Principal Identity Governance and Administration - US - Remote
About the role
The Principal Identity Governance and Administration leads the architecture, engineering, automation, and operational delivery of enterprise IAM capabilities at Worldwide. This role assists with the selection and implementation of a new IAM platform and partners with Security, Infrastructure, Cloud, DevOps, Application, and business teams to modernize authentication and access models, standardize lifecycle processes, and strengthen governance across the enterprise.
Responsibilities
- Architect, design, implement, and support enterprise IAM solutions for workforce, privileged, service, and application identities.
- Serve as a technical authority for Microsoft Entra ID, including Conditional Access, MFA, SSO, PIM, access reviews, and identity protection capabilities.
- Design and support hybrid identity solutions spanning Active Directory, Azure, Entra ID, and cloud/SaaS platforms.
- Lead hands-on engineering and automation efforts using PowerShell, Microsoft Graph, REST APIs, and related tooling.
- Develop and mature IAM integration patterns for enterprise applications using SAML, OAuth, OpenID Connect, SCIM, LDAP, and related identity standards where applicable.
- Support the design and implementation of role-based access control (RBAC), least privilege, privileged access governance, and lifecycle management processes.
Requirements
- Extensive hands-on experience in IAM architecture, engineering, and operational delivery.
- Deep technical expertise with Microsoft Entra ID, Azure, Active Directory, PowerShell, and identity-related Microsoft cloud services.
- Experience with SQL or relational data platforms for reporting, reconciliation, and analysis.
- Understanding of authentication and federation protocols such as SAML, OAuth 2.0, OpenID Connect, Kerberos, LDAP, and SCIM.
- Strong analytical, troubleshooting, and problem-solving capabilities in complex enterprise environments.
- Experience implementing enterprise-grade IGA tools (e.g., SailPoint, Saviynt, Okta).
Qualifications
- Bachelor’s degree in Information Technology, Information Security, Computer Science, or a related field; equivalent relevant experience may be considered.
- Advanced degree preferred.
- 8+ years of progressive experience in Identity and Access Management, security engineering, infrastructure engineering, or related technical disciplines.
- Prior experience providing technical direction, making architecture decisions, and leading engineering execution.
- Demonstrated success designing and implementing IAM solutions in enterprise environments.
- Advanced hands-on experience with PowerShell automation and Microsoft identity technologies.
- Experience with Azure, Active Directory, enterprise application integration, and identity federation technologies.
- Relevant industry certifications such as CISSP, CISM, Microsoft security/identity certifications, Azure certifications, or related credentials are a plus.
Skills
- Hands-on experience with IAM architecture, engineering, and operational delivery.
- Technical expertise with Microsoft Entra ID, Azure, Active Directory, PowerShell, and identity-related Microsoft cloud services.
- Experience with SQL or relational data platforms for reporting, reconciliation, and analysis.
- Understanding of authentication and federation protocols such as SAML, OAuth 2.0, OpenID Connect, Kerberos, LDAP, and SCIM.
- Strong analytical, troubleshooting, and problem-solving capabilities in complex enterprise environments.
- Experience implementing enterprise-grade IGA tools (e.g., SailPoint, Saviynt, Okta).
- Advanced hands-on experience with PowerShell automation and Microsoft identity technologies.
- Experience with Azure, Active Directory, enterprise application integration, and identity federation technologies.
Benefits
We believe everyone plays an important role in making a world of difference for patients and their caregivers. From our hands-on, accessible leaders, to our cohesive and supportive teams, we are committed to enabling professionals from all backgrounds and experiences to succeed. We prioritize cultivating a diverse and inclusive environment that continues to promote collaboration and creativity.
Pay
Competitive compensation package including base salary, performance bonuses, and equity options.
Schedule
Full-time, Monday through Friday, with flexible working hours.