identity and Access management functions within the airline or transportation industry
• Prior experience with AI/ML or requirements capture and successful delivery of enterprise level automation capabilities

Post expiration date: 8/4/2025