IAM (Identity and Access Management) Operations Analyst

Marex has unique access across markets with significant share globally both on and off exchange. The depth of knowledge amongst its teams and divisions provides its customers with clear advantage, and its technology-led service provides access to all major exchanges, order-flow management via screen, voice and DMA, plus award-winning data, insights and analytics.

The Technology Department delivers differentiation, scalability, and security for the business. Reporting to the COO, Technology provides digital tools, software services and infrastructure globally to all business groups. Software development and support teams work in agile ‘streams’ aligned to specific business areas. Our other teams work enterprise-wide to provide critical services including our global service desk, network and system infrastructure, IT operations, security, enterprise architecture and design.

THE IAM role will sit within the technology group and primarily will be responsible for users access management across our full stack of technology supported applications.

Role Summary:

The IAM Operations analyst role is responsible for managing and supporting the systems, processes, and tools used to handle the identity lifecycle, authentication, authorization, and access control within an organization's IT infrastructure.

The IAM Operations analyst collaborates with multiple teams within IT, including security, infrastructure, and support teams, to manage identity-related processes, troubleshoot access issues, and ensure compliance with internal and external regulatory requirements.

Overall Responsibilities

Role Specific:

• IAM Strategy & Implementation: Design and implement a robust IAM framework aligned with security best practices and business needs.
• User Access Management: Oversee user provisioning, deprovisioning, and role-based access control across multiple systems and regions.
• Security & Compliance: Ensure adherence to regulatory requirements (e.g., GDPR, SOX) and internal security policies.
• Reporting and Documentation: Maintain thorough documentation of user access policies, and audit logs for internal and external reporting purposes.
• Role based Access control assessment (RBAC): Ensure role definitions are clear and users are only assigned the necessary rights to perform their role in the organization in order to minimize risk of excessive or inappropriate permissions.
• Stakeholder Engagement: Work closely with IT, security, and business leaders to align IAM initiatives with organizational goals.
• Incident Management: Lead investigations into access-related security incidents and recommend remediation measures.
• Training and awareness: Ensure staff understand user access policies, procedures and security awareness.
• Ensure high priority requests are handled efficiently and in compliance with the IAM guidelines and SLA’s.
• Manage the IAM Team, carry out annual appraisals ensuring that all team members are meeting their performance targets and delivering high-quality support to clients.
• Close monitoring of the relevant Jira queues, managing and updating of Jira tickets within agreed SLA’s.

Other Responsibilities:

• Ensure compliance with the company’s regulatory requirements under the FCA.
• Adhere to the operational risk framework for your role ensuring that all regulatory or company determined parameters are complied with.
• Role model for demonstrating highest level standards of integrity and conduct and reflecting Company Values.
• At all times comply with the FCA’s Code of Conduct.
• To ensure that you are fully aware of and adhere to internal policies that relate to you, your role or any other activities for which you have any level of responsibility
• To report any breaches of policy to Compliance and/ or your supervisor as required
• To escalate risk events immediately
• To provide input to risk management processes, as required.

Competencies, Skills and Experience

Essential

• Technical Expertise: Understanding of IAM tools (e.g., Okta, SailPoint, CyberArk, Azure AD) and technologies such as SSO (Single Sign-On), MFA (Multi Factor Authentication), and role-based access control (RBAC).
• Security Knowledge: In-depth knowledge of security concepts like least privilege, identity governance, and privileged access management (PAM).
• Compliance Awareness: Familiarity with regulations such as GDPR, SOX, HIPAA, and industry standards like ISO 27001.
• Problem-Solving Skills: Ability to identify and address IAM-related security issues and access violations, along with implementing effective solutions.
• Communication Skills: Ability to work with cross-functional teams (IT, security, legal) and communicate complex IAM concepts to both technical and non-technical stakeholders.
• Analytical Skills: Ability to assess and review user access data, audit trails, and IAM configurations to ensure compliance and security.

Desirable

• Experience working in a regulated environment and knowledge of the risk and compliance requirements associated with this.

Competencies

• Strategic Vision: Ability to design and implement IAM strategies that align with business goals and security needs, both in the short and long term.
  
• Problem-Solving: Proficient at identifying complex IAM challenges and developing creative solutions to address them efficiently.
  
• Stakeholder Engagement: Strong communication skills to interact with senior leadership and other business units, ensuring IAM strategies are aligned with organizational goals and security needs.
  
• Reporting and Documentation: Ability to clearly present IAM performance, risks, and audit results to senior leadership and regulatory bodies.
• Conflict Resolution: Capable of resolving conflicts related to access management policies or resource allocation with diplomacy and professionalism.
• Auditing and Compliance: Skilled in conducting audits and ensuring IAM systems and practices comply with legal and regulatory requirements.
• Incident Response: Ability to quickly and effectively respond to access-related security incidents, including breaches, unauthorized access, or policy violations.
• Crisis Management: Strong decision-making ability in high-pressure situations, ensuring access management processes remain secure and operational during a crisis.

Company Values

Acting as a role model for the values of the Company:

Respect - Clients are at the heart of our business, with superior execution and superb client service the foundation of the firm. We respect our clients and always treat them fairly.

Integrity - Doing business the right way is the only way. We hold ourselves to a high ethical standard in everything we do – our clients expect this and we demand it of ourselves.

Collaborative - We work in teams - open and direct communication and the willingness to work hard and collaboratively are the basis for effective teamwork. Working well with others is necessary for us to succeed at what we do.

Developing our People - Our people are the basis of our competitive advantage. We look to “grow our own” and make Marex the place ambitious, hardworking, talented people choose to build their careers.

Adaptable and Nimble - Our size and flexibility are an advantage. We are big enough to support our client’s various needs, and adaptable and nimble enough to respond quickly to changing conditions or requirements. A non-bureaucratic, but well controlled environment fosters initiative as well as employee satisfaction.

Conduct Rules

You must:
• Act with integrity
• Act with due skill, care and diligence
• Be open and cooperative with the FCA, the PRA and other regulators
• Pay due regard to the interests of customers and treat them fairly
• Observe proper standard of market conduct
• Act to deliver good outcomes for retail customers