Identity & Access Manager

About The Position

Requirements

• Ability to get licensed in all gaming jurisdictions where Boyd operates
• 7–10+ years of cybersecurity experience with at least 5 years focused on IAM leadership and operations.
• Deep technical mastery of IAM architecture, design, and implementation across hybrid cloud and on-prem environments.
• Expertise with SSO, MFA, Active Directory, PKI, privileged access management, APIs, and lifecycle automation.
• Experience with major regulations such as PCI, FFIEC, SOX, HIPAA, GDPR, GLBA, and frameworks such as ISO, NIST, ITIL.
• Demonstrated ability to develop long-range strategies, roadmaps, and enterprise security capabilities.
• Proven ability to evaluate technology platforms, lead POCs, and influence purchasing and modernization decisions.
• Experience working with SailPoint IIQ or ISC as the Identity Security & Governance platform
• Experience developing and implementing IAM strategy across a multi-property corporate enterprise
• Strong leadership, communication, mentorship, and stakeholder engagement skills.
• A bachelor's degree in computer science, Information Assurance, MIS, or similar experience is required.
• CISSP and/or SANS certifications (GSE); CISM preferred.

Nice To Haves

• Experience with AWS, Azure, or multi-cloud IAM solutions.
• Familiarity with ISO 27001, NIST CSF, HITECH, CIS, SOC 2, and state privacy laws.
• Working knowledge of Windows, Linux, Unix, and industry-leading IAM tools.
• Highly self-directed, strategic thinker with the ability to anticipate threats and design future-state controls.
• Demonstrates a high degree of integrity and the ability to lead by example.
• Experience operating in a multi-jurisdiction Gaming operations.
• Comfortable working with various regulatory groups through full audit lifecycle, i.e. SOX, PCI, Nevada Gaming
• Experience with a Privileged Access Management platform such as CyberArk
• Experience with ServiceNow ITSM
• Experience with Workday (HCM/FINS)
• Experience managing a hybrid geographically diverse team

Responsibilities

• Develop and own a multi-year IAM strategy and roadmap, including short-term (operational), mid-term (optimization), and long-term (transformational) initiatives.
• Evaluate, recommend, and lead adoption of new IAM technologies when needed to enhance security posture, scalability, and user experience.
• Maximize value from existing IAM platforms by optimizing configurations, driving adoption of underutilized features, and ensuring alignment with business objectives.
• Partner with executive leadership to align IAM strategy with enterprise risk, digital transformation, and technology modernization initiatives.
• Monitor and analyze industry trends, emerging threats, and regulatory changes to proactively evolve the IAM program.
• Define and measure key performance indicators (KPIs) and outcomes that clearly demonstrate the maturity and effectiveness of IAM services.
• Develop the long-term vision for IAM governance, lifecycle automation, privileged access strategy, and integration of behavioral analytics.
• Lead the IAM team responsible for deploying identity and access controls across geographically diverse environments.
• Ensure IAM standards, patterns, and implementation practices are consistently applied across all lines of business, including online and digital operations.
• Direct the implementation of IAM solutions consistent with policies, processes, and architectural standards.
• Ensure IAM systems are securely configured, well-documented, and maintained with rigor and consistency.
• Oversee governance across SSO, MFA, directory services, certificates, privileged access, automation, and analytics.
• Manage internal and external user access across organizational systems and third-party ecosystems.
• Oversee recurring access review processes, ensuring alignment with audit, certification, and regulatory requirements.
• Act as primary IAM liaison for incident response, SOC operations, application teams, and senior leadership.
• Participate in project and change management forums to ensure IAM controls are embedded early in solution design.
• Collaborate with auditors to establish, maintain, and demonstrate compliance with regulatory and privacy standards.
• Serve as a key contributor to disaster recovery and business continuity planning as it relates to IAM.