×
Register Here to Apply for Jobs or Post Jobs. X

IAM Program Manager

Job in Louisville, Jefferson County, Kentucky, 40201, USA
Listing for: Openkyber
Full Time position
Listed on 2026-07-08
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant
Salary/Wage Range or Industry Benchmark: 120000 - 160000 USD Yearly USD 120000.00 160000.00 YEAR
Job Description & How to Apply Below

Lead IAM Consultant with Oracle LDAP / Ping One Migration Columbus, OH (Onsite) Long Term SAP ECC Decommission Workstream Identity & Access Management Key Responsibilities

  • Conduct a complete inventory of the existing Oracle LDAP / Oracle Internet Directory (OID) environment user objects, groups, organisational unit structure, schemas, attributes, and all SAP-bound service accounts
  • Document all SAP ECC identity integrations LDAP connector configuration, SNC, SSO bindings, role-to-group mappings, and directory-dependent service accounts that must be migrated or decommissioned
  • Map current identity flows end to end: provisioning sources, attribute synchronisation rules, access policies, and group-to-role mappings feeding SAP authorisations
  • Perform a detailed fit-gap analysis between the Oracle LDAP/OID topology and Ping One covering user attributes, group structures, MFA policies, federation protocols, and SCIM provisioning readiness
  • Design the target‑state identity architecture on Ping One:
    IdP setup, SAML 2.0 / OIDC federation, SCIM provisioning to Salesforce Revenue Cloud, Workday Financials, Snowflake, and Boomi, and adaptive MFA policy configuration
  • Build and own the Oracle LDAP to Ping One migration runbook directory export, identity data cleansing and transformation, Ping One import, parallel‑run validation, cutover sequence, and rollback plan
  • Execute and validate mock migration cycles test directory exports, validate user and group mappings in Ping One, and confirm access to all target platforms before cutover
  • Coordinate with the CAS CISO and security team to ensure the Ping One configuration meets CAS security policy, compliance requirements, and access governance standards
  • Work with the Boomi integration team to ensure identity event flows provisioning, deprovisioning, and attribute sync are correctly handled across the integrated platform landscape
  • Support UAT for identity and access scenarios validate SSO, MFA, and provisioning across Salesforce, Workday, Snowflake, and Boomi in the new Ping One‑led environment
  • Deliver the Oracle LDAP decommission sign‑off checklist confirm all users, groups, and service accounts are migrated, all SAP integrations re‑pointed, and the legacy directory is safe to switch off
  • Produce all Phase 0 and migration deliverables:
    As‑Is Identity Architecture Document, Fit‑Gap Register, Ping One Integration Blueprint, Migration Runbook, and Decommission Readiness Checklist
Qualifications
  • 9+ years of hands‑on experience with Oracle LDAP / Oracle Internet Directory (OID) directory administration, schema management, OU design, and attribute configuration
  • Proven experience migrating from Oracle LDAP/OID to Ping One or a comparable cloud identity provider such as Ping Federate, Okta, or Azure AD including directory export, data transformation, and cutover execution
  • Solid understanding of SAP ECC identity integration LDAP connector, SNC, SAP SSO 2.0, and Kerberos; able to identify and document all directory dependencies within an SAP environment
  • Hands‑on Ping One or Ping Federate configuration experience SSO, SAML 2.0, OAuth 2.0 / OIDC, SCIM provisioning, adaptive MFA, and access policy management
  • Experience configuring SCIM‑based provisioning and SAML/OIDC federation for enterprise SaaS platforms including Salesforce, Workday, and Snowflake
  • Ability to produce clear identity migration artefacts directory inventory reports, attribute mapping matrices, migration runbooks, test scripts, and cutover plans
  • Familiarity with Boomi or equivalent integration platforms as they relate to identity event flows provisioning triggers, deprovisioning, and attribute synchronisation
  • Strong understanding of identity security principles least privilege, MFA enforcement, access governance, and audit logging requirements
  • Good communication skills with the ability to work alongside a CAS CISO, security team, and multiple third‑party delivery partners
  • Ping Identity certification or equivalent cloud identity certification preferred; experience in a regulated or research‑sector environment is an advantage

For applications and inquiries, contact:

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary