Identity and Access Management Engineering Lead

Role Description:

As the Identity Engineering Lead, you will be responsible for evolving a complicated global hybrid environment to a cloud first environment by advancing the design and implementing modern comprehensive Identity and Access Management (IAM) and Privileged Access Management (PAM) strategies adhering to company standards and requirements. 

This role requires a dynamic and experienced leader to drive excellence in IAM practices, support the team’s growth, and ensure the organization’s identity and access management strategies are robust, secure, and compliant.

Key Responsibilities: 

• Engineering and Operations Management:
  • Manage all aspects of engineering and operations for Identity and Access Management (IAM), including JML, Access Governance, Entra ID, Active Directory, External Identity, and SSO.
• Identity Lifecycle Management (JML):
  • Maintain the existing Joiner-Mover-Leaver (JML) processes using Microsoft Identity Manager (MIM).  Participate in modernizing the JML processes using products like Azure Lifecycle Management. 
• Access Governance:
  • Lead the deployment and maintenance of Privileged Access Management (PAM) solutions using CyberArk and Azure Privileged Identity Management (PIM).
  • Implement access governance processes using SailPoint to ensure compliance with organizational policies.
• Directory Services Management:
  • Manage Entra-ID (Azure Active Directory) and on-premises Active Directory environments to ensure secure and reliable directory services.
  • Ensure synchronization and integration of directory services to maintain identity consistency.  Maintain existing Entra-Connect environment and participate in modernization using products such as Azure Cloud Sync.
• Single Sign-On (SSO) Implementation:
  • Configure and manage Single Sign-On (SSO) solutions using Entra Enterprise Applications, SAML, and OAuth/OIDC protocols for secure and seamless authentication experiences.
• Zero Trust Journey:
  • Drive the organization’s Zero Trust journey by implementing and advocating for Zero Trust principles in IAM practices, ensuring robust verification processes for all users and devices.
• Customer Identity and Access Management (CIAM):
  • Implement and manage CIAM solutions, including B2C and Entra External Identities, to secure customer identities and enhance user experiences.
• Automation and Scripting:
  • Develop and maintain automation scripts using C# and PowerShell to streamline IAM processes and reduce manual efforts.
  • Implement automation for routine IAM tasks and integrations with other systems.
• Networking and Operating System Management:
  • Ensure secure network configurations and manage Windows operating systems in the context of IAM.
  • Collaborate with network and system administrators to align IAM policies with overall IT infrastructure security.
• Azure Infrastructure Management:
  • Manage IAM-related services and configurations within the Azure environment, ensuring alignment with Azure security and compliance requirements.
• Standards and Documentation:
  • Set team standards of excellence for IAM processes and documentation, ensuring clarity, consistency, and completeness.
  • Maintain comprehensive documentation of IAM processes, configurations, and changes.
• Mentorship and Upskilling:
  • Mentor and upskill team members, fostering a culture of continuous learning and improvement.
  • Provide guidance and support to help staff with career development and growth within the IAM domain.
• Incident Resolution:
  • Act as the go-to expert for troubleshooting the most challenging IAM issues, ensuring quick and effective resolution.
  • Lead incident response efforts and root cause analysis to prevent future occurrences.
• Project Management:
  • Lead and participate in IAM project work, ensuring timely and successful delivery of IAM initiatives.
  • Collaborate with cross-functional teams to achieve project objectives and enhance IAM capabilities.
• Career Development Support:
  • Support staff with career development by identifying opportunities for growth, providing feedback, and facilitating training and development programs.

The Requirements

• Education:
  • Bachelor’s degree in Computer Science, Information Security, or a related field or equivalent experience. 
• Experience:
  • Minimum of 9 years’ experience in identity management and security, with at least 2 years in a leadership role.
• Technical Skills:
  • Strong understanding of IAM and PAM concepts, methodologies, and technologies.
  • Proficiency with Entra-ID (Azure Active Directory) and on-premises Active Directory.
  • Experience with JML processes, particularly using Microsoft Identity Manager (MIM) and Azure Lifecycle Management.
  • Proficiency in Access Governance technologies, including Privileged Access Management (PAM) tools like CyberArk and Azure Privileged Identity Management (PIM), or SailPoint.
  • Experience implementing Single Sign-On (SSO) solutions using Entra Enterprise Applications, SAML, and OAuth/OIDC.
  • Knowledge of scripting and automation tools, specifically C# and PowerShell, for efficient identity management.
  • Strong problem-solving skills and the ability to work under pressure.
  • Strong communication and interpersonal skills, with the ability to lead cross-functional teams.
  • Proven ability to work in a cross-functional environment with various technical verticals.  Partner with other teams such as Architecture, Lines of Business, Information Security, and vendors.
• Nice-to-Haves:
  • Additional Technical Skills:
    • Experience with CIAM solutions, such as B2C and Entra External Identities.
    • General knowledge of networking, Windows operating systems, and Azure infrastructure management.
    • Experience with other access governance tools like SailPoint.
  • Leadership and Interpersonal Skills:
    • Experience mentoring and upskilling team members.
    • Demonstrated ability to set team standards of excellence for processes and documentation.
    • Proven ability to support staff with career development.
    • Experience managing and participating in project work.

Preferred Qualifications:

• Relevant certifications such as CISSP, CISM, or IAM-specific credentials.
• Experience with regulatory compliance frameworks like GDPR, HIPAA, SOC or SOX.
• Advanced degree in related discipline.

WTW is an Equal Opportunity Employer