CHEP helps move more goods to more people in more places than any other organization on earth via our 347 million pallets crates and containers. We employ approximately 13000 people and operate in 60 countries. Through our pioneering and sustainable share-and-reuse business model the worlds biggest brands trust us to help them transport their goods more efficiently safely and with less environmental impact.

What does that mean for you Youll join an international organization big enough to take you anywhere and small enough to get you there sooner. Youll help change how goods get to market and contribute to global sustainability. Youll be empowered to bring your authentic self to work and be surrounded by diverse and driven professionals. And you can maximize your work-life balance and flexibility through ourHybrid Work Model.

Job Description

Key Responsibilities May Include:

• Lead the build configuration and deployment of secure email messaging authentication (MFA SSO) and identity lifecycle management solutions.
• Develop and implement new IAM capabilities and enhancements as outlined in the IAM strategic roadmap.
• Recommend and integrate additional IAM solutions or controls to improve frontline security defences.
• Participate in the deployment and initial configuration of new IAM technologies ensuring alignment with standards and best practices.
• Establish and enforce IAM policies and procedures to maintain compliance with relevant regulations.
• Coordinate with cross-functional teams to ensure seamless integration and operation of IAM solutions.
• Provide training and support to users on IAM policies procedures and technologies.
• Act as the escalation point for complex IAM issues maintaining operational excellence and continuous improvement in IAM processes.

Position Purpose

Engineer and enhance Identity Access Management (IAM) solutions to strengthen organizational security and support a zero-trust architecture.
Drive the development and integration of authentication lifecycle governance and customer IAM capabilities in line with strategic security objectives.
Collaborate across teams to ensure robust compliant and user-friendly IAM processes and technologies.

** YOUR MISSION ** WHAT WILL YOU DO **

• Lead the build configuration and deployment of secure email messaging authentication (MFA SSO) and identity lifecycle management solutions.

• Develop and implement new IAM capabilities and enhancements as outlined in the IAM strategic roadmap.

• Recommend and integrate additional IAM solutions or controls to improve frontline security defences.

• Participate in the deployment and initial configuration of new IAM technologies ensuring alignment with standards and best practices.

• Establish and enforce IAM policies and procedures to maintain compliance with relevant regulations.

• Coordinate with cross-functional teams to ensure seamless integration and operation of IAM solutions.

• Provide training and support to users on IAM policies procedures and technologies.

• Act as the escalation point for complex IAM issues maintaining operational excellence and continuous improvement in IAM processes.

** WHAT WE ARE LOOKING FOR ** :

• Bachelors degree in Computer Science Information Technology Cybersecurity Information Security or a closely related field (or equivalent combination of education and experience). Many roles accept relevant professional experience in lieu of a degree but a 4-year degree remains the most common baseline.

• Professional experience in IAM or related cybersecurity fields typically 37 years depending on the role level (e.g. 35 years for mid-level IAM Engineer; 510 for senior/principal roles). Hands-on experience with identity lifecycle management access provisioning/de-provisioning or access reviews is highly valued.

• Strong knowledge of core IAM concepts and protocols including authentication authorization RBAC (Role-Based Access Control) PBAC SSO (Single Sign-On) MFA (Multi-Factor Authentication) federation and standards like SAML OAuth 2.0 OIDC LDAP and JWT.

• Hands-on experience with leading IAM platforms/tools such as Okta SailPoint Microsoft Entra ID (Azure AD) Ping Identity/ForgeRock CyberArk (for PAM) Saviynt or similar. Familiarity with at least one or two major vendors is often explicitly required.

• Experience with directory services and identity stores particularly Active Directory (AD) Entra ID/Azure AD LDAP directories or cloud identity solutions. Many roles emphasize hybrid/on-premises cloud directory management.

• Understanding of compliance regulatory frameworks and security standards knowledge of NIST ISO 27001 GDPR HIPAA SOX PCI-DSS COBIT or Zero Trust principles. Ability to align IAM processes with audit and governance requirements is critical.

• Cloud platform familiarity experience integrating IAM with major cloud providers like AWS IAM Azure AD/Entra ID Google Cloud Identity or multi-cloud environments. Cloud IAM is now a near-universal expectation.

• Scripting and automation skills proficiency in languages/tools such as PowerShell Python JavaScript REST APIs or BeanShell for automating IAM workflows custom connectors or integrations.

• Strong communication and collaboration skills excellent verbal and written English communication (critical for English-speaking roles) ability to explain complex IAM concepts to both technical and non-technical stakeholders (e.g. business leaders auditors) and experience working cross-functionally in teams.

• Relevant certifications (preferred or required in many postings) common ones include CISSP CISM Okta Certified Professional SailPoint Certified IdentityIQ Engineer Microsoft Certified: Identity and Access Administrator GIAC certifications or vendor-neutral ones like Certified Identity and Access Manager (CIAM) from Identity Management Institute.

• Fluency in English language

** WHAT WE OFFER **

* The benefit package for employees outside of the Czech Republic differs from the options listed below

• Competitive salary package with annual bonus

• Company car

• Multisport card

• Additional life insurance

• Long term international career growth & opportunities

• Options to purchase CHEP/Brambles shares

• 3 Days paid leave for volunteering

• Employees pension insurance plan (up to CZK 4100 monthly contribution)

• 25 the days of the annual holiday

• 5 sick days

• Meal vouchers (225 CZK daily)

• Cafeteria system to spend on health culture traveling education and purpose

Remote Type

Skills to succeed in the role

We are an Equal Opportunity Employer and we are committed to developing a diverse workforce in which everyone is treated fairly with respect and has the opportunity to contribute to business success while realizing his or her potential. This means harnessing the unique skills and experience that each individual brings and we do not discriminate against any employee or applicant for employment because of race color sex age national origin religion sexual orientation gender identity status as a veteran and basis of disability or any other federal state or local protected class.

Individuals fraudulently misrepresenting themselves as Brambles or CHEP representatives have scheduled interviews and offered fraudulent employment opportunities with the intent to commit identity theft or solicit money. Brambles and CHEP never conduct interviews via online chat or request money as a term of employment. If you have a question as to the legitimacy of an interview or job offer please contact us at