Director, Identity and Access Management
Asurion · Nashville, TN · Yesterday
On-siteOTHRFull-time
Key Responsibilities
- Identity Governance and SailPoint Transformation
- Own enterprise identity governance strategy and lead migration from SailPoint on-premise to SailPoint Identity Security Cloud.
- Develop and execute the SailPoint cloud roadmap, including migration sequencing, integrations, operating model, stakeholder engagement, and post-migration optimization.
- Strengthen joiner/mover/leaver processes to ensure timely and complete provisioning, deprovisioning, access changes, and termination processing.
- Expand SailPoint coverage across core systems, SaaS, cloud platforms, non-integrated and high-risk applications.
- Establish identity lifecycle assurance controls for provisioning accuracy, workflow failure handling, and manual access oversight.
- Design risk-based access certification programs with campaign governance, remediation tracking, evidence retention, and escalation.
- Improve entitlement governance by rationalizing roles, birthright access, privileged entitlements, toxic combinations, and excessive access.
- Define and implement Segregation of Duties policies, control mappings, exceptions, and periodic validation.
- Privileged Access Management and CyberArk Maturity
- Own enterprise PAM strategy and CyberArk maturity roadmap.
- Expand CyberArk coverage across infrastructure, directories, cloud, databases, applications, service and admin accounts, and emergency access paths.
- Lead privileged account discovery, onboarding prioritization, credential rotation, safe design, platform integrations, session recording, and privileged access reviews.
- Reduce standing privilege through time-bound and just-in-time models with strong approval and monitoring.
- Operationalize privileged access policies for ownership, approvals, break-glass governance, session monitoring, password rotation, and exception expiration.
- Partner with Security Operations to enhance detection and monitoring for privileged misuse and anomalous admin behavior.
- Define and track PAM KPIs/KRIs, including coverage, rotation compliance, standing privilege reduction, session recording, and onboarding progress.
- Authentication, Federation, and Identity Assertion Governance
- Provide enterprise governance over federation and identity assertion (Ping Identity/PingFederate, SAML, OIDC, OAuth), including certificate and token management.
- Set standards, control requirements, and checkpoints for federated access in partnership with platform owners.
- Establish requirements for secure configurations, token lifetime, claim governance, assertion validation, and application onboarding.
- Influence architecture and engineering teams to align federation patterns with security requirements.
- Support risk-based authentication standards (MFA, contextual controls, privileged user and remote access).
- Non-Human Identity and Service Account Governance
- Develop governance for service accounts, machine identities, API credentials, secrets, certificates, and cloud workload identities.
- Define ownership, lifecycle, rotation, monitoring, review, and decommissioning requirements.
- Establish governance frameworks for AI-enabled systems, autonomous agents, and machine-driven workflows.
- Partner with Cloud, DevOps, Infrastructure, Application Engineering, and CyberArk teams to reduce unmanaged service accounts and increase visibility.
- Implement risk-based recertification focusing on privileged, internet-facing, sensitive data, and critical environments.
- Access Risk, Policy, and Exception Governance
- Create centralized IAM exception governance for deviations, manual access, privileged and federation exceptions, and legacy integrations.
- Define approval, business justification, expiration, compensating controls, risk acceptance, and recurring review criteria.
- Align identity controls with policy, audit, regulatory, and contractual obligations in partnership with GRC, Legal, Compliance, HR, and IT.
- Translate IAM risks for executive reporting, including residual risk, orphaned accounts, review findings, lifecycle failures, and authentication gaps.
- Support enterprise policy updates across identity lifecycle, access governance, PAM, authentication, federation, SoD, service accounts, and reviews.
- Metrics, Reporting, and Continuous Improvement
- Define and maintain an IAM metrics framework aligned to enterprise cyber risk priorities and NIST CSF outcomes.
- Deliver dashboards for SailPoint migration progress, onboarding, access review completion, deprovisioning timeliness, orphaned accounts, PAM coverage, exceptions, and service account governance.
- Use metrics to drive prioritization, executive decisions, audit readiness, and continuous improvement.
- Establish a repeatable process to track and close remediation actions from audits, incidents, reviews, penetration tests, and control failures.
- Develop a multi-year IAM maturity roadmap aligned to cybersecurity strategy, business priorities, and risk reduction.
- Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; advanced degree preferred.
- 10+ years of progressive experience in Identity and Access Management, including 5+ years leading enterprise IAM programs.
- Demonstrated leadership of SailPoint IdentityIQ or Identity Security Cloud migrations and large-scale IGA deployments.
- Hands-on leadership maturing CyberArk or equivalent PAM platforms across hybrid environments.
- Experience governing federation and modern authentication (Ping Identity/PingFederate, SAML, OIDC, OAuth).
- Proven track record building IAM operating models, controls, metrics, and executive reporting.
- Successful delivery of risk reduction outcomes in complex, regulated, or global organizations.
- Knowledge, Skills, And Abilities
- Deep expertise in identity lifecycle, access governance, role and entitlement modeling, SoD, and certification design.
- Strong understanding of PAM principles, just-in-time access, session monitoring, credential rotation, and privilege reduction.
- Knowledge of non-human identity governance, secrets management, API credentials, and certificate lifecycle management.
- Familiarity with NIST CSF, regulatory expectations, audit practices, and control frameworks relevant to IAM.
- Familiarity with AI/LLM governance and identity controls for AI-enabled platforms.
- Ability to translate technical risk into business terms and influence senior stakeholders.
- Program and change management skills to lead cross-functional migrations and operating model transitions.
- Excellent communication, stakeholder engagement, and vendor/partner management skills.