Workforce Identity and Directory Services, VP - Enterprise Technology

About The Position

Requirements

• 10+ years of progressive experience in IT infrastructure with a focus on Active Directory and identity management, including at least 5 years in an architect or senior engineering capacity.
• Deep knowledge of Microsoft 365 from an identity and access management perspective, including Exchange Online, SharePoint Online, and Teams integration with Entra ID, M365 group and license management, app consent frameworks, service principals, and Microsoft 365 Defender for identity related threat detection.
• Deep fluency in authentication and federation protocols, including SAML, OAuth 2.0, OpenID Connect, WS-Federation, Kerberos, LDAP, and NTLM, with a track record of migrating environments away from legacy protocols.
• Experience implementing passwordless authentication strategies, including FIDO2, Windows Hello for Business, and certificate-based authentication via PKI.
• Hands-on experience with Active Directory security assessment and hardening tools such as BloodHound, PingCastle, and Purple Knight for attack path analysis and security posture evaluation.
• Knowledge of service account governance, including Group Managed Service Accounts (gMSA), and endpoint security tooling such as LAPS.
• Proficiency with PowerShell, Terraform, DSC, and Microsoft Graph API for identity infrastructure automation, reporting, and configuration drift detection.
• Working knowledge of NIST, SOX, or other regulatory compliance frameworks as they relate to identity management and PKI governance.
• Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate, Azure Solutions Architect Expert, or Cybersecurity Architect Expert.
• Proven track record of building, mentoring, and managing high-performing identity engineering teams.
• Excellent communication and stakeholder management skills, to include translating complex identity concepts for non-technical audiences and influence at all levels of the organization.

Nice To Haves

• Identity architecture and strategic technology vision
• Enterprise security and zero trust mindset
• Deep technical problem solving across complex, multi-forest AD environments
• Stakeholder management and executive communication
• Strong ownership, accountability, and bias toward action
• Experience in financial services, private equity, or other highly regulated industries.

Responsibilities

• Serve as the primary owner and point-of-contact for all Active Directory infrastructure, strategy, and operations across on-premises and cloud environments.
• Lead and execute a long-term technology roadmap to modernize the Active Directory environment, including forest and domain consolidation, AD tiering model implementation, strategic reduction and decommissioning of on-premises domain controllers, and accelerating workload migration from on-premises AD to Microsoft Entra ID.
• Architect and govern enterprise Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), DNS, and DHCP, PKI, ensuring high availability, disaster recovery readiness, and security at scale.
• Drive the adoption and optimization of Microsoft Entra ID security features, including Conditional Access, Identity Protection, Identity Governance, Workload Identities, and Entra Permissions Management.
• Govern Entra ID external collaboration and application identity, including cross-tenant access policies, B2B guest account lifecycle, app registration and enterprise application management, API permission and consent policy governance, and service principal security and credential rotation.
• Manage hybrid Active Directory environments, including Azure AD Connect / Cloud Sync configuration, seamless SSO, pass-through authentication, and directory synchronization health monitoring.
• Design and enforce Group Policy architecture at scale, including GPO lifecycle management, security baselines, and policy inheritance strategies across complex OU structures.
• Establish and enforce identity security best practices, policies, and standards across the organization in alignment with zero trust principles and AD tiering models (Enhanced Security Admin Environment).
• Oversee Kerberos, NTLM, LDAP, and certificate-based authentication protocols, driving migration away from legacy protocols toward modern authentication standards.
• Lead AD Forest and domain trust management, replication topology optimization, Sites and Services configuration, and schema extension governance.
• Partner with Security, Compliance, and Risk teams to ensure identity infrastructure meets regulatory and audit requirements, including SOX, NIST, and industry-specific mandates.
• Oversee incident response, disaster recovery, and root cause analysis for identity-related security events, AD replication failures, and service disruptions.
• Evaluate emerging identity technologies and industry trends including passwordless authentication, decentralized identity, and AI-driven threat detection to inform strategic planning and investment decisions.

Benefits

• comprehensive health benefits, including but not limited to medical, dental, vision, and FSA benefits
• paid time off
• life insurance
• 401(k) plan
• discretionary bonuses
• equity and other incentive compensation