Identity Security Manager – GOV

Role Overview

• Lead day to day IAM operations, ensuring reliable and secure access provisioning, modification, and deprovisioning across the enterprise.
• Own workforce and non-human identity lifecycle management, including joiner, mover, and leaver processes.
• Serve as the escalation point for access related incidents, outages, or high-risk access scenarios.
• Ensure IAM platforms operate with high availability, security, and performance, including on call readiness and operational support models.
• Own and mature the Identity Governance and Administration (IGA) program using SailPoint.
• Lead access certification campaigns, role modeling, entitlement management, and access reviews.
• Drive automation of access requests, approvals, and policy enforcement.
• Partner with Compliance and Audit teams to support evidence collection, remediation tracking, and control validation.
• Define and maintain identity governance policies aligned to least privilege and segregation of duties principles.
• Lead the design, implementation, and operation of PAM capabilities.
• Own privileged account onboarding, credential rotation, session management, and access approval workflows.
• Ensure strong controls for administrative, service, and emergency access.
• Partner with Infrastructure and Engineering teams to onboard platforms, applications, and cloud workloads into PAM.
• Develop metrics and reporting for privileged access usage, risk, and compliance.
• Own enterprise secrets management strategy and implementation using HashiCorp Vault.
• Ensure secure storage, rotation, and access control for application and infrastructure secrets.
• Partner with development and platform teams to integrate Vault into CI/CD pipelines and runtime environments.
• Drive best practices for non-human identities, dynamic credentials, and short-lived secrets.
• Define IAM architecture standards for workforce, application, cloud, and infrastructure access.
• Evaluate and implement new IAM technologies, integrations, and automation opportunities.
• Maintain IAM documentation including standards, procedures, and reference architectures.
• Ensure IAM controls align with organizational risk appetite, audit requirements, and industry best practices.
• Produce metrics and reporting related to access risk, policy compliance, and operational performance.
• Lead and mentor IAM/PAM engineers and analysts, providing technical guidance and career development.
• Execute staffing decisions, onboarding, and performance management for the Identity Security team.
• Identify process gaps and technical debt, driving improvements in automation, reliability, and scalability.
• Champion strong documentation, operational discipline, and security by design principles.

Requirements

• CCSP, CISSP, GCIA, GCIH, GCFA, CySA+ or equivalent certifications.
• Hands‑on experience with SailPoint, CyberArk, and HashiCorp Vault in enterprise environments.
• Strong understanding of IAM concepts including identity lifecycle management, RBAC/ABAC, least privilege, and zero trust.
• Experience integrating IAM solutions with cloud platforms, SaaS applications, and on‑prem infrastructure.
• Familiarity with compliance frameworks such as PCI DSS, SOC 2, HIPAA, and other regulated environments.
• Experience supporting audits, access reviews, and regulatory evidence requests.
• Strong understanding of authentication, authorization, SSO, MFA, and directory services.
• Ability to translate technical IAM concepts into clear guidance for technical and non‑technical stakeholders.
• Excellent communication, organizational, and prioritization skills.
• Strong analytical and problem‑solving abilities with attention to detail.

Tech Stack

• Cloud
• Vault

Benefits

• medical/prescription drug coverage (with a Health Savings Account feature)
• dental and vision options
• employee and spouse/child life insurance
• short and long-term disability protection
• 401(k) with PNC match
• pension and stock purchase plans
• dependent care reimbursement account
• back-up child/elder care
• adoption, surrogacy, and doula reimbursement
• educational assistance, including select programs fully paid
• a robust wellness program with financial incentives
• maternity and/or parental leave
• up to 11 paid holidays each year
• 9 occasional absence days each year, unless otherwise required by law
• between 15 to 25 vacation days each year, depending on career level; and years of service