Jobs · OTHR · Tennessee

Director, Identity and Access Management

Asurion · Nashville, TN · Yesterday
On-siteOTHRFull-time

Key Responsibilities

  • Identity Governance and SailPoint Transformation
    • Own enterprise identity governance strategy and lead migration from SailPoint on-premise to SailPoint Identity Security Cloud.
    • Develop and execute the SailPoint cloud roadmap, including migration sequencing, integrations, operating model, stakeholder engagement, and post-migration optimization.
    • Strengthen joiner/mover/leaver processes to ensure timely and complete provisioning, deprovisioning, access changes, and termination processing.
    • Expand SailPoint coverage across core systems, SaaS, cloud platforms, non-integrated and high-risk applications.
    • Establish identity lifecycle assurance controls for provisioning accuracy, workflow failure handling, and manual access oversight.
    • Design risk-based access certification programs with campaign governance, remediation tracking, evidence retention, and escalation.
    • Improve entitlement governance by rationalizing roles, birthright access, privileged entitlements, toxic combinations, and excessive access.
    • Define and implement Segregation of Duties policies, control mappings, exceptions, and periodic validation.
  • Privileged Access Management and CyberArk Maturity
    • Own enterprise PAM strategy and CyberArk maturity roadmap.
    • Expand CyberArk coverage across infrastructure, directories, cloud, databases, applications, service and admin accounts, and emergency access paths.
    • Lead privileged account discovery, onboarding prioritization, credential rotation, safe design, platform integrations, session recording, and privileged access reviews.
    • Reduce standing privilege through time-bound and just-in-time models with strong approval and monitoring.
    • Operationalize privileged access policies for ownership, approvals, break-glass governance, session monitoring, password rotation, and exception expiration.
    • Partner with Security Operations to enhance detection and monitoring for privileged misuse and anomalous admin behavior.
    • Define and track PAM KPIs/KRIs, including coverage, rotation compliance, standing privilege reduction, session recording, and onboarding progress.
  • Authentication, Federation, and Identity Assertion Governance
    • Provide enterprise governance over federation and identity assertion (Ping Identity/PingFederate, SAML, OIDC, OAuth), including certificate and token management.
    • Set standards, control requirements, and checkpoints for federated access in partnership with platform owners.
    • Establish requirements for secure configurations, token lifetime, claim governance, assertion validation, and application onboarding.
    • Influence architecture and engineering teams to align federation patterns with security requirements.
    • Support risk-based authentication standards (MFA, contextual controls, privileged user and remote access).
  • Non-Human Identity and Service Account Governance
    • Develop governance for service accounts, machine identities, API credentials, secrets, certificates, and cloud workload identities.
    • Define ownership, lifecycle, rotation, monitoring, review, and decommissioning requirements.
    • Establish governance frameworks for AI-enabled systems, autonomous agents, and machine-driven workflows.
    • Partner with Cloud, DevOps, Infrastructure, Application Engineering, and CyberArk teams to reduce unmanaged service accounts and increase visibility.
    • Implement risk-based recertification focusing on privileged, internet-facing, sensitive data, and critical environments.
  • Access Risk, Policy, and Exception Governance
    • Create centralized IAM exception governance for deviations, manual access, privileged and federation exceptions, and legacy integrations.
    • Define approval, business justification, expiration, compensating controls, risk acceptance, and recurring review criteria.
    • Align identity controls with policy, audit, regulatory, and contractual obligations in partnership with GRC, Legal, Compliance, HR, and IT.
    • Translate IAM risks for executive reporting, including residual risk, orphaned accounts, review findings, lifecycle failures, and authentication gaps.
    • Support enterprise policy updates across identity lifecycle, access governance, PAM, authentication, federation, SoD, service accounts, and reviews.
  • Metrics, Reporting, and Continuous Improvement
    • Define and maintain an IAM metrics framework aligned to enterprise cyber risk priorities and NIST CSF outcomes.
    • Deliver dashboards for SailPoint migration progress, onboarding, access review completion, deprovisioning timeliness, orphaned accounts, PAM coverage, exceptions, and service account governance.
    • Use metrics to drive prioritization, executive decisions, audit readiness, and continuous improvement.
    • Establish a repeatable process to track and close remediation actions from audits, incidents, reviews, penetration tests, and control failures.
    • Develop a multi-year IAM maturity roadmap aligned to cybersecurity strategy, business priorities, and risk reduction.

    Education And Experience

    • Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; advanced degree preferred.
    • 10+ years of progressive experience in Identity and Access Management, including 5+ years leading enterprise IAM programs.
    • Demonstrated leadership of SailPoint IdentityIQ or Identity Security Cloud migrations and large-scale IGA deployments.
    • Hands-on leadership maturing CyberArk or equivalent PAM platforms across hybrid environments.
    • Experience governing federation and modern authentication (Ping Identity/PingFederate, SAML, OIDC, OAuth).
    • Proven track record building IAM operating models, controls, metrics, and executive reporting.
    • Successful delivery of risk reduction outcomes in complex, regulated, or global organizations.
    • Knowledge, Skills, And Abilities
      • Deep expertise in identity lifecycle, access governance, role and entitlement modeling, SoD, and certification design.
      • Strong understanding of PAM principles, just-in-time access, session monitoring, credential rotation, and privilege reduction.
      • Knowledge of non-human identity governance, secrets management, API credentials, and certificate lifecycle management.
      • Familiarity with NIST CSF, regulatory expectations, audit practices, and control frameworks relevant to IAM.
      • Familiarity with AI/LLM governance and identity controls for AI-enabled platforms.
      • Ability to translate technical risk into business terms and influence senior stakeholders.
      • Program and change management skills to lead cross-functional migrations and operating model transitions.
      • Excellent communication, stakeholder engagement, and vendor/partner management skills.

Similar jobs