asurion
Director, Identity and Access Management
Job description
Position Overview
We are seeking a strategic and transformational Director of Identity & Access Management (IAM) to lead the evolution of our global identity security program in a modern, AI-enabled enterprise environment. This leader will oversee the design, governance, and operation of identity services across workforce, customer, partner, machine, and AI-agent ecosystems.
The Director of Identity Governance and Privileged Access will lead the modernization of enterprise identity and access management at Asurion . This role owns strategy, roadmap, governance, control design, and execution oversight across identity lifecycle management, access governance, privileged access, access reviews, non-human identity governance, and identity-related risk reduction. The leader will drive the transition from SailPoint on-premise to SailPoint Identity Security Cloud, mature Cyber Ark Privileged Access Management, and provide enterprise governance for federation and identity assertion practices (e.g., Ping Identity/PingFederate). Operating as a senior, hands-on strategist and program leader, the Director partners closely with HR, IT, Security Operations, Cloud/DevOps, application owners, and GRC to deliver measurable risk reduction and sustainable IAM capabilities aligned to business priorities.
Key Responsibilities
•
Identity Governance and SailPoint Transformation
•
Own enterprise identity governance strategy and lead migration from SailPoint on-premise to SailPoint Identity Security Cloud.
•
Develop and execute the SailPoint cloud roadmap, including migration sequencing, integrations, operating model, stakeholder engagement, and post-migration optimization.
•
Strengthen joiner/mover/leaver processes to ensure timely and complete provisioning, deprovisioning, access changes, and termination processing.
•
Expand SailPoint coverage across core systems, SaaS, cloud platforms, non-integrated and high-risk applications.
•
Establish identity lifecycle assurance controls for provisioning accuracy, workflow failure handling, and manual access oversight.
•
Design risk-based access certification programs with campaign governance, remediation tracking, evidence retention, and escalation.
•
Improve entitlement governance by rationalizing roles, birthright access, privileged entitlements, toxic combinations, and excessive access.
•
Define and implement Segregation of Duties policies, control mappings, exceptions, and periodic validation.
•
Privileged Access Management and CyberArk Maturity
•
Own enterprise PAM strategy and CyberArk maturity roadmap.
•
Expand CyberArk coverage across infrastructure, directories, cloud, databases, applications, service and admin accounts, and emergency access paths.
•
Lead privileged account discovery, onboarding prioritization, credential rotation, safe design, platform integrations, session recording, and privileged access reviews.
•
Reduce standing privilege through time-bound and just-in-time models with strong approval and monitoring.
•
Operationalize privileged access policies for ownership, approvals, break-glass governance, session monitoring, password rotation, and exception expiration .
•
Partner with Security Operations to enhance detection and monitoring for privileged misuse and anomalous admin behavior.
•
Define and track PAM KPIs/KRIs, including coverage, rotation compliance, standing privilege reduction, session recording, and onboarding progress.
•
Authentication, Federation, and Identity Assertion Governance
•
Provide enterprise governance over federation and identity assertion (Ping Identity/PingFederate, SAML, OIDC, OAuth), including certificate and token management.
•
Set standards, control requirements, and checkpoints for federated access in partnership with platform owners.
•
Establish requirements for secure configurations, token lifetime, claim governance, assertion validation, and application onboarding.
•
Influence architecture and engineering teams to align federation patterns with security requirements.
•
Support risk-based authentication standards (MFA, contextual controls, privileged user and remote access).
•
Non-Human Identity and Service Account Governance
•
Develop governance for service accounts, machine identities, API credentials, secrets, certificates, and cloud workload identities.
•
Define ownership, lifecycle, rotation, monitoring, review, and decommissioning requirements.
•
Establish governance frameworks for AI-enabled systems, autonomous agents, and machine-driven workflows.
•
Partner with Cloud, DevOps, Infrastructure, Application Engineering, and CyberArk teams to reduce unmanaged service accounts and increase visibility.
•
Implement risk-based recertification focusing on privileged, internet-facing, sensitive data, and critical environments.
•
Access Risk, Policy, and Exception Governance
•
Create centralized IAM exception governance for deviations, manual access, privileged and federation exceptions, and legacy integrations.
•
Define approval, business justification, expiration , compensating controls, risk acceptance, and recurring review criteria.
•
Align identity controls with policy, audit, regulatory, and contractual obligations in partnership with GRC, Legal, Compliance, HR, and IT.
•
Translate IAM risks for executive reporting, including residual risk, orphaned accounts, review findings, lifecycle failures, and authentication gaps.
•
Support enterprise policy updates across identity lifecycle, access governance, PAM, authentication, federation, SoD , service accounts, and reviews.
•
Metrics, Reporting, and Continuous Improvement
•
Define and maintain an IAM metrics framework aligned to enterprise cyber risk priorities and NIST CSF outcomes.
•
Deliver dashboards for SailPoint migration progress, onboarding, access review completion, deprovisioning timeliness, orphaned accounts, PAM coverage, exceptions, and service account governance.
•
Use metrics to drive prioritization, executive decisions, audit readiness, and continuous improvement.
•
Establish a repeatable process to track and close remediation actions from audits, incidents, reviews, penetration tests, and control failures.
•
Develop a multi-year IAM maturity roadmap aligned to cybersecurity strategy, business priorities, and risk reduction.
Education and Experience
•
Bachelor’s degree in Information Security , Computer Science, Information Systems, or related field; advanced degree preferred.
•
10+ years of progressive experience in Identity and Access Management, including 5+ years leading enterprise IAM programs.
•
Demonstrated leadership of SailPoint IdentityIQ or Identity Security Cloud migrations and large-scale IGA deployments.
•
Hands-on leadership maturing CyberArk or equivalent PAM platforms across hybrid environments.
•
Experience governing federation and modern authentication (Ping Identity/PingFederate, SAML, OIDC, OAuth).
•
Proven track record building IAM operating models, controls, metrics, and executive reporting.
•
Successful delivery of risk reduction outcomes in complex, regulated, or global organizations.
Knowledge, Skills, and Abilities
•
Deep expertise in identity lifecycle, access governance, role and entitlement modeling, SoD , and certification design.
•
Strong understanding of PAM principles, just-in-time access, session monitoring, credential rotation, and privilege reduction.
•
Knowledge of non-human identity governance, secrets management, API credentials, and certificate lifecycle management.
•
Familiarity with NIST CSF, regulatory expectations, audit practices, and control frameworks relevant to IAM.
•
Familiarity with AI/LLM governance and identity controls for AI-enabled platforms.
•
Ability to translate technical risk into business terms and influence senior stakeholders.
•
Program and change management skills to lead cross-functional migrations and operating model transitions.
•
Excellent communication, stakeholder engagement, and vendor/partner management skills.
Travel Requirements
N/A
Physical Demands
•
Stationary Position: Frequently
•
Vision: 20/20 corrected vision
•
Hearing: Receive detailed information if spoken to
Working Conditions


