Principal IAM Engineer

The position is described below. If you want to apply click the Apply button at the top or bottom of this page. Youll be required to create an account or sign in to an existing one.

If you have a disability and need assistance with the application you can request a reasonable accommodation. Send an email to Accessibility (accommodation requests only; other inquiries wont receive a response).

Regular or Temporary:

Language Fluency: English (Required)

Work Shift:

Please review the following job description:

KEY RESPONSIBILITIES

Following is a summary of the essential functions for this job. Other duties may be performed both major and minor which are not mentioned below. Specific activities may change from time to time.

• Define and develop a modern IAM Access Governance framework supported by policies standards and controls to support audit and regulatory compliance (e.g. CFIUS NYDFS SOX HIPAA GDPR) and zero-trust based solutions.
• Support the design and own the implementation of the enterprise IAM architecture aligning it with business needs regulatory requirements and industry best practices;
• Provide technical direction and leadership for cyber integration engagements ensuring seamless integration of IAM solutions with existing systems and processes.
• Work across cross functional teams (e.g. Cyber Technology Operations Engineering and Architecture) to operationalize and scale framework to identify and assess IAM related risks and develop mitigation strategies to reduce vulnerabilities while setting clear service level expectations and measure performance against them.
• Lead roadmap development for IAM technologies including single sign-on multi-factor authentication privileged access management and identity governance and administration (IGA) and integration with key enterprise systems.
• Operationalize a program for managing cloud-based identities and access controls; modernize integration with identity management tools HR system of record and internal systems and applications to streamline and automate provisioning across cloud and on premises environments.
• Define develop and implement a modern IAM framework of Just-in-Time (JIT) and role-based access control (RBAC) models.
• Develop and implement strategies policies and controls to reduce privileged access and streamline the management of privileged entitlements including hardening of PAM policies to ensure robust controls for critical applications supporting a least privilege model.
• Partner with leadership to define and develop IAM metrics KPIs and service-level objectives (SLOs); utilize user data analytics to identify process re-engineering automation opportunities and data-driven risk remediation.
• Define operations and administration optimization and IAM related self-service programs that provide customers with an efficient and effective workflow.
• Partner with Security Operations and Threat Intelligence teams to implement access compromise detections as part of a holistic IAM observability and detections program.
• Develop strong relationships with business colleagues to fully understand and deliver solutions to meet their business needs while using diplomacy and relationships to advance our risk management program.

EDUCATION AND EXPERIENCE

The requirements listed below are representative of the knowledge skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Minimum 10 years experience in a technical service-related field with a minimum of 7 years proven work experience as a IAM technical lead is required.
• 5-7 years of directly related experience including working with enterprise IAM products commercial IAM products for a sizable enterprise (preferably 15000 employees/identities) user provisioning and developing solutions for Identity Management PAM Single Sign-On & Reduced Sign-On and Cloud Access Management.

CERTIFICATIONS LICENSES REGISTRATIONS

• IAM or Security certifications: CISSP CCSP CCSP Saviynt Certified Professional or Microsoft Certification preferred.

FUNCTIONAL SKILLS

• Experience with Information Security frameworks and standards (e.g. as NIST SOC 2 and the Cybersecurity Profile) and interpreting regulatory requirements (CFIUS NYDFS SOX HIPAA GDPR) into actionable controls.
• Extensive experience in knowledge and familiarity with cloud-based IAM/PAM solutions such as Saviynt CyberArk MS Entra-ID Azure PIM.
• Experience in process re-engineering automation and data-driven risk remediation.
• Proficiency in scripting and automation (e.g. PowerShell Python REST APIs)
• Ability to identify and assess IAM risk(s) and implement effective mitigation strategies.
• Successful track record designing developing and executing complex projects in more than one area of functional expertise.
• Demonstrated capacity to establish and maintain working relationships with Senior Management across functional groups and business units. Skilled in influencing or gaining acceptance from others in sensitive situations while maintaining professional relationships.

General Description of Available Benefits for Eligible Employees of CRC Group: At CRC Group were committed to supporting every aspect of teammates well-being physical emotional financial social and professional. Our best-in-class benefits program is designed to care for the whole you offering a wide range of coverage and support. Eligible full-time teammates enjoy access to medical dental vision life disability and AD&D insurance; tax-advantaged savings accounts; and a 401(k) plan with company match. CRC Group also offers generous paid time off programs including company holidays vacation and sick days new parent leave and more. Eligible positions may also qualify for restricted stock unitsand/or a deferred compensation plan.

CRC Group supports a diverse workforce and is an Equal Opportunity Employer that does not discriminate against individuals on the basis of race gender color religion citizenship or national origin age sexual orientation gender identity disability veteran status or other classification protected by law. CRC Group is a Drug Free Workplace.

EEO is the LawPay Transparency Nondiscrimination Provision E-Verify