Public Partnerships
It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
Access & Data Protection Analyst
Location:
NY or 48 US States Job Type:
Full-time Department:
Information Security Reports To:
Director of Security Architecture and Engineering
Public Partnerships LLC supports individuals with disabilities or chronic illnesses and aging adults, to remain in their homes and communities and "self" direct their own long-term home care. Our role as the nation's largest and most experienced Financial Management Service provider is to assist those eligible Medicaid recipients to choose and pay for their own support workers and services within their state-approved personalized budget. We are appointed by states and managed healthcare organizations to better serve more of their residents and members requiring long-term care and ensure the efficient use of taxpayer funded services.
Our culture attracts and rewards people who are results-oriented and strive to exceed customer expectations. We desire motivated candidates who are excited to join our fast-paced, entrepreneurial environment, and who want to make a difference in helping transform the lives of the consumers we serve. (learn more at
www.pplfirst.com ).
Job Summary
Salary Range: $105,000-$115,000
We are looking for a skilled Identity, Access & Data Protection Analyst to support and enhance our enterprise security posture. This role focuses on ensuring secure and appropriate access to systems, enforcing identity governance policies, and protecting sensitive data across the organization. The ideal candidate will possess a blend of technical expertise, risk awareness, and process knowledge to maintain compliance and safeguard digital assets.
This individual will also support audit readiness, data classification workflows, and risk mitigation aligned with HIPAA, SOC 2, and NIST 800-53 (particularly the AC and SC families), as well as support secure development practices in partnership with DevSecOps teams.
Key Responsibilities
Identity & Access Management (IAM):
Administer user lifecycle processes (provisioning, de-provisioning, access reviews). Maintain and enforce role-based access controls (RBAC) and least privilege principles. Support integration of identity providers (e.g., Azure AD, Okta, Ping) with SSO and MFA solutions. Monitor and respond to IAM-related alerts and anomalies. Conduct regular access reviews and certification campaigns. Ensure access decisions are auditable and documented to meet HIPAA §164.312(d), SOC 2 CC6, and NIST AC control requirements. Work with application and system owners to define, review, and maintain segregation of duties and least privilege mappings. Assist in onboarding IAM automation into DevOps pipelines and secure SDLC processes aligned with NIST SSDF. Leverage digital identity signals (device, geolocation, IP, behavioral biometrics, email/phone reputation) to assess user legitimacy. Integrate platforms like ThreatMetrix to correlate behavioral and device data against global digital identity networks. Evaluate anomalies such as bot behavior, velocity, and prior fraud associations. Use explainable risk scores to tailor adaptive authentication and access decisions. Data Protection:
Implement and monitor data loss prevention (DLP) policies across endpoints, cloud, and email systems. Classify and label data according to internal and regulatory requirements (e.g., PII, PHI, PCI). Collaborate with stakeholders to assess data privacy risks and improve data handling procedures. Support encryption strategies for data at rest and in transit. Assist in defining access control zones for sensitive data repositories and monitoring abnormal access behaviors. Contribute to privacy impact assessments and data retention policy enforcement. Document data protection measures aligned with HIPAA §164.312(a), SOC 2 CC5, and NIST SC family controls. Monitor and analyze access activity using SIEMs and behavioral intelligence tools (e.g., ThreatMetrix, Sentinel). Conduct risk-based identity analytics using AI-powered tools to detect device spoofing, session hijacking, and social engineering. Maintain and regularly update a "names list" (data access roster) as part of security documentation requirements, including all individuals and organizations (internal employees, contractors, vendors, and sub-processors) who access or process PHI/PII. This includes collecting names, roles, contact information, organizational affiliations, and the justification for access, in compliance with HIPAA, Medicaid, and NIST 800-53 audit and SSP requirements. Security Operations & Compliance:
Monitor and analyze identity and data access logs for suspicious activity. Assist in investigations of security incidents involving user access or data handling. Support internal and external audits (e.g., SOX, HIPAA, GDPR) by providing evidence and documentation. Maintain documentation of access and data protection controls. Support compliance reporting, access certification tracking, and evidence collection for SOC 2, HIPAA, and NIST-based audits. Coordinate with GRC and incident response teams to ensure IAM and data protection controls are tested during tabletop exercises and real events. Assist in aligning access and data protection programs with zero trust principles and continuous authentication practices. Required Qualifications
Bachelor's degree in Cybersecurity, Information Systems, or a related field (or equivalent experience). 5+ years of experience in IAM, data protection, or information security. Experience with identity platforms (Azure AD, Okta, SailPoint, CyberArk, etc.). Familiarity with DLP technologies (Microsoft Purview, Symantec DLP, Forcepoint, etc.). Knowledge of access control models (RBAC, ABAC), SAML, OAuth, and MFA. Familiarity with behavioral risk scoring and digital identity orchestration technologies. Experience with digital identity platforms like LexisNexis® ThreatMetrix®, Kount, or similar. Understanding of regulatory and compliance frameworks (GDPR, HIPAA, NIST, ISO 27001). Experience supporting compliance documentation and access evidence preparation for audits. Preferred Qualifications
Security certifications such as: CompTIA Security+, GIAC GSEC, CIPP, CIPT, or Certified Identity and Access Manager (CIAM). Hands-on experience with SIEM tools (e.g., Splunk, Microsoft Sentinel) for access and data monitoring. Familiarity with endpoint protection and encryption tools. Knowledge of cloud security best practices (AWS, Azure, or GCP). Understanding of IAM's role in secure SDLC governance and third-party access reviews. Soft Skills
Strong analytical and problem-solving skills. Effective written and verbal communication. Ability to work cross-functionally and manage multiple tasks. High attention to detail and commitment to data privacy and security.
