Identity Access Management SME

** Description*
* The Identity Access Management SME serves as the senior technical authority for enterprise IAM capabilities supporting the SEC ISS contract. This role leads the design and governance of Microsoft Entra- and Microsoft ICAM-based identity services to ensure secure authentication, authorization, and least-privilege access across cloud and on-premises environments. The position drives implementation of conditional access, MFA, PIM/PAM, RBAC, and identity governance workflows aligned to SEC zero-trust objectives and OMB M-22-09 direction.

The SME partners with infrastructure, security, and operations teams to sustain audit readiness, support FISMA evidence requirements, and resolve complex identity and access challenges at enterprise scale.

** Primary Responsibilities*
* IAM Strategy, Architecture, and Engineering

- Serve as the enterprise subject matter expert for IAM architecture and provide technical leadership for identity and access services across the SEC ISS environment.

- Design and implement secure authentication and authorization models using Microsoft Entra, Microsoft ICAM, and role-based access controls.

- Lead integration of Entra identity services with Microsoft 365 and enterprise applications to support consistent identity lifecycle and policy enforcement.

- Define IAM standards, patterns, and operating procedures that align with zero-trust principles and federal security requirements.

Identity Governance and Access Control

- Manage joiner/mover/leaver identity lifecycle processes, directory services, and account governance to maintain accurate and timely access provisioning.

- Implement and maintain conditional access policies, multifactor authentication, privileged identity/access management, and identity protection controls.

- Establish and operate access reviews, entitlement management, and governance workflows to enforce least privilege and reduce insider-risk exposure.

- Oversee RBAC design, assignment, and periodic recertification, including automated RBAC processes for consistent policy application.

Compliance, Risk, and Audit Support

- Ensure IAM services support continuing Authorization to Operate objectives through complete, current SOP and control documentation.

- Align IAM controls with NIST, ISO 27001, CISA SCuBA, FISMA, and SEC/OIT security policy requirements.

- Produce technical artifacts and evidence for audit and assessment activities, including FISMA and related internal/external reviews.

- Support remediation planning and corrective actions for IAM-related findings, risks, and control deficiencies.

Operations, Automation, and Stakeholder Engagement

- Lead resolution of complex identity and access incidents, root causes, and recurring control gaps across hybrid enterprise environments.

- Drive automation of identity provisioning, deprovisioning, policy enforcement, and reporting using approved scripting and platform-native capabilities.

- Collaborate with security, cloud, endpoint, and service management teams to implement and sustain identity-dependent controls.

- Provide strategic guidance to government stakeholders on IAM roadmap priorities, modernization sequencing, and operational risk tradeoffs.

** Required Qualifications*
* - Citizenship/Work Authorization:
Must meet contract requirements.

- Clearance:
Ability to obtain and maintain SEC Public Trust (or higher if required).

- Education:

Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related field.

*
* Experience:

*
* - Minimum 8 years of experience in identity and access management and/or cybersecurity roles supporting enterprise environments.

- Mandatory hands-on experience implementing and operating Microsoft Entra (Azure AD) and Microsoft ICAM capabilities.

- Advanced experience with MFA, conditional access, privileged access management, Entra Identity Governance, and integration with Microsoft 365 and enterprise applications.

- Strong understanding of compliance frameworks (NIST, ISO 27001, CISA SCuBA) and zero-trust principles.

** Technical

Skills:

*
* - Microsoft Entra (Azure AD) and Microsoft ICAM

- Multifactor authentication (MFA), conditional access, RBAC, and privileged access/identity management (PIM/PAM)

- Entra Identity Governance and identity lifecycle management

- Microsoft 365 and enterprise application identity integration patterns

- Compliance and control frameworks: NIST, ISO 27001, CISA SCuBA

- Zero-trust architecture implementation and policy enforcement

** Preferred Qualifications*
* - Experience leading IAM modernization initiatives in large federal or highly regulated enterprise environments.

- Prior delivery experience supporting SEC, financial regulatory, or similar mission-critical public sector organizations.

- Experience implementing phishing-resistant authentication (e.g., FIDO-aligned methods) and legacy authentication deprecation.

- Hands-on experience automating IAM operations with scripting/automation tooling and integrating identity controls into Dev Sec Ops …