Share this Job

Systems Analyst, Identity and Access Management

Apply now »

Date: Jul 9, 2019

Location: Calgary, AB, CA

Company: TransAlta

Powering Possibilities …for Today & Tomorrow!

A leader in sustainable energy, TransAlta has over 100 years of experience generating power and is one of Canada’s top 50 Socially Responsible Companies since 2009, recognized as a global leader for sustainability and corporate responsibility standards. TransAlta operates 75 facilities in three countries; Australia, Canada, and United States.

TransAlta is committed to fostering a dynamic, productive and safe work environment. Our employees contribute to a diverse, open, and transparent culture with clear accountability, strong leadership and challenging opportunities for personal career growth.

The Senior System Analyst, Identity and Access Management (IAM), is a dedicated professional who assists with developing and managing system security across the business, focusing on identity and access management. This individual ensures the right individuals can access the right resources at the right time for the right reasons while providing a high level user experience and low touch.

The position utilizes existing Identity and Access Management (IAM) systems and solutions to perform IAM administration functions and provides support on IAM related issues to end-users. The position works closely with IT Security and other business stakeholders to ensure TransAlta information systems and data have appropriate access controls and protection.

The role will also be involved with account provisioning, setting up workflows, policies and procedures on Access and Identity Management (both on-premise and cloud – Microsoft Azure), and work to continue to further automate the identity management processes in the environment.


  • Understands industry best practices for access administration activities (i.e. provisioning, de-provisioning, access reviews, automation, etc.), authorization and authentication protocols and access governance. Understands Active Directory group structures, security, policies, etc.
  • Good understanding of access control methodologies, including Role Based Access Control.
  • Efficient in Group Policy Orchestration (GPO) administration, scripting, and PowerShell commands
  • Provide system solutions that incorporate identity and access management standards, policy adherence and an understanding business and security requirements.
  • Identify and mitigate potential compliance risks for all IAM workflows.
  • Responsible for establishing and managing corporate Mobile Device Management (MDM) solution (i.e. Microsoft Intune).
  • Familiar with DNS and DHCP services
  • Develop new and enhance existing IAM workflows in line with business and security requirements.
  • Manage identity and access requirements for cloud applications including Office 365, Microsoft Azure services.
  • Familiar with NTFS and share permissions, MS Exchange account management, MS SCCM administration, and other 3rd-party SaaS applications.
  • Coordinates periodic account access reviews and assists with remediation activities for any findings.
  • Well versed with the following Access Management principles: - Segregation of Duties analysis, access reviews and compliance, and privileged user management.
  • Facilitate communication between System Owners/Operators, Compliance Security, and end users and managers regarding identity record and user access matters.
  • Manages system controls including creation and review of system reporting, reconciling access to source systems, review of critical data elements, processing of terminations, transfers, and inactive users, etc.
  • Coordinates audit activities as it relates to identity and access management controls.
  • Assist in managing IT security related events, incidents, changes, and problems according to established procedures.
  • Participate as an active member of the Cyber Security Incident Response Team.
  • Demonstrated willingness to learn and cross-train co-workers.


  • Bachelor’s Degree preferred in Information Science and Technology, Management Information Systems, Computer Science or related discipline or equivalent work experience.
  • Minimum of 4-6 years IT experience, with 2+ years in Identity and Access Management
  • Certifications in one or more of the following: SANS GIAC courses, CISSP, CISM, CISA, or other related vendor-specific certifications
  • Demonstrated history of strong communication and collaboration abilities with various stakeholders
  • Ability to identify process improvements - enhancing optimization and streamlining efficiencies where required.
  • Demonstrated experience in successful delivery of system analysis including defining functional requirements, functional specifications for technical components, as well as preparing activity, sequence and data flow diagrams
  • Demonstrated experience with securing cloud application and service identities
  • Familiarity in one or more of the following areas required:
    • Single Sign On
    • Identity Federation
    • Enterprise Directory Architecture and Design
    • Resource Provisioning
    • Privileged Access Management
    • Multi-Factor Authentication (MFA)
    • LDAP
    • SAML
    • Mobile Device Management (MDM) (MS Intune)
    • Microsoft Azure/ADFS services
    • AWS
    • ITIL Change Management processes
    • ServiceNow
  • Good understanding of Sox, ISO 27002, CIS, NIST standards, and information security policies and procedures.
  • Experience with Microsoft Active Directory services including Group policy enterprise management, Privileged Access techniques, remote access technologies desired and ADFS to on-premise and cloud solutions.
  • Demonstrated experience with scripting techniques required
  • Knowledge of and use of SIEM tools (e.g. Splunk) a plus

Our comprehensive and flexible benefits, competitive compensation, incentive and rewards programs form the foundation of TransAlta’s excellent employment proposition.

Come on board!

Our commitment is to attract and retain the best talent. This position requires the successful completion of one or more background checks such as criminal, medical, or compliance.