IT Security Identity & Access Technical Leader

At Pitney Bowes we do the right thing the right way. As a member of our team you can too.

We have amazing people who are the driving force the inspiration and foundation of our company. Our thriving culture can be broken down into four components: Client. Team. Win. Innovate.

We actively look for prospects who:
Are passionate about client success.
Enjoy collaborating with others.
Strive to exceed expectations.
Move boldly in the quest for superior and best in market solutions.

Job Description:

You Are:

A Security Identity & Access Technical Leader responsible for designing implementing and governing the enterprise-wide Identity and Access Management (IAM) program. You partner across security infrastructure HR engineering and business teams to build a modern scalable identity ecosystem winning togetherto deliver secure seamless access experiences across the organization.

You Will:

• Develop and maintain the organizations Identity & Access Management (IAM) strategy roadmap and governance model driving alignment and shared accountability across teams.
• Architect and oversee solutions for security authentication authorization privileged access SSO MFA SaaS security posture API access controls conditional access policies and lifecycle management delivering excellencein secure design and execution.
• Technically lead modernization efforts such as Zero Trust passwordless authentication identity automation Attribute-Based Access Controls AI-driven threat detection and response identity models for AI agents and continuous AI behavioral authentication helping the organizationmove fastwhile staying secure.
• Define standards for API security including API identity and access controls secure API key and token management least-privilege access for machine identities and monitoring and anomaly detection for API usage.
• Establish secure patterns for API authentication and authorization including OAuth OIDC and token lifecycle management.
• Lead the design and operation of Privileged Access Management (PAM) solutions (CyberArk).
• Ensure projects are delivered within scope budget and schedule balancing speed with precision.
• Lead a technical team supporting user access provisioning deprovisioning terminations and password resets across multiple SaaS and on-premise applications (Dell OneIdentity Salesforce SAP Workday) fostering collaboration and continuous improvement.
• Perform regular audits to ensure security protocols are followed and risks are proactively addressed.
• Ensure technical solutions comply with privacy laws and regulatory requirements.
• Investigate and respond to irregularities in system access with urgency and rigor.
• Establish metrics to ensure IAM solutions meet both security and business objectives.
• Plan test and implement configuration changes efficiently and effectively.
• Document IAM processes and procedures to enable consistency and scalability.
• Escalate and resolve issues in a timely manner maintaining a high standard of reliability and responsiveness.

Your background:

As a Identity Lead you have:

• 7-12 plus years professional experience in IT and/or Cybersecurity with an Enterprise Identity Management Team
• Deep expertise in IAM frameworks Zero Trust and modern identity protocols (SAML OAuth OIDC SCIM).
• Experience with enterprise scale IAM platforms On Premise and Cloud Platforms.
• Strong understanding of cloud identity (Azure AD/Entra AWS IAM GCP IAM SaaS and API).
• Knowledge of security architecture threat modeling and identity attack vectors.
• Significant demonstrated knowledge of Active Directory and Entra processes and tools to include patching hardening configuration and risk management
• Demonstrated communication skills to communicate persuade influence without authority and handle challenging conversations
• Significant demonstrated knowledge of Identity management processes and tools to include Active Directory Entra ID Intune Dell OneIdentity Semperis CyberArk SAP Salesforce and Workday.
• Demonstrated knowledge in recent advances in IAM technology.

Preferred

• Bachelors Degree in Information Security Computer Science or equivalent
• Information Security Certifications such as CISSP CRISC CIMP and/or CISM

Knowledgeable and experienced in:

• Active Directory (Including Azure A/D Synchronization)
• Entra ID (Including App Registration Passwordless Authentication Enterprise Application SSO and Conditional Access Policies)Intune
• OKTA
• Semperis
• CyberArk
• Zscaler AppTotal
• Automation Tools including Task Scheduler and PowerShell
• InfoBlox BloxOne
• Microsoft PKI NPS SCCM Patching
• Illumio
• Microsoft Defender
• Dell OneIdentity (Configuration Monitoring Migration and Implementation)
• Microsoft NPS
• JIRA Service Desk
• Use of AI
  

Compensation:

The wage range for this position is $130000-$150000 / year with the actual pay dependent on your skills and experience as they relate to the job requirements.

Location:

This is a hybrid role with 4 days in the Shelton CT office required. (No relocation assistance offered.)

Sponsorship:

Must be legally authorized to work in the US. Employer will not sponsor position for employment visa status now or in the future (ex. H-1B).

We will:

Provide the opportunity to grow and develop your career
Offer an inclusive environment that encourages diverse perspectives and ideas
Deliver challenging and unique opportunities to contribute to the success of a transforming organization
Offer comprehensive benefits globally (PB Live Well)

Pitney Bowes is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard for race color sex religion national origin age disability (mental or physical) veteran status sexual orientation gender identity or any other consideration made unlawful by applicable federal state or local laws.

All qualified applicants including Veterans and Individuals with Disabilities are encouraged to apply.

All interested individuals must apply online. Individuals with disabilities who cannot apply via our online application should refer to the alternate application options via our Individuals with Disabilities link.