About The Position

We are seeking a strategic and transformational Director of Identity & Access Management (IAM) to lead the evolution of our global identity security program in a modern, AI-enabled enterprise environment. This leader will oversee the design, governance, and operation of identity services across workforce, customer, partner, machine, and AI-agent ecosystems. The Director of Identity Governance and Privileged Access will lead the modernization of enterprise identity and access management at Asurion. This role owns strategy, roadmap, governance, control design, and execution oversight across identity lifecycle management, access governance, privileged access, access reviews, non-human identity governance, and identity-related risk reduction. The leader will drive the transition from SailPoint on-premise to SailPoint Identity Security Cloud, mature CyberArk Privileged Access Management, and provide enterprise governance for federation and identity assertion practices (e.g., Ping Identity/PingFederate). Operating as a senior, hands-on strategist and program leader, the Director partners closely with HR, IT, Security Operations, Cloud/DevOps, application owners, and GRC to deliver measurable risk reduction and sustainable IAM capabilities aligned to business priorities.

Requirements

  • Bachelor’s degree in Information Security, Computer Science, Information Systems, or related field; advanced degree preferred.
  • 10+ years of progressive experience in Identity and Access Management, including 5+ years leading enterprise IAM programs.
  • Demonstrated leadership of SailPoint IdentityIQ or Identity Security Cloud migrations and large-scale IGA deployments.
  • Hands-on leadership maturing CyberArk or equivalent PAM platforms across hybrid environments.
  • Experience governing federation and modern authentication (Ping Identity/PingFederate, SAML, OIDC, OAuth).
  • Proven track record building IAM operating models, controls, metrics, and executive reporting.
  • Successful delivery of risk reduction outcomes in complex, regulated, or global organizations.
  • Deep expertise in identity lifecycle, access governance, role and entitlement modeling, SoD, and certification design.
  • Strong understanding of PAM principles, just-in-time access, session monitoring, credential rotation, and privilege reduction.
  • Knowledge of non-human identity governance, secrets management, API credentials, and certificate lifecycle management.
  • Familiarity with NIST CSF, regulatory expectations, audit practices, and control frameworks relevant to IAM.
  • Familiarity with AI/LLM governance and identity controls for AI-enabled platforms.
  • Ability to translate technical risk into business terms and influence senior stakeholders.
  • Program and change management skills to lead cross-functional migrations and operating model transitions.
  • Excellent communication, stakeholder engagement, and vendor/partner management skills.

Responsibilities

  • Own enterprise identity governance strategy and lead migration from SailPoint on-premise to SailPoint Identity Security Cloud.
  • Develop and execute the SailPoint cloud roadmap, including migration sequencing, integrations, operating model, stakeholder engagement, and post-migration optimization.
  • Strengthen joiner/mover/leaver processes to ensure timely and complete provisioning, deprovisioning, access changes, and termination processing.
  • Expand SailPoint coverage across core systems, SaaS, cloud platforms, non-integrated and high-risk applications.
  • Establish identity lifecycle assurance controls for provisioning accuracy, workflow failure handling, and manual access oversight.
  • Design risk-based access certification programs with campaign governance, remediation tracking, evidence retention, and escalation.
  • Improve entitlement governance by rationalizing roles, birthright access, privileged entitlements, toxic combinations, and excessive access.
  • Define and implement Segregation of Duties policies, control mappings, exceptions, and periodic validation.
  • Own enterprise PAM strategy and CyberArk maturity roadmap.
  • Expand CyberArk coverage across infrastructure, directories, cloud, databases, applications, service and admin accounts, and emergency access paths.
  • Lead privileged account discovery, onboarding prioritization, credential rotation, safe design, platform integrations, session recording, and privileged access reviews.
  • Reduce standing privilege through time-bound and just-in-time models with strong approval and monitoring.
  • Operationalize privileged access policies for ownership, approvals, break-glass governance, session monitoring, password rotation, and exception expiration.
  • Partner with Security Operations to enhance detection and monitoring for privileged misuse and anomalous admin behavior.
  • Define and track PAM KPIs/KRIs, including coverage, rotation compliance, standing privilege reduction, session recording, and onboarding progress.
  • Provide enterprise governance over federation and identity assertion (Ping Identity/PingFederate, SAML, OIDC, OAuth), including certificate and token management.
  • Set standards, control requirements, and checkpoints for federated access in partnership with platform owners.
  • Establish requirements for secure configurations, token lifetime, claim governance, assertion validation, and application onboarding.
  • Influence architecture and engineering teams to align federation patterns with security requirements.
  • Support risk-based authentication standards (MFA, contextual controls, privileged user and remote access).
  • Develop governance for service accounts, machine identities, API credentials, secrets, certificates, and cloud workload identities.
  • Define ownership, lifecycle, rotation, monitoring, review, and decommissioning requirements.
  • Establish governance frameworks for AI-enabled systems, autonomous agents, and machine-driven workflows.
  • Partner with Cloud, DevOps, Infrastructure, Application Engineering, and CyberArk teams to reduce unmanaged service accounts and increase visibility.
  • Implement risk-based recertification focusing on privileged, internet-facing, sensitive data, and critical environments.
  • Create centralized IAM exception governance for deviations, manual access, privileged and federation exceptions, and legacy integrations.
  • Define approval, business justification, expiration, compensating controls, risk acceptance, and recurring review criteria.
  • Align identity controls with policy, audit, regulatory, and contractual obligations in partnership with GRC, Legal, Compliance, HR, and IT.
  • Translate IAM risks for executive reporting, including residual risk, orphaned accounts, review findings, lifecycle failures, and authentication gaps.
  • Support enterprise policy updates across identity lifecycle, access governance, PAM, authentication, federation, SoD, service accounts, and reviews.
  • Define and maintain an IAM metrics framework aligned to enterprise cyber risk priorities and NIST CSF outcomes.
  • Deliver dashboards for SailPoint migration progress, onboarding, access review completion, deprovisioning timeliness, orphaned accounts, PAM coverage, exceptions, and service account governance.
  • Use metrics to drive prioritization, executive decisions, audit readiness, and continuous improvement.
  • Establish a repeatable process to track and close remediation actions from audits, incidents, reviews, penetration tests, and control failures.
  • Develop a multi-year IAM maturity roadmap aligned to cybersecurity strategy, business priorities, and risk reduction.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service