Set the enterprise IAM strategy, standards, and roadmap, aligned to AHEAD’s growth, risk appetite, and technology direction.
Own the identity lifecycle (joiner/mover/leaver) across employees, contractors, and partners, including automation with HRIS and directory systems.
Lead the design, implementation, and operation of single sign‑on (SSO), multi‑factor authentication (MFA), and conditional access policies across cloud and on‑premises applications.
Oversee privileged access management (PAM) for administrative accounts, including just‑in‑time elevation, session monitoring, and credential vaulting.
Build and operate access request, approval, and fulfillment workflows, ensuring a positive end‑user experience with clear SLAs and auditable controls.
Lead recurring access reviews and certifications for critical applications, infrastructure, and data sets in coordination with business and control owners.
Partner with Engineering and Operations to integrate IAM signals (logins, anomalies, policy violations) into monitoring, detection, and incident response workflows.
Collaborate with Governance, Risk & Compliance to ensure IAM controls support ISO 27001, SOC 2, NIST, and privacy requirements and are evidenced for audits and customer assessments.
Own application onboarding into the IAM ecosystem, including standards for authentication (SAML/OIDC/OAuth), authorization, and account provisioning.
Drive zero trust and identity‑centric security practices, ensuring identity becomes the primary perimeter for workforce and partners.
Manage IAM vendors and service providers, including contracts, service levels, roadmaps, and cost optimization.
Develop and maintain IAM policies, standards, and playbooks, and deliver training to technical and non‑technical stakeholders.
Monitor and respond to identity‑related incidents, including account compromise, abuse of privilege, and access misconfiguration; lead root cause analysis and remediation.
Track and report KPIs and KRIs (e.g., MFA coverage, SSO adoption, time‑to‑provision, access review completion) and brief leadership on risk posture and investment needs.
Recruit, develop, and mentor a high‑performing team, fostering a culture of accountability, collaboration, and continuous improvement.

Requirements

Bachelor’s degree or equivalent experience.
10 or more years of experience in Technology or Information Security, with at least 5 years in a leadership role.
One or more security certifications such as CISSP, CRISC, CISA, CISM, CIPP/US, PCI QSA, or ISO 27001 Lead Auditor is required.
Advanced understanding of enterprise identity platforms such as Okta, Azure AD / Entra ID, and related technologies (SSO, MFA, federation, conditional access, SCIM).
Hands on experience working in a ISO/IEC- or NIST-based security program.
Hands‑on experience designing and operating IAM architectures in hybrid and multi‑cloud environments (AWS, Azure, GCP).
Demonstrated experience with role engineering, access modeling, and access review programs, including tooling for identity governance and administration (IGA).
Excellent communication and interpersonal skills, with the ability to articulate complex security concepts to a non-technical audience.
Strong leadership skills and the ability to manage multiple projects and priorities.
Highly organized and ability to work independently.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

identity lifecycle managementsingle sign-on (SSO)multi-factor authentication (MFA)privileged access management (PAM)identity governance and administration (IGA)role engineeringaccess modelingIAM architecture designcloud securityzero trust security

Soft Skills

leadershipcommunicationinterpersonal skillsorganizational skillsproject managementcollaborationmentoringaccountabilitycontinuous improvementarticulating complex concepts

Certifications

CISSPCRISCCISACISMCIPP/USPCI QSAISO 27001 Lead Auditor