AVP, Enterprise Authentication & Directory Services

About The Position

Requirements

• Mastery of Microsoft Active Directory (AD), Microsoft Entra ID (Azure AD), Azure AD Connect, Entra ID Governance, and Entra ID Protection.
• Strong foundational knowledge of Group Policy Objects (GPOs), Active Directory trust relationships, and domain consolidation strategies.
• Deep knowledge of LDAP, Kerberos, NTLM decommissioning, SAML 2.0, OIDC, OAuth, and modern API-driven identity patterns.
• Hands-on governance of Privileged Access Management platforms, specifically Delinea or equivalent secrets vaults.
• Proven experience utilizing Jira, Microsoft Project, or equivalent software development lifecycle (SDLC) tracking tools to manage massive infrastructure dependencies.
• Demonstrated ability to present technical migration roadmaps, risk-remediation logs, and executive steering committee KPIs clearly to C-level leadership.
• 7+ Years of progressive engineering and architectural experience in traditional, on-premises Microsoft Active Directory Domain Services (AD DS), including domain consolidation, GPO management, and legacy authentication protocols (LDAP, Kerberos, NTLM decommissioning).
• 7+ Years of deep architectural and deployment experience with Microsoft Entra ID (formerly Azure Active Directory), managing cloud-native identity planes, complex tenant migrations, and hybrid synchronization environments (Azure AD Connect / Entra Cloud Sync).
• 5+ Years managing cross-functional infrastructure engineering, cybersecurity, and technical project management teams.
• Proven Track Record of successfully executing multi-million-dollar Active Directory modernization programs, migrating legacy application stores to Entra ID, and implementing Privileged Access Management (PAM) vaulting solutions like Delinea
• Bachelor’s or Master’s degree in Computer Science, Information Security, Technical Project Management, or a related discipline.
• You must be 18 years or older
• You must have a high school diploma or equivalent
• You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
• You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
• Legal authorization to work in the U.S. is required.
• All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Nice To Haves

• Microsoft Certified: Identity and Access Administrator Associate (SC-300) OR Microsoft Certified: Enterprise Administrator Expert.
• Project Management Professional (PMP), Agile Certified Practitioner (PMI-ACP), Certified ScrumMaster (CSM), or CISSP.

Responsibilities

• Lead the multi-year modernization and migration roadmap and transition strategy away from legacy Active Directory Domain Services (AD DS) toward cloud native Microsoft Entra ID.
• Define architectural standards for a cohesive, resilient hybrid identity plane utilizing Azure AD Connect / Entra Cloud Sync while systematically reducing on-premises footprint.
• Govern authentication frameworks for enterprise systems (e.g., MySQL, Oracle), ensuring secure schema optimization, seamless Entra ID App Registrations, and modern protocol connectivity.
• Apply rigorous technical project management methodologies (Agile, Scrum, or Waterfall) to manage cross functional directory modernization pipelines.
• Own the program budget, statement of work (SOW) validations, risk registers, and critical path scheduling for complex, multi-phased IAM rollouts.
• Partner with Synchrony corporate change management teams to minimize business friction during global authentication updates, application cutovers, and user migrations.
• Overseeing Access Reviews, Entra Lifecycle Workflows (for automated joiner-mover-leaver processes), and Privileged Identity Management (PIM) to enforce just-in-time, least-privilege administrative access.
• Managing the transition from legacy Azure AD Connect to Entra Cloud Sync agent architectures, alongside systematically phasing out on-premises Active Directory Domain Services (AD DS).
• Governing the modernization of legacy application authentication by moving from local LDAP/Kerberos binds to modern Entra service principals, managed identities, and OAuth/OIDC permissions.
• Designing complex, contextual security boundary policies (incorporating user risk, sign-in risk, device compliance, and trusted locations).
• Tuning machine-learning risk engines to detect, block, or force self-service password resets for compromised credentials or anomalous user behavior.
• Strategizing long-term digital identity initiatives using decentralized identities and verifiable credentials for secure, B2B, or partner authentication.
• Overseeing the replacement of traditional corporate VPNs by routing traffic to internal hybrid environments (like your MySQL servers) securely via a Zero Trust network access (ZTNA) model.
• Deploying Secure Web Gateway (SWG) policies to protect users from malicious web traffic while monitoring cloud application access.
• Architecting multi-tenant collaborations, B2B guest user lifecycles, and consumer-facing authentication flows.
• Recruit, mentor, and lead a high-performing team of identity engineers, directory architects, and technical project managers.
• Ensure 99.99% availability of global directory infrastructure, establishing robust Entra Connect health monitors, disaster recovery, and automated failover pipelines.

Benefits

• eligible for an annual bonus based on individual and company performance.