How identify  when an user was deleted and by whom?   
 

Using the Audit Log we could see who was in security, but unfortunately it wouldn't tell who actually deleted the user.

The other possibility is to run SMF against the security dataset name to see what userid updated it.

Other than that, there is no way to determine who deleted the user from the security profile. It is a safe bet though that it was someone defined to the Sysview ADMIN security group, as the ADMIN group generally has all authority as opposed to the other groups defined to Sysview security.