CHEP

Manager, IAM Operations

CHEP

full-time

Posted on:

Location Type: Hybrid

Location: PragueCzech

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSAzureCloudCyber SecurityJavaScriptPython

About the role

  • Lead the build, configuration, and deployment of secure email, messaging, authentication (MFA, SSO), and identity lifecycle management solutions.
  • Develop and implement new IAM capabilities and enhancements as outlined in the IAM strategic roadmap.
  • Recommend and integrate additional IAM solutions or controls to improve frontline security defences.
  • Participate in the deployment and initial configuration of new IAM technologies, ensuring alignment with standards and best practices.
  • Establish and enforce IAM policies and procedures to maintain compliance with relevant regulations.
  • Coordinate with cross-functional teams to ensure seamless integration and operation of IAM solutions.
  • Provide training and support to users on IAM policies, procedures, and technologies.
  • Act as the escalation point for complex IAM issues, maintaining operational excellence and continuous improvement in IAM processes.
  • Engineer and enhance Identity Access Management (IAM) solutions to strengthen organizational security and support a zero-trust architecture.
  • Drive the development and integration of authentication, lifecycle governance, and customer IAM capabilities in line with strategic security objectives.
  • Collaborate across teams to ensure robust, compliant, and user-friendly IAM processes and technologies.

Requirements

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Information Security, or a closely related field (or equivalent combination of education and experience)
  • Many roles accept relevant professional experience in lieu of a degree, but a 4-year degree remains the most common baseline.
  • Professional experience in IAM or related cybersecurity fields — typically 3–7+ years depending on the role level (e.g., 3–5 years for mid-level IAM Engineer; 5–10+ for senior/principal roles).
  • Hands-on experience with identity lifecycle management, access provisioning/de-provisioning, or access reviews is highly valued.
  • Strong knowledge of core IAM concepts and protocols — including authentication, authorization, RBAC (Role-Based Access Control), PBAC, SSO (Single Sign-On), MFA (Multi-Factor Authentication), federation, and standards like SAML, OAuth 2.0, OIDC, LDAP, and JWT.
  • Hands-on experience with leading IAM platforms/tools — such as Okta, SailPoint, Microsoft Entra ID (Azure AD), Ping Identity/ForgeRock, CyberArk (for PAM), Saviynt, or similar.
  • Familiarity with at least one or two major vendors is often explicitly required.
  • Experience with directory services and identity stores — particularly Active Directory (AD), Entra ID/Azure AD, LDAP directories, or cloud identity solutions. Many roles emphasize hybrid/on-premises + cloud directory management.
  • Understanding of compliance, regulatory frameworks, and security standards — knowledge of NIST, ISO 27001, GDPR, HIPAA, SOX, PCI-DSS, COBIT, or Zero Trust principles.
  • Ability to align IAM processes with audit and governance requirements is critical.
  • Cloud platform familiarity — experience integrating IAM with major cloud providers like AWS IAM, Azure AD/Entra ID, Google Cloud Identity, or multi-cloud environments. Cloud IAM is now a near-universal expectation.
  • Scripting and automation skills — proficiency in languages/tools such as PowerShell, Python, JavaScript, REST APIs, or BeanShell for automating IAM workflows, custom connectors, or integrations.
  • Strong communication and collaboration skills — excellent verbal and written English communication (critical for English-speaking roles), ability to explain complex IAM concepts to both technical and non-technical stakeholders (e.g., business leaders, auditors), and experience working cross-functionally in teams.
  • Relevant certifications (preferred or required in many postings) — common ones include CISSP, CISM, Okta Certified Professional, SailPoint Certified IdentityIQ Engineer, Microsoft Certified: Identity and Access Administrator, GIAC certifications, or vendor-neutral ones like Certified Identity and Access Manager (CIAM) from Identity Management Institute.
  • Fluency in English language.
Benefits
  • Competitive salary package with annual bonus
  • Company car
  • Multisport card
  • Additional life insurance
  • Long term, international career growth & opportunities
  • Options to purchase CHEP/Brambles shares
  • 3 Days paid leave for volunteering
  • Employee´s pension insurance plan (up to CZK 4100 monthly contribution)
  • 25 the days of the annual holiday
  • 5 sick days
  • Meal vouchers (225 CZK daily)
  • Cafeteria system to spend on health, culture, traveling, education, and purpose
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
identity lifecycle managementaccess provisioningaccess reviewsauthenticationauthorizationRBACPBACSAMLOAuth 2.0REST APIs
Soft Skills
communicationcollaborationproblem-solvingtrainingsupportcross-functional teamworkoperational excellencecontinuous improvementuser-friendly processesstakeholder engagement
Certifications
CISSPCISMOkta Certified ProfessionalSailPoint Certified IdentityIQ EngineerMicrosoft Certified: Identity and Access AdministratorGIAC certificationsCertified Identity and Access Manager