Learn more about this opportunity.


Senior Manager Identity and Access Management

Function: Technology
Location: North America HQ, Broomfield, CO US
Date posted: 11/7/2017 4:58:09 AM
Type: Full-time
Permanent / Contract: Regular
Job number: 1031539
Position Summary

We are looking for a Senior Manager and technical department leader of Identity and Access Management responsible for leading all aspects of IAM, lead the migration from our current CA SiteMinder/IdentityMinder implementations to a cloud-based IDaaS solution and leading the operations of Enterprise IAM going forward. Additional responsibilities include leading and directing various new ongoing development/enhancements and application onboarding projects.  Reporting to the Director of Information Security Operations, this individual will ensure that our enterprise-wide IAM applications and solutions meet the highest levels of performance, quality, and reliablity.


Primary Responsibilities

  • Lead global IAM architecture, design and planning activities consistent with company objectives and generally accepted principles.
  • Develop and continuously improve the technology roadmap for the enterprise IAM platform and lead the creation and implementation of solutions that meet highly complex technical and business issues.
  • Lead system development life cycle activities and environment management activities.  Work with Staples Operations to deploy and integrate new technologies into approved environments
  • Lead the identifcation and development of IAM automation opportunities.
  • Work across the SDS team including security and compliance teams to create required auditing and reporting processes.  Ensure solutions are aligned with Security, Infrastructure and the Architecture Review Board input.
  • Lead the design and development of the IAM provisioning and de-provisioning processes / workflows of accounts across various internal and external systems levergiong  the IDaaS Identity Management cloud capabilities. 
  • Lead the development and configuration of adapters and connectors across various systems and databases used for account provisioning, de-provisioning and updates to user accounts
  • Lead the installation and administration of SSO infrastructure. Ensure policies, configuration, and authentication repositories are developed. Position requires familiarity with other SSO products – special consideration for knowledge of ForgeRock.
  • Lead the Directory Services team in the implementation of global authentication / authorization LDAP solution for applications and operating system logins.
  • Partner with appropriate application teams to scope needs, work effort required, costs, and subsequent designs for integration.  Work with various business and application teams in integrating and on-boarding of applications onto SSO platform using Policy Agents, SAML (SaaS) or through webservices
  • Manage existing IAM infrastructure and lead Level 2/3 support. Partner with help desk and other teams to troubleshoot and resolve/ fix issues and bugs.  After-hours work as needed for Level 3 escalations and/or deployments.
  • Partner with Enterprise Architecture and Business teams to identify new areas where IAM can be utilized, and enhance IAM capabilities to address new business needs.  Review and lead the implementation of technologies that will create efficiencies or improve time to market. 
  • Lead the consulting for highly complex application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT standards and policies, industry regulations, and best practices.
  • Establish and Implement standards and guidelines for the design of technology solutions, including implementing solutions requiring integration of multiple platforms, operating systems and applications across the enterprise.
  • Lead resolution of highly complex global problems.


Minimum Requirements:

  • Minimum 4 years’ experience with Identity and Access Management Engineering.
  • Minimum 2 years’ experience with LDAP/Directory Server technology and engineering.
  • Minimum 4 years experience leading technical teams.
  • Bachelor's degree or 12 years of relevant work experience
Preferred Qualifications:
  • Ability to lead and motivate experienced technology team members.
  • High level of expertise in multiple and complex IAM system environments.  In depth knowledge of more specific platforms and the technology to support them.
  • Hands-on experience in 5 or more of the following: CA IdentityMinder, ForgeRock Identity Manager, Sun Identity Manager (Oracle Waveset 8.x) or similar tools (Oracle IDM, IBM TIM, SailPoint) and/or CA SiteMinder or similar solutions (Sun openSSO, Oracle Access Manager, IBM TAM).  LDAP, SAML 2.0, Federation technologies, Kerberos, Active Directory, Exchange, J2EE, JAVA, JMS, JCA, XML, SOAP, OAUTH, Oracle DB and WebSphere technology stack, Multifactor Authentication, Virtual Directories, high performance LDAP environments.
  • Hands-on experience with at least one Directory Server/LDAP technology such as ODSEE, IBM TDS, OpenLDAP, OID, CA Directory Server, OUD, OpenDS.
  • Scripting and programming skills, shell/Perl, interfacing to LDAP using APIs.
  • Hands-on experience in design, installation, configuration, and maintenance of the Identity and Access management applications and infrastructure, including Policy Servers and agent install/config, setting up policies, etc.
  • Experienced in deploying SSO integration for password management utilities, and SaaS/Federated integrations
  • Experience in Developing and Implementing Access Request forms/workflows and provisioning / de-provisioning of user access. Customization of product functionality to meet business requirements. IDM Logic SIGMA experience preferred.
  • Knowledge of web technologies such as WebSphere, JBoss, Tomcat, IHS, IIS. Strong skills in J2EE and JaaS
  • Experience with capacity and resource planning, risk assessments and mitigations, and creating contingency plans for highly complex global systems.
  • Experience with Oracle, SQL Server and/or other relational database
  • Experience managing complex directory service environments on a global scale.  Ability to work with globally distributed and cross-functional teams.
  • Experience with company acquisitions and the integration of services dependent on centralized Directory Services
  • Experience with CyberArk for Privileged Account Management.
  • Unix/Linux experience on physical or virtual systems
  • Experience working in PCI/SOX controlled environments
  • Use of ITIL methodologies for path-to-production
  • Ability to troubleshoot and resolve issues quickly, identifying the best option in an emergency situation
  • Project leadership ability including mapping out technical and business dependencies, milestones and timelines. QA/test experience is a plus.
  • Ability to work with geographically disparate teams and interact with technical and business personnel across the global enterprise
  • Demonstrated experience with all phases of the system development lifecycle at an enterprise level

Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, age, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law.


Link for schema

There's more to explore