The above is intended to describe the general contents and requirements of work being performed by people assigned to this classification. It is not intended to be construed as an exhaustive statement of all duties, responsibilities, or skills of personnel so classified.
This position may have access to private, confidential or sensitive information related to PPL, its customers or clients, or patient information. Employees in this position are required to complete new hire and annual training for privacy and security, complete attestations for the PPL Code of Conduct, The Employee Handbook, and satisfactorily pass a background screen before access to any PPL information will be granted.
PPL is an Equal Opportunity Employer dedicated to celebrating diversity and intentionally creating a culture of inclusion. We believe that we work best when our employees feel empowered and accepted, and that starts by honoring each of our unique life experiences. At PPL, all aspects of employment regarding recruitment, hiring, training, promotion, compensation, benefits, transfers, layoffs, return from layoff, company-sponsored training, education, and social and recreational programs are based on merit, business needs, job requirements, and individual qualifications. We do not discriminate on the basis of race, color, religion or belief, national, social, or ethnic origin, sex, gender identity and/or expression, age, physical, mental, or sensory disability, sexual orientation, marital, civil union, or domestic partnership status, past or present military service, citizenship status, family medical history or genetic information, family or parental status, or any other status protected under federal, state, or local law. PPL will not tolerate discrimination or harassment based on any of these characteristics.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
We're committed to bringing passion and customer focus to the business.
Access & Data Protection Analyst
Location:
NY or 48 US States Job Type:
Full-time Department:
Information Security Reports To:
Director of Security Architecture and Engineering
Public Partnerships LLC supports individuals with disabilities or chronic illnesses and aging adults, to remain in their homes and communities and "self" direct their own long-term home care. Our role as the nation's largest and most experienced Financial Management Service provider is to assist those eligible Medicaid recipients to choose and pay for their own support workers and services within their state-approved personalized budget. We are appointed by states and managed healthcare organizations to better serve more of their residents and members requiring long-term care and ensure the efficient use of taxpayer funded services.
Our culture attracts and rewards people who are results-oriented and strive to exceed customer expectations. We desire motivated candidates who are excited to join our fast-paced, entrepreneurial environment, and who want to make a difference in helping transform the lives of the consumers we serve. (learn more at
www.pplfirst.com ).
Job Summary
Salary Range: $105,000-$115,000
We are looking for a skilled Identity, Access & Data Protection Analyst to support and enhance our enterprise security posture. This role focuses on ensuring secure and appropriate access to systems, enforcing identity governance policies, and protecting sensitive data across the organization. The ideal candidate will possess a blend of technical expertise, risk awareness, and process knowledge to maintain compliance and safeguard digital assets.
This individual will also support audit readiness, data classification workflows, and risk mitigation aligned with HIPAA, SOC 2, and NIST 800-53 (particularly the AC and SC families), as well as support secure development practices in partnership with DevSecOps teams.
