Role: Cyber Security Business Analyst (IAM/PAM) Client: Investment Bank Location: London, 4 days in office Contract duration: 6 months rolling Rate: £650 (inside IR35) Responsibilities: Elicit, analyse, and document business and technical requirements for IAM and PAM programmes. Facilitate workshops with business, security, technology, and risk stakeholders. Support the implementation and enhancement of: Identity Governance & Administration (IGA) Privileged Access Management (PAM) Role-Based Access Control (RBAC) Single Sign-On (SSO) Multi-Factor Authentication (MFA) Access Certification and Recertification Joiner, Mover, Leaver (JML) processes Segregation of Duties (SoD) controls Analyse current-state and target-state access management processes. Produce high-quality documentation including: Business Requirements Documents (BRDs) Functional Specifications User Stories and Acceptance Criteria Process Maps Gap Analysis Data Flow Diagrams Work with technical teams to ensure IAM/PAM solutions meet business and security requirements. Support User Acceptance Testing (UAT), defect management, and implementation activities. Assist with audit, risk, and compliance reviews related to identity and privileged access controls. Contribute to governance frameworks, policies, and operational procedures. Required Experience 5 years' experience as a Business Analyst within Cyber Security, IAM, or PAM programmes. Strong understanding of Identity & Access Management principles and controls. Hands-on experience supporting IAM and PAM implementations. Experience gathering and documenting requirements for security-focused projects. Strong stakeholder management skills, including engagement with senior business and technical leaders. Knowledge of access governance, entitlement management, privileged account controls, and identity lifecycle management. Experience working within Agile and/or Waterfall delivery environments. Desirable Technology Experience Experience with one or more of: CyberArk BeyondTrust Delinea SailPoint Saviynt Microsoft Entra ID Okta Ping Identity Desired Knowledge Identity Governance & Administration (IGA) Privileged Session Management (PSM) Privileged Account Governance Access Request & Approval Workflows Directory Services (Active Directory / Entra ID) Zero Trust principles ISO 27001, NIST, SOX, FCA, PRA, GDPR Cyber Security Risk and Controls