Director, Identity and Access Management
Listed on 2026-07-09
-
IT/Tech
Cybersecurity, Information Security
Position Overview
We are seeking a strategic and transformational Director of Identity & Access Management (IAM) to lead the evolution of our global identity security program in a modern, AI-enabled enterprise environment. This leader will oversee the design, governance, and operation of identity services across workforce, customer, partner, machine, and AI-agent ecosystems. The Director of Identity Governance and Privileged Access will lead the modernization of enterprise identity and access management s role owns strategy, roadmap, governance, control design, and execution oversight across identity lifecycle management, access governance, privileged access, access reviews, non-human identity governance, and identity-related risk reduction.
The leader will drive the transition from SailPoint on-premise to SailPoint Identity Security Cloud, mature Cyber Ark Privileged Access Management, and provide enterprise governance for federation and identity assertion practices (e.g., Ping Identity/Ping Federate). Operating as a senior, hands‑on strategist and program leader, the Director partners closely with HR, IT, Security Operations, Cloud/Dev Ops, application owners, and GRC to deliver measurable risk reduction and sustainable IAM capabilities aligned to business priorities.
- Identity Governance and SailPoint Transformation
- Own enterprise identity governance strategy and lead migration from SailPoint on-premise to SailPoint Identity Security Cloud.
- Develop and execute the SailPoint cloud roadmap, including migration sequencing, integrations, operating model, stakeholder engagement, and post‑migration optimization.
- Strengthen joiner/mover/leaver processes to ensure timely and complete provisioning, deprovisioning, access changes, and termination processing.
- Expand SailPoint coverage across core systems, SaaS, cloud platforms, non‑integrated and high‑risk applications.
- Establish identity lifecycle assurance controls for provisioning accuracy, workflow failure handling, and manual access oversight.
- Design risk‑based access certification programs with campaign governance, remediation tracking, evidence retention, and escalation.
- Improve entitlement governance by rationalizing roles, birthright access, privileged entitlements, toxic combinations, and excessive access.
- Define and implement Segregation of Duties policies, control mappings, exceptions, and periodic validation.
- Privileged Access Management and Cyber Ark Maturity
- Own enterprise PAM strategy and Cyber Ark maturity roadmap.
- Expand Cyber Ark coverage across infrastructure, directories, cloud, databases, applications, service and admin accounts, and emergency access paths.
- Lead privileged account discovery, onboarding prioritization, credential rotation, safe design, platform integrations, session recording, and privileged access reviews.
- Reduce standing privilege through time‑bound and just‑in‑time models with strong approval and monitoring.
- Operationalize privileged access policies for ownership, approvals, break‑glass governance, session monitoring, password rotation, and exception expiration.
- Partner with Security Operations to enhance detection and monitoring for privileged misuse and anomalous admin behavior.
- Define and track PAM KPIs/KRIs, including coverage, rotation compliance, standing privilege reduction, session recording, and onboarding progress.
- Authentication, Federation, and Identity Assertion Governance
- Provide enterprise governance over federation and identity assertion (Ping Identity/Ping Federate, SAML, OIDC, OAuth), including certificate and token management.
- Set standards, control requirements, and checkpoints for federated access in partnership with platform owners.
- Establish requirements for secure configurations, token lifetime, claim governance, assertion validation, and application onboarding.
- Influence architecture and engineering teams to align federation patterns with security requirements.
- Support risk‑based authentication standards (MFA, contextual controls, privileged user and remote access).
- Non‑Human Identity and Service Account Governance
- Develop governance for service accounts, machine identities, API…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).