We believe work is not a place, but rather a thing you do. Our technology revolves around this core philosophy. We are relentlessly committed to helping people work and play from anywhere, on any device. Innovation, creativity and a passion for ever-improving performance drive our company and our people forward. We empower the original mobile device: YOU!
What we're looking for:
As a Senior Manager, IAM you are a proven technology leader who will provide guidance for the Identity and Access Management (IAM) roadmap and implementation of RBAC and ABAC models for corporate identities in a hybrid environment.
You will lead a team of IAM engineers and will support the IAM strategy, governance, risk, and controls. You will work with the team and partner with the business to enhance rules and roles to improve the automation of the Joiner/Mover/Leaver processes and associated access and certification reviews. You will identify and document Segregation of Duties scenarios and compose applicable access control roles. You must be familiar with compliance and auditing controls required to implement corporate identity governance on cloud based and on-premise resources. This leadership role will work across all of IT as well with our business stakeholders. This role is open to remote employees in the United States, anywhere except Colorado
Implementing, integrating and supporting Okta's cloud technologies into Client's IAM environment.
Act as the subject matter expert in the identity and access management domain and RBAC. Contribute to the development of our client enterprise identity and access management strategy and RBAC.
Build, design test workflows, including connecting applications, import and edit data in a table, set schedule options
Execute and manage workflows with API endpoint, save date with flow history and repair an invalid flow
Design time and context-based identity entitlement, build automation to catch identity conflicts and lifecycle activity
Build and configure Joiners, Movers and leavers process
Create API code for plugging existing application to Okta authentication
Design Portal Identity management with Okta, Integrate and federate authentication with 3rd party portals
Design Dynamic access grants, granular link between identities and entitlements to be able to tell who has access to what and who is responsible for maintaining an entitlement.
Design frequent delta scans for changes since last scan, besides full scan, to support existing SLAs for new user on-boarding, role changes and terminations.
Automate and streamline existing processes and workflows. Manage IAM team and corporate stakeholders to design self-service capabilities in RBAC administration.
Partner with IAM Managed Services Vendor to ensure roles and rules are built appropriately as designed to meet requirements and compliance needs.
Analyze user access roles and processes to independently assess compliance with defined standards.
Regularly review and maintain documentation to ensure it reflects current processes and procedures and identifies opportunities for process improvement
Collate statistical data as requested in support of Operational and Performance metrics/measurements
Facilitate business process design as it relates to managing identities and access privileges such as architecture, delegated administration models, workflow models, and access control models.
Partner with application development teams to integrate with authentication service and implement best practices for authentication and authorization requirements for internal and external applications
Manage user Role for Access Control, Access Policy, and Privileged roles
Design delegation of access governance for specific catalogs to non-IT admins and Implement industry standard IAM and IGA concepts including least privilege and separation of duties for session management, password management, permission management, and entitlement management.
Ensure that data ownership and responsibilities are established for each authorization boundary, to include accountability, access rights, and special handling.
Design and configure risk scoring for entitlements and evaluate risk based on identity's assigned roles and access to resources and report the risk for proactive policy violation detection.
Automate the cleanup of excessive and unnecessary entitlements for policy enforcement.
Work with application owners to determine the best access policy for their application including admin accounts
7+ years' experience and a successful track record of leading and managing AIM IAM teams and RBAC and ABAC Controls.
10+ years of overall IAM/software development, solution design and technical architecture experience. In-depth experience with LCM and driving application architecture design
Experience with SCIM connectors, Okta Workflows
Experience with Okta Life cycle management
Experience in how legacy and web-based systems interfaces, Application Programmable Interfaces (APIs).
Strong knowledge of LDAP, Active Directory, SAML, SPML, SSO, RBAC
Strong knowledge of web protocols XML, SOAP, JSON, REST
Knowledge of software development security and cryptography.
Experience with MFA, SSO, Kerberos, SAML, OIDC, OAuth, Privileged Access Management (PAM)
Knowledge of Java EE, Ruby, Java, C, ksh/bash shell scripts, Python or Perl and other development frameworks.
Very proficient in all active directory and Azure tools
Demonstrated experience providing excellent customer service in a professional environment
Exceptional presentation skills. Ability to present to all levels including senior management and to facilitate discussions at the senior stakeholder level
Exceptional relationship management skills and an ability to influence and engage direct and indirect reports and peers
IT service availability and uptime experience/knowledge along with understanding of ITIL/ITSM processes
Preferred CISSP, CIAM, I&AM vendor or industry certification such as Okta, CSP technical certifications (Azure, AWS, GCP)
Requires broad management knowledge to lead project teams in one department.
Has mastery level knowledge and skills within a specific technical or professional discipline with broad understanding of other areas within the job function.
Requires a University Degree or equivalent experience and minimum 10 years prior relevant experience.
What you're looking for:
Our technology is built on the idea that everyone should be able to work from anywhere, at any time, and on any device. It's a simple philosophy that guides everything we do - including how we work. If you're an engineer, we'll give you plenty of ways to test your skills on cutting edge technology. We want employees to do what they do best, every day.
Be bold. Take risks. Imagine a better way to work. If this sounds like you then we'd love to talk.
Functional Area:IT Systems Engineering
Citrix is a cloud company that enables mobile workstyles. We create a continuum between work and life by allowing people to work whenever, wherever, and however they choose. Flexibility and collaboration is what we're all about. The Perks: We offer competitive compensation and a comprehensive benefits package. You'll enjoy our workstyle within an incredible culture. We'll give you all the tools you need to succeed so you can grow and develop with us.
Citrix uses applicant information consistent with the at
Citrix welcomes and encourages applications from people with disabilities. Reasonable accommodations are available on request for candidates taking part in all aspects of the selection process. If you are an individual with a disability and require a reasonable accommodation to complete any part of the job application process, please contact us at (877) 924-8749 or email us atfor assistance.
If this is an evergreen requisition, by applying you are giving Citrix consent to be considered for future openings of other roles of similar qualifications.
Citrix Systems, Inc. is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination on the basis of age, race, color, gender, sexual orientation, gender identity, ethnicity, national origin, citizenship, religion, genetic carrier status, disability, pregnancy, childbirth or related medical conditions, marital status, protected veteran status and other protected classifications.