[Hiring] Senior Identity Access Management - CyberArk Administrator @SitusAMC

Role Description

This role is responsible for overseeing the strategy, implementation, and governance of identity and access management across corporate and client environments. This role ensures secure, compliant, and efficient access to systems and applications, safeguarding critical assets and data. The AVP will lead initiatives to strengthen identity security, enforce access controls, and maintain compliance with organizational and regulatory standards. This role possesses a deep technical expertise in IAM platforms, strong leadership skills, and the ability to collaborate effectively with business and technology stakeholders.

• Define and maintain the IAM strategy, roadmap, and reference architecture covering workforce, privileged, non-human, and application identities.
• Champion Zero Trust principles—strong authentication, continuous evaluation, least privilege, and just-in-time access.
• Align IAM programs with enterprise security architecture, cloud adoption, data protection, and digital transformation initiatives.
• Establish governance for identity lifecycle, access policies, and compliance with internal standards and external regulations (SOX, HIPAA, PCI DSS, GDPR, ISO 27001).
• Own joiner–mover–leaver (JML) processes and ensure accurate, timely provisioning and deprovisioning integrated with HRIS and directories.
• Implement and maintain RBAC/ABAC models, role mining, segregation of duties (SoD), and toxic combination controls.
• Govern federation standards (SAML, OIDC/OAuth2), app onboarding, token lifecycles, and session management.
• Optimize user experience while maintaining security for workforce, partners, and service accounts.
• Enforce least privilege, credential vaulting, session recording, and JIT elevation for admins and high-risk roles.
• Govern break-glass procedures and reduce standing privileges across servers, network devices, cloud control planes, and DevOps toolchains.
• Govern identities, roles, and policies across cloud providers (Azure, AWS, GCP) and SaaS platforms.
• Implement controls for workload identities, service principals, managed identities, and API authentication.
• Maintain IAM controls to meet regulatory requirements and internal policies.
• Prepare for audits, produce evidentiary artifacts, and manage remediation plans.
• Conduct periodic access reviews, entitlement clean-up campaigns, and report residual risk to leadership.
• Lead day-to-day operations of IAM platforms ensuring availability, scalability, and incident response.
• Establish SLAs/OLAs, runbooks, and knowledge articles; drive MTTR improvements and change management discipline.
• Oversee identity data quality, directory hygiene, and deprovisioning efficacy to minimize orphaned accounts.
• Coordinate with Security, HR, Legal, Compliance, IT Operations, App Owners, and Data Governance for end-to-end alignment.
• Communicate complex identity risks and trade-offs to executive stakeholders in business terms.
• Maintain user accounts and permissions for corporate and client systems, including proprietary platforms.
• Resolve access-related issues (e.g., MFA failures, provisioning errors) within established SLAs.
• Document resolutions for compliance and knowledge sharing.
• Benchmark against industry best practices and drive IAM capability maturity (e.g., NIST/CMMI frameworks).
• Conduct post-incident reviews and prioritize backlog for continuous improvement.
• Other activities as may be assigned by your manager.

Qualifications

• Bachelor’s degree in related field or equivalent combination of education and experience.
• Minimum of 6+ years of industry and/or relevant experience, typically with 1+ years in a Senior Associate level role or external equivalent.
• Hands-on experience with IAM platforms such as Microsoft Entra ID (Azure AD), SailPoint, CyberArk, Okta, or similar.
• Proven track record in implementing SSO, MFA, RBAC/ABAC, and Privileged Access Management (PAM) solutions.
• Experience managing identity lifecycle processes (JML) and integrating with HR systems and directories.
• Strong background in cloud identity management (Azure, AWS, GCP) and federation protocols (SAML, OAuth 2.0, OpenID Connect).
• Proficiency in PowerShell or other scripting languages for IAM automation.
• Knowledge of Windows Server, Active Directory, and modern authentication technologies.
• Familiarity with Zero Trust principles, identity threat detection, and risk-based access controls.
• Understanding of regulatory frameworks such as SOX, HIPAA, PCI DSS, GDPR, ISO 27001.
• Experience preparing for audits and maintaining evidentiary artifacts for IAM controls.
• Proficiency in IAM technologies and protocols, including SAML, OAuth 2.0, OpenID Connect, and MFA solutions.
• Strong knowledge of Microsoft Active Directory, Azure AD/Entra ID, and Windows operating systems (including Windows 11).
• Experience with IAM automation using scripting languages such as PowerShell or Python.
• Familiarity with regulatory and audit requirements (SOX, HIPAA, PCI DSS, GDPR, ISO 27001) and ability to maintain evidentiary artifacts.
• Understanding of Zero Trust principles and identity-centric security frameworks.
• Ability to analyze complex identity challenges, exercise sound judgment, and develop strategic solutions.
• Skilled in troubleshooting identity-related issues and resolving conflicts with diplomacy and professionalism.
• Exceptional oral, written, and technical communication skills for engaging stakeholders at all levels.
• Strong interpersonal skills to influence and collaborate across IT, Security, and business teams.

Requirements

• Preferred Certifications (Optional): CISSP, CISM, Microsoft Certified: Identity and Access Administrator, SailPoint, CyberArk, or Okta certifications.
• Requires attending any department provided training.
• Requires the ability to work shifts outside of normal working hours.
• Requires the ability for extended travel in the event of a catastrophic event.
• Requires the ability to be on call and support a 24x7x365 operations.
• Requires the ability to support both planned and unplanned events.

Benefits

• The annual full-time base salary range for this role is $80,000.00 - $120,000.00.
• Specific compensation is determined through interviews and a review of relevant education, experience, training, skills, geographic location, and alignment with market data.
• Additionally, certain positions may be eligible to receive a discretionary bonus as determined by bonus program guidelines, position eligibility, and SitusAMC Senior Management approval.
• SitusAMC offers PTO and paid holidays, the terms of which are set forth in the program policies.
• All full-time employees also are eligible to participate in various benefit plans, including medical, dental, vision, life, disability insurance, and 401K; in each case in accordance with the terms of the applicable plans.