The iSeries UAP lead is responsible for the end-to-end identity lifecycle and access control within our IBM Power Systems environment. UAP Lead with 8+ years of experience leading enterprise-level User Access Administration and Security Governance for AS400 / IBM i environments. Strong expertise in identity lifecycle management, access control governance, and enforcement of least-privilege security models. Proven ability to lead audits, access certifications, and remediation activities to meet SOX, PCI, and HIPAA compliance requirements while providing L2/L3 production support. Work
Key Roles and Responsibilities
Lead end-to-end User Access Management (UAP) for IBM i platforms, governing creation, modification, suspension, and deletion of user profiles as per security policies.
• Design and maintain role-based access models using Group Profiles to standardize user access across applications and business units.
• Own governance and periodic review of special authorities, ensuring privileged access is restricted, approved, and audit-compliant.
• Act as the primary authority for object-level security, approving access to libraries, files, programs, and IFS directories.
• Review and govern programs using Adopted Authority to eliminate unauthorized privilege escalation risks.
• Monitor and analyze system audit logs (QAUDJRN) to identify security violations and unauthorized access.
• Lead quarterly and bi-annual user access reviews and certifications in coordination with business owners and compliance teams.
• Drive remediation of dormant user profiles, orphaned objects, and terminated-user access, reducing audit findings.
• Provide L2/L3 escalation support for complex authorization and access issues by analyzing authority stacks and library lists (*LIBL).
• Support IBM i Access Client Solutions (ACS) and third-party security tools including PowerTech, HelpSystems, and Raz-Lee.
• Coordinate with HA/DR teams to ensure access consistency across replicated environments (MIMIX / iTera).
• Develop CL scripts to automate recurring UAP tasks, reporting, and audit evidence collection.
• Maintain UAP documentation, SOPs, audit evidence, and security procedures.
• Mentor junior administrators and act as the UAP escalation point for service desk teams
Global Support Coverage
Provide UAP leadership and L2/L3 support for IBM i environments aligned with US PST/EST time zones.
Qualifications and Skills
Experience: Proven experience (e.g., 8+ years) as an AS400/IBM iSeries System in an enterprise environment.
Technical Proficiency:
Experience: 5+ years in IBM i (AS/400) Systems Administration with a focus on Security.
Command Proficiency: Expert knowledge of CL commands related to security (WRKUSRPRF, EDTOBJAUT, DSPAUDJRNE).
IBM i / AS400 Commands: CRTUSRPRF, CHGUSRPRF, DSPUSRPRF, EDTOBJAUT, DSPAUTUSR, DSPAUDJRNE
• IBM i Security Levels: 20, 30, 40, 50
• Automation: CL Programming
• Audit & Reporting: QAUDJRN, IBM i Services (SQL)
• Exit Point Security Tools: PowerTech, HelpSystems, Raz-Lee
• High Availability: MIMIX, iTera
Architecture Knowledge: Deep understanding of IBM i security levels (20, 30, 40, 50) and how they impact system integrity.
Complete knowledge of ITIL.
Experience with Exit Point security and monitoring.
Familiarity with High Availability (HA) environments (e.g., Mimix, iTera) and how they replicate user profiles.
Data Skills: Ability to use SQL Services (IBM i Services) to query system metadata and security configurations.
Soft Skills:
a. Strong analytical, troubleshooting, and problem-solving skills.
b. Excellent written and verbal communication skills.
c. Ability to work independently, manage multiple priorities, and provide on-call support as needed.
Education:
a. Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent experience.
b. Relevant IBM certifications (e.g., IBM Certified System Administrator – Power Systems) are often a plus.