Principal Identity and Access Management Architect

Cox Automotive is seeking a Principal Identity and Access Management (IAM) Architect who will be responsible for designing, implementing, and maintaining IAM solutions, ensuring secure user access to organizational resources. This architect will also be responsible for developing and executing the IAM strategy, aligning it with the overall enterprise security roadmap. This role involves managing risks, collaborating with various stakeholders, and staying current on emerging technologies.
Key success factors include:
Deep understanding of IAM principles:

• This includes authentication, authorization, access control, lifecycle management, privileged access management, and identity governance.

Experience with various IAM technologies:

• This can include Identity Providers (IdPs) like Azure Active Directory, Okta, or Ping Identity, IAM platforms, and other related tools.

Knowledge of security best practices:

• This includes understanding concepts like least privilege, separation of duties, multi-factor authentication, and zero trust security principles.

Hands-on experience:

• The ability to design, implement, and manage IAM solutions in a real-world environment is crucial.

This role will directly report to the Senior Director of Cybersecurity IAM at Cox Automotive.
Key Responsibilities

• Develop and own the overall IAM architecture strategy, standards, and roadmap.
• Design scalable, secure IAM solutions include authentication, authorization, identity governance, and privileged access management.
• Lead technical design and implementation of IAM platforms such as Okta, SailPoint, CyberArk, Microsoft Entra, Ping Identity, etc.
• Define IAM policies, roles, and entitlements that align with business and compliance requirements
• Collaborate with engineering, application, and infrastructure teams to integrate IAM capabilities across the environment.
• Evaluate emerging IAM technologies and recommend adoption strategies.
• Mentor junior IAM engineers and architects, fostering growth and knowledge sharing.
• Serve as a subject matter expert for internal and external stakeholders on IAM-related initiatives.

Minimum Requirements:

• Bachelor's degree in a related discipline and 10+ years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 8 years' experience; a Ph.D. and 5 years' experience in a related field; or 22 years' experience in a related field.
• Identity & Access Management (IAM):
  • In-depth knowledge of IAM frameworks and principles.
  • Experience with Identity Governance & Administration (IGA), Privileged Access Management (PAM), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC).
  • Expertise in Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Federated Identity Management.
• Cloud and Enterprise Security:
  • Strong understanding of Zero Trust Architecture.
  • Experience with Cloud IAM platforms such as Azure AD, AWS IAM, and Google Cloud IAM.
  • Proficiency in secure API authentication (OAuth 2.0) and identity lifecycle management.
• Compliance and Standards:
  • Knowledge of security compliance and regulatory standards (e.g., ISO 27001, NIST, GDPR, SOX).
• Directory and Authentication Services:
  • Proficient in Active Directory (AD), Azure AD, LDAP, SAML, Kerberos, and certificate-based authentication.
  • Understanding of authentication protocols including OIDC, OAuth, and SAML.
• IAM Tools and Platforms:
  • Hands-on experience with tools such as Okta, Ping Identity, Microsoft Entra ID, SailPoint, and CyberArk.
• Development and Automation:
  • Experience in identity workflow automation and provisioning.
  • Proficiency in API development for IAM integration.
  • Familiarity with scripting languages such as Python, PowerShell, and JavaScript for security automation.
  • Understanding of CI/CD pipelines for IAM deployment.

USD 159,400.00 - 265,600.00
Compensation:
Compensation includes a base salary of $159,400.00 - $265,600.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.