Key Responsibilities
Identity & Access Management (IAM):
Administer user lifecycle processes (provisioning, de-provisioning, access reviews). Maintain and enforce role-based access controls (RBAC) and least privilege principles. Support integration of identity providers (e.g., Azure AD, Okta, Ping) with SSO and MFA solutions. Monitor and respond to IAM-related alerts and anomalies. Conduct regular access reviews and certification campaigns. Ensure access decisions are auditable and documented to meet HIPAA §164.312(d), SOC 2 CC6, and NIST AC control requirements. Work with application and system owners to define, review, and maintain segregation of duties and least privilege mappings. Assist in onboarding IAM automation into DevOps pipelines and secure SDLC processes aligned with NIST SSDF. Leverage digital identity signals (device, geolocation, IP, behavioral biometrics, email/phone reputation) to assess user legitimacy. Integrate platforms like ThreatMetrix to correlate behavioral and device data against global digital identity networks. Evaluate anomalies such as bot behavior, velocity, and prior fraud associations. Use explainable risk scores to tailor adaptive authentication and access decisions. Data Protection:
Implement and monitor data loss prevention (DLP) policies across endpoints, cloud, and email systems. Classify and label data according to internal and regulatory requirements (e.g., PII, PHI, PCI). Collaborate with stakeholders to assess data privacy risks and improve data handling procedures. Support encryption strategies for data at rest and in transit. Assist in defining access control zones for sensitive data repositories and monitoring abnormal access behaviors. Contribute to privacy impact assessments and data retention policy enforcement. Document data protection measures aligned with HIPAA §164.312(a), SOC 2 CC5, and NIST SC family controls. Monitor and analyze access activity using SIEMs and behavioral intelligence tools (e.g., ThreatMetrix, Sentinel). Conduct risk-based identity analytics using AI-powered tools to detect device spoofing, session hijacking, and social engineering. Maintain and regularly update a "names list" (data access roster) as part of security documentation requirements, including all individuals and organizations (internal employees, contractors, vendors, and sub-processors) who access or process PHI/PII. This includes collecting names, roles, contact information, organizational affiliations, and the justification for access, in compliance with HIPAA, Medicaid, and NIST 800-53 audit and SSP requirements. Security Operations & Compliance:
Monitor and analyze identity and data access logs for suspicious activity. Assist in investigations of security incidents involving user access or data handling. Support internal and external audits (e.g., SOX, HIPAA, GDPR) by providing evidence and documentation. Maintain documentation of access and data protection controls. Support compliance reporting, access certification tracking, and evidence collection for SOC 2, HIPAA, and NIST-based audits. Coordinate with GRC and incident response teams to ensure IAM and data protection controls are tested during tabletop exercises and real events. Assist in aligning access and data protection programs with zero trust principles and continuous authentication practices. Required Qualifications
Bachelor's degree in Cybersecurity, Information Systems, or a related field (or equivalent experience). 5+ years of experience in IAM, data protection, or information security. Experience with identity platforms (Azure AD, Okta, SailPoint, CyberArk, etc.). Familiarity with DLP technologies (Microsoft Purview, Symantec DLP, Forcepoint, etc.). Knowledge of access control models (RBAC, ABAC), SAML, OAuth, and MFA. Familiarity with behavioral risk scoring and digital identity orchestration technologies. Experience with digital identity platforms like LexisNexis® ThreatMetrix®, Kount, or similar. Understanding of regulatory and compliance frameworks (GDPR, HIPAA, NIST, ISO 27001). Experience supporting compliance documentation and access evidence preparation for audits. Preferred Qualifications
Security certifications such as: CompTIA Security+, GIAC GSEC, CIPP, CIPT, or Certified Identity and Access Manager (CIAM). Hands-on experience with SIEM tools (e.g., Splunk, Microsoft Sentinel) for access and data monitoring. Familiarity with endpoint protection and encryption tools. Knowledge of cloud security best practices (AWS, Azure, or GCP). Understanding of IAM's role in secure SDLC governance and third-party access reviews. Soft Skills
Strong analytical and problem-solving skills. Effective written and verbal communication. Ability to work cross-functionally and manage multiple tasks. High attention to detail and commitment to data privacy and security.
The above is intended to describe the general contents and requirements of work being performed by people assigned to this classification. It is not intended to be construed as an exhaustive statement of all duties, responsibilities, or skills of personnel so classified.
This position may have access to private, confidential or sensitive information related to PPL, its customers or clients, or patient information. Employees in this position are required to complete new hire and annual training for privacy and security, complete attestations for the PPL Code of Conduct, The Employee Handbook, and satisfactorily pass a background screen before access to any PPL information will be granted.
PPL is an Equal Opportunity Employer dedicated to celebrating diversity and intentionally creating a culture of inclusion. We believe that we work best when our employees feel empowered and accepted, and that starts by honoring each of our unique life experiences. At PPL, all aspects of employment regarding recruitment, hiring, training, promotion, compensation, benefits, transfers, layoffs, return from layoff, company-sponsored training, education, and social and recreational programs are based on merit, business needs, job requirements, and individual qualifications. We do not discriminate on the basis of race, color, religion or belief, national, social, or ethnic origin, sex, gender identity and/or expression, age, physical, mental, or sensory disability, sexual orientation, marital, civil union, or domestic partnership status, past or present military service, citizenship status, family medical history or genetic information, family or parental status, or any other status protected under federal, state, or local law. PPL will not tolerate discrimination or harassment based on any of these characteristics.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!