Access Management Service Delivery Manager

Biogen

8d•$160,000 - $220,000

About The Position

As Biogen’s Access Management Service Delivery Manager (SDM) you are the Access Management subject matter expert and services leader for all Access Management activities at Biogen. This role is accountable for delivering value to global stakeholders – which includes access services to every application in Biogen. A peer to this role is the Service Delivery Manager of Identity. This role is a direct report of the Global Leader of Identity and Access Management and is a member of the extended leadership team within the Cybersecurity organization. As Access Management SDM, you are responsible for establishing access management policies and standards and keeping them current. You are responsible for the planning and execution of initiatives that improve access management capabilities – both central platforms or efforts supporting independent stakeholder applications. This role is responsible for the entire service delivery process, from planning and implementing service strategies to monitoring and reporting on service performance. Long-term, the largest lever to improve service delivery is through automation into target applications. While >95% of access transactions originate through our Biogen Access Management (BAM) platform, less than 25% are fulfilled through automation. In other words, 75% of requests require manual fulfillment by independent application teams. In the near-term, this role will work with their peer in Identity to automate the onboarding, lifecycle and deprovisioning of all types of privileged accounts. This is done manually today via BAM requests and for security’s sake, deserves to be automated. A long-term objective for this role is to work with the application owners across Biogen to adopt access automation. This role manages the performance of an integrated team, ensuring that service delivery meets or exceeds stakeholder expectations. You will serve as the business process owner for access management policy, standards and processes which includes: Authorization (Permissions): Determining what an authenticated user is allowed to do. Common models include: RBAC (Role-Based): Access granted based on job functions (e.g., "HR Manager"). ABAC (Attribute-Based): Access based on dynamic factors like location, time of day, or device security posture. Administration (Lifecycle Management): Managing the full lifespan of a digital identity, from provisioning (creation) and maintenance (role changes) to deprovisioning (deletion when a user leaves). Auditing & Reporting (Accountability): Tracking and recording user activities to maintain a clear audit trail.

Requirements

At least 7 years of focused Access Management experience, including:
Authorization (Permissions)
Administration (Lifecycle Management)
Auditing & Reporting (Accountability)
10+ years of cybersecurity experience across domains is preferred
Proven success in managing complex programs and projects, including:
Demand Management
Project Management
Requirements Definition and Management
Software Design
Configuration Management
Integration and System Testing
Strong track record of achieving customer success with business stakeholders beyond IT and Cyber domains
A track record of customer success with business stakeholders outside of the IT and Cyber organizations.
The ability to implement lasting solutions and services to multiple stakeholder
Demonstrated success in talent development and management.
Bachelor’s Degree in a related field

Nice To Haves

Experience with automation and process improvement in an IAM context, especially access management.
Familiarity with regulatory compliance standards such as SOX and GxP including:
Risk Management
Quality Management

Responsibilities

Continuous measurement and planning
Establish stakeholder credibility with thoughtful planning.
Identify what processes and/or manual transactions to improve and execute – largely through standards and automation.
Proven via metrics and working with stakeholders, prioritize opportunities with existing processes, service lines and technologies, build project plans, enhancements and ad hoc operational plans that are realistic and exceed the expectations of stakeholders.
Plans account for business/customer needs, user experience, and sets up the performing units/teams for success by sizing the complexity and effort accurately.
Execution
Own and drive forward projects, enhancements, and be the responsible owner for addressing ad-hoc operational “issues” - responsible and accountable for managing
Establishing realistic timelines
Deliverables
Resource Management
Change Management
Stakeholder Management
Stakeholder, Risk Management and Problem Solving
Working cross-functionally as the access management SME to support needs of stakeholder projects, enhancement and operational matters that arise across our global IAM ecosystem.
Anticipate and work through risks and ad hoc issues that always arise with complex infrastructures
This includes command and control of major incidents that arise impacting core service lines
Policy and standards setting – Enforcing compliance
Establish policies, procedures, and standards – keep them current through periodic review and change management.
Establish appropriate KPIs and measure compliance.
Support regulatory requirements (ie. SOX, GxP) and direct/indirect audits.

Benefits

Medical, Dental, Vision, & Life insurances
Fitness & Wellness programs including a fitness reimbursement
Short- and Long-Term Disability insurance
A minimum of 15 days of paid vacation and an additional end-of-year shutdown time off (Dec 26-Dec 31)
Up to 12 company paid holidays + 3 paid days off for Personal Significance
80 hours of sick time per calendar year
Paid Maternity and Parental Leave benefit
401(k) program participation with company matched contributions
Employee stock purchase plan
Tuition reimbursement of up to $10,000 per calendar year
Employee Resource Groups participation