- Own enterprise architecture and governance for on-premises Active Directory and Microsoft Entra ID.
- Lead hybrid identity architecture, synchronization, federation, SSO, MFA, Conditional Access, Privileged Identity Management (PIM), and Self-Service Password Reset (SSPR).
- Define identity standards, lifecycle management processes, naming standards, and security baselines.
- Provide technical approval for enterprise identity designs and integrations.
- Govern SailPoint identity lifecycle processes, access certifications, birthright access, role management, and segregation-of-duty controls.
- Drive User Access Reviews (UAR), Privileged Access Reviews (PAR), SOX controls, and audit remediation efforts.
- Establish governance for workforce, contractor, service, and privileged accounts.
- Ensure compliance with internal cybersecurity and regulatory requirements.
- Lead strategic programs such as Okta-to-Entra migration, CIAM modernization, and cloud identity transformation.
- Own migration planning, readiness assessments, architecture governance, application onboarding, and executive reporting.
- Collaborate with Microsoft, implementation partners, and business stakeholders to deliver enterprise-scale IAM initiatives.
- Provide L3 escalation support for critical IAM incidents and authentication issues.
- Lead resolution of complex identity, federation, provisioning, and SSO integration challenges.
- Establish service management processes, SOPs, operational metrics, SLAs, and technology roadmaps.
- Manage vendors, contractors, and managed service providers supporting IAM operations.
- Oversee BeyondTrust PAM operations and privileged account governance.
- Establish controls for service account lifecycle management, credential rotation, password propagation, and privileged access controls.
- Drive least-privilege and zero-trust initiatives across identity platforms.
- Provide IAM architecture guidance for GitHub, AWS, ServiceNow, Spacelift, enterprise SaaS applications, and custom integrations.
- Design scalable access models leveraging Entra groups, SCIM provisioning, federation, and automated access governance.
- Support CI/CD and DevOps identity integration requirements
- 12+ years of Identity & Access Management experience.
- 8+ years administering and architecting Active Directory and Microsoft Entra ID.
- Deep expertise in: Active Directory Microsoft Entra ID Azure AD Connect / Cloud Sync Federation Services Conditional Access MFA Privileged Identity Management Self-Service Password Reset Identity Governance Hybrid Identity Architecture
- CISSP, CISM, Microsoft Identity certifications, SailPoint certifications, or BeyondTrust certifications.
- Experience with CIAM platforms and B2B/B2C identity architectures.
- Experience supporting cloud engineering platforms such as GitHub, AWS, Azure, Terraform, or Spacelift.
Carrier is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Job Applicant's Privacy Notice:
Click on this link to read the Job Applicant's Privacy Notice