Senior Director, Identity Governance
Hearst · New York, NY · 3 wk ago
Management$215k–$235k/yrFull-time
About the role
The Sr. Director of Identity Governance leads and operates the enterprise identity program across the Hearst Corporation, supporting over 25,000 user accounts across 360+ global businesses. This role owns the full identity lifecycle, including access certification, role-based access control, and privilege management, while also driving strategic initiatives and vendor relationships.
Responsibilities
- Co-author enterprise IAM policies and standards in partnership with Information Security, Risk and Compliance.
- Lead the design and operation of access certification programs, ensuring timely, risk-appropriate review of entitlements across applications, infrastructure, and privileged systems.
- Architect and mature the enterprise role model, including role-based access control (RBAC) design, role mining, role lifecycle management, and separation of duties (SoD) frameworks.
- Drive the joiner/mover/leaver (JML) lifecycle program, ensuring identity provisioning and deprovisioning is accurate, automated where possible, and tightly integrated with HR systems of record.
- Establish and enforce least-privilege principles across the enterprise, with a structured approach to identifying and remediating access sprawl, orphaned accounts, and over-privileged roles.
- Participate in and support audit activities conducted by internal audit, external auditors, and regulatory bodies, providing documentation, walkthroughs, and remediation support as required.
- Partner with the Information Security, Risk and Compliance teams to ensure identity governance controls satisfy SOX, HIPAA, and PCI DSS requirements, and support audit activities with documentation, walkthroughs, and evidence.
- Define and execute the multi-year strategy for Hearst’s enterprise identity program, spanning governance, access management, privileged access, secrets management, and directory services, aligned with corporate security, compliance, and technology objectives.
- Represent the identity program in senior leadership forums, steering committees, and technology strategy discussions.
- Champion an automation-first and AI-forward approach across the identity program, identifying opportunities to apply automation, AI, and generative AI to drive process efficiency, reduce operational cost, and accelerate delivery of identity services.
- Lead, mentor, and develop a high-performing identity team of 5–9 direct reports, including engineers, architects, and operational staff.
- Recruit, onboard, and retain top identity talent, building team depth and succession coverage across critical functions.
- Build and maintain strong partnerships with Hearst’s business division technology teams, serving as a trusted advisor and primary escalation point for identity services.
- Develop and communicate a clear service catalog for identity platform offerings, enabling business units to understand and consume available services effectively.
- Lead regular business reviews with key internal customers, gathering feedback and translating it into program improvements.
- Communicate identity program status, risks, milestones, and value delivery to senior leadership and executive stakeholders.
Qualifications
- 15+ years of progressive IT experience, with at least 10 years in identity governance, identity and access management, or a closely related discipline.
- 4+ years in a people management capacity, with demonstrated success leading and developing technical teams.
- Deep, principled understanding of identity governance concepts: joiner/mover/leaver lifecycle design, role engineering and RBAC modeling, access certification program design, separation of duties frameworks, least-privilege strategy, entitlement ownership models, and identity policy development.
- Candidates should be able to discuss these concepts independently of any specific tool or platform.
- Proven track record designing and maturing enterprise IGA programs at scale, including building or significantly advancing certification, provisioning, and role management capabilities in complex, multi-application environments.
- Hands-on experience operating Identity Governance & Administration (IGA) platforms such as SailPoint, Saviynt, One Identity, Microsoft Entra ID Governance, or similar; depth in IGA concepts is required, specific vendor experience is transferable.
- Hands-on experience operating Identity Provider (IdP) and SSO platforms such as Okta, Microsoft Entra ID, Ping Identity, ForgeRock, or similar; depth in federation protocols (SAML, OAuth 2.0, OpenID Connect, SCIM) and access policy design is required.
- Working knowledge of Privileged Access Management (PAM) concepts and platforms such as CyberArk, BeyondTrust, Delinea or similar, including vault design, just-in-time access, and session management.
- Working knowledge of secrets management platforms and practices, including integration patterns with applications and CI/CD pipelines.
- Solid understanding of Windows Active Directory and Microsoft Entra ID in a hybrid enterprise environment, including Group Policy, directory synchronization, and Conditional Access.
- Experience supporting compliance programs involving SOX, HIPAA, and/or PCI DSS access controls, including audit participation and evidence preparation.
- Demonstrated experience managing vendor relationships, software licensing, contract negotiations, and IT cost optimization.
- Strong executive communication skills with the ability to translate complex identity governance concepts for non-technical stakeholders.
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field, or equivalent professional experience.