Business Analyst - Policy-Based Access Control (PBAC) / Identity & Access Management (IAM)

RemoteSalary not specified
Canada

Job Description, Responsibilities & Requirements

About the Position

We are seeking an experienced Business Analyst to help translate business needs into scalable security solutions, ensuring alignment between stakeholders and engineering teams. The ideal candidate will have strong analytical and documentation skills and deep knowledge of IAM concepts, architecture patterns, and policy-driven access models.

Responsibilities

  • Be self-driven with minimal daily oversight; gather, analyze, and document business and functional requirements
  • Collaborate with business stakeholders, security architects, and engineering teams to define PBAC use cases and access control models
  • Translate business requirements into policy definitions, decision flows, and acceptance criteria for implementation teams
  • Facilitate workshops to identify access scenarios across workforce and customer-facing applications, including edge cases and regulatory needs
  • Define and document attributes required for PBAC decisioning, including identity, role, device, transaction, risk, and contextual data elements
  • Work with engineering teams to ensure proper integration points for Policy Decision Point (PDP) and Policy Enforcement Points (PEP) are well understood and implemented
  • Support development and validation of policy rules (both graphical and code-based representations where applicable)
  • Document end-to-end workflows, including policy lifecycle, exception handling, and audit requirements
  • Partner with compliance and risk teams to ensure policies meet regulatory and audit expectations, including traceability and reporting
  • Support user acceptance testing (UAT) by defining test scenarios, validating outcomes, and ensuring alignment with business intent
  • Maintain clear and structured documentation including BRDs, FRDs, process flows, and decision matrices

Requirements

  • 5–8+ years of experience as a Business Analyst in the IAM/Security domain
  • Strong experience with PBAC, ABAC, or IAM implementations, including requirement gathering for policy-based access control models
  • Proficiency in documentation and analysis tools (e.g., Confluence, JIRA, Visio, Lucidchart)
  • Strong understanding of IAM concepts including SSO, Federation (SAML/OIDC), MFA, Directory Services, and access governance
  • Ability to work effectively with cross-functional teams including security, engineering, product, and compliance
  • Excellent communication and stakeholder management skills

We Offer

  • Remote work in Canada

About the Company

EPAM Systems is a leading global software product engineering and development company, providing end-to-end technology solutions and services to the world's most successful companies.

Job Details

Company name:
EPAM
Location:
Canada
Work Mode:
Remote
Posted on TheJob:
Jul 4, 2026
Last checked:
Jul 4, 2026
Posted on the source:
Jun 19, 2026
Apply Now
© 2026 TheJob, Inc. All rights reserved.