Identity & Access Management Specialist

Job Title: Identity & Access Management (IAM) Specialist (Active Directory, Entra, Okta, SailPoint, CyberArk)

Location: Hybrid

SC Clearance Mandatory for this role.

Overview:

Join a dynamic Identity & Access Management team supporting both IT and Operational Technology systems within a critical utilities environment. This role focuses on implementing and managing corporate and operational identity solutions, ensuring compliance with relevant security frameworks, and supporting the transition of IAM services to third-party partners.

We are seeking a seasoned IAM professional with deep expertise in Active Directory, Entra ID (Azure AD), and Okta , along with experience or familiarity in SailPoint or CyberArk . The ideal candidate will support both Identity Governance & Administration (IGA) and Privileged Access Management (PAM) initiatives while enabling secure hybrid identity integrations across IT and OT platforms.

Key Responsibilities:

Project Delivery & Implementation:

• Support deployment of identity solutions for third-party smart access systems.
• Assist in designing IT and OT identity frameworks, identifying limitations, and resolving system inconsistencies.
• Facilitate smooth transitions across IT and OT environments, including hypercare and process adaptations.
• Investigate and resolve IAM security incidents, access anomalies, and authentication issues.
• Review and monitor Identity Threat Detection & Response (ITDR) systems.
• Collaborate with SOC teams to detect privileged account misuse and insider threats.

Identity & Access Management (IAM):

• Design, implement, and maintain IAM solutions leveraging Active Directory, Entra ID, Okta, SailPoint, and CyberArk.
• Configure Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Conditional Access Policies for OT integration with existing IT tooling.
• Define and enforce Role-Based Access Control (RBAC) and least privilege principles across enterprise and industrial systems.

Identity Governance & Administration (IGA) SailPoint:

• Implement and manage automated provisioning, deprovisioning, and access certifications via SailPoint.
• Build workflows for user lifecycle management, identity reconciliation, and compliance reporting.
• Integrate SailPoint with Active Directory, Entra ID, SAP, ServiceNow, and other enterprise systems.

Privileged Access Management (PAM) CyberArk:

• Administer CyberArk PAS for privileged account security.
• Manage Privileged Session Manager (PSM), Vault, and Endpoint Privilege Manager (EPM).
• Monitor privileged access, enforce Just-In-Time (JIT) access, and generate compliance reports.

Hybrid Identity & Security:

• Implement hybrid identity solutions connecting on-prem Active Directory with Azure AD, Okta, and SailPoint for OT environments.
• Apply Zero Trust principles and industry-standard security framework controls to IAM processes.

Compliance & Security:

• Ensure IAM solutions adhere to CAF, eCAF, NIST, and other regulatory frameworks.
• Conduct access audits, identity risk assessments, and compliance reporting.
• Work closely with cybersecurity, risk, and compliance teams to align IAM strategies with regulatory requirements.

Collaboration & Documentation:

• Partner with OT, cybersecurity, compliance, and risk teams to define policies and access controls.
• Develop IAM runbooks, playbooks, and conduct user access reviews.
• Provide IAM training and awareness for employees and technical teams.

Technical Skills & Experience:

• Directory Services: Active Directory (AD DS, AD FS, Group Policy, LDAP, Kerberos, NTLM); Microsoft Entra ID (Azure AD), Conditional Access, Identity Protection.
• IAM Platforms: Okta Identity Cloud SSO, MFA, API integrations, identity governance.
• OT/ICS Knowledge: SCADA, ICS, and OT identity management.
• Identity Governance: SailPoint IdentityNow/IdentityIQ access reviews, lifecycle automation, compliance workflows, and enterprise application integration.
• Privileged Access Management: CyberArk Vault administration, credential rotation, JIT access, session monitoring, compliance reporting.
• Security & Compliance: CAF, eCAF, NIST frameworks; IAM controls for critical infrastructure; incident response and threat detection.

Preferred Certifications:

• Microsoft Certified: Identity and Access Administrator Associate
• Okta Certified Administrator/Professional
• SailPoint IdentityNow/IdentityIQ Engineer
• CyberArk Defender/Guardian
• CISSP or Certified Identity and Access Manager (CIAM)

Preferred Industry Experience:

• OT cybersecurity best practices
• Hybrid cloud identity management for Azure & AWS

Please note - Candidate must have SC Clearance for this position.