The Manager, Identity and Access Management (IAM Lead), in conjunction with the Head of Global Infrastructure, is responsible for the planning, building, delivery and support of the IAM program. The IAM Lead will manage the development of the IAM application and architecture, as well as provide in-depth technical consultation to the business units and IT management and assist in developing plans for the integration of information security requirements.

• Fosters an understanding of the IAM system and facilitates decision making with the business users
• Designs and implements products and services to provide a strong IAM program that balances access with compliance and confidentiality
• Identifies and evaluates complex business and technology risks, internal controls that mitigate risks and opportunities for internal control improvement
• Identifies the broader impact of  decisions related to user access, data access and information security
• Aligns IAM processes across the organization, and develops and documents standards for organizational use
• Co-leads an IAM selection process, evaluates existing and emerging technologies and tools for the business units
• Demonstrates advanced understanding of business processes, internal control risk management, IT controls and related standards
• Provides an expert understanding of web security standards, architecture, web security best practices and application security best practices
• Administers authentication technologies, such as Microsoft Active Directory/Windows authentication, OpenLDAP, Shibboleth, SimpleSAMLphp, Kerberos, OpenID Connect, OAuth and federated identity management

• 5+ years of experience in technology implementation, including: 3+ years in developing, implementing and architecting information systems and 3+ years technical architecture experience integrating identity management, access management and access governance software into clients’ infrastructure and applications
• Identity management familiarity in one or more of the following areas;
  • single sign-on (SSO), data management, identity federation, enterprise directory architecture and design, including directory schema, directory services, namespace and replication topology experience, resource provisioning, ITIL and process integration
  • Identity and access governance including role-based access control, access request and certification, user life cycle management processes and organizational change management
  • Has experience managing Linux servers, including Apache and configuration management with Salt, Ansible, Chef or Puppet.
• Familiarity with Ruby, Python, PHP, PowerShell, SQL and/or shell scripting
• Ability to build, lead and manage a team independently
• Knowledge of agile development techniques and secure software development life cycle
• Ability to translate security-related matters into business terms that are clear and understandable  and incorporate business needs into technical roadmaps
• Thinks outside the box when designing systems and solutions, strong problem-solving and trouble-shooting skills
• Ability to interface with stakeholders at all levels and roles in the company
• Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity

• Certification in one or more public cloud platforms, such as AWS, Azure Cloud or Google Cloud
• Certification in Information Assurance Management, Certified Information Systems Security Professional, and/or Certified Information Security Manager

Salary Information

The estimated base salary range for this position is $150k to $190k at the time of posting. The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.