"Alerted.org

The position is described below. If you want to apply, click the Apply button at the top or bottom of this page. You'll be required to create an account or sign in to an existing one.

_If you have a disability and need assistance with the application, you can request a reasonable accommodation. Send an email to_ Accessibility ([email protected]?subject=Accommodation%20request) _(accommodation requests only; other inquiries won't receive a response)._

Regular or Temporary:

Regular

**Language Fluency:** English (Required)

Work Shift:

1st Shift (United States of America)

Please review the following job description:

The Principal IAM Engineer will define strategy, architecture, and delivery of enterprise-wide IAM solutions, ensuring security, scalability, and compliance with industry standards. Serving as a subject matter expert, this role guides design, leads integration and automation, and collaborates with security, infrastructure, HR, and application teams.

KEY RESPONSIBILITIES

Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time.

+ Define and develop a modern IAM Access Governance framework supported by policies, standards, and controls to support audit and regulatory compliance (e.g., CFIUS, NYDFS, SOX, HIPAA, GDPR) and zero-trust based solutions.

+ Support the design and own the implementation of the enterprise IAM architecture, aligning it with business needs, regulatory requirements, and industry best practices;

+ Provide technical direction and leadership for cyber integration engagements, ensuring seamless integration of IAM solutions with existing systems and processes.

+ Work across cross functional teams (e.g., Cyber, Technology Operations, Engineering and Architecture) to operationalize and scale framework to identify and assess IAM related risks and develop mitigation strategies to reduce vulnerabilities while setting clear service level expectations and measure performance against them.

+ Lead roadmap development for IAM technologies including single sign-on, multi-factor authentication, privileged access management, and identity governance and administration (IGA) and integration with key enterprise systems.

+ Operationalize a program for managing cloud-based identities and access controls; modernize integration with identity management tools, HR system of record, and internal systems and applications to streamline and automate provisioning across cloud and on premises environments.

+ Define, develop and implement a modern IAM framework of Just-in-Time (JIT) and role-based access control (RBAC) models.

+ Develop and implement strategies, policies and controls to reduce privileged access and streamline the management of privileged entitlements, including hardening of PAM policies to ensure robust controls for critical applications supporting a least privilege model.

+ Partner with leadership to define and develop IAM metrics, KPIs, and service-level objectives (SLOs); utilize user data analytics to identify process re-engineering, automation opportunities, and data-driven risk remediation.

+ Define operations and administration optimization and IAM related self-service programs that provide customers with an efficient and effective workflow.

+ Partner with Security Operations and Threat Intelligence teams to implement access compromise detections as part of a holistic IAM observability and detections program.

+ Develop strong relationships with business colleagues to fully understand and deliver solutions to meet their business needs, while using diplomacy and relationships to advance our risk management program.

EDUCATION AND EXPERIENCE

The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

+ Minimum 10 years’ experience in a technical service-related field with a minimum of 7+ years’ proven work experience as a IAM technical lead is required.

+ 5-7 years of directly related experience including working with enterprise IAM products, commercial IAM products for a sizable enterprise (preferably 15,000+ employees/identities), user provisioning, and developing solutions for Identity Management, PAM, Single Sign-On & Reduced Sign-On, and Cloud Access Management.

CERTIFICATIONS, LICENSES, REGISTRATIONS

+ IAM or Security certifications: CISSP, CCSP, CCSP, Saviynt Certified Professional, or Microsoft Certification preferred.

FUNCTIONAL SKILLS

+ Experience with Information Security frameworks and standards (e.g., as NIST, SOC 2, and the Cybersecurity Profile) and interpreting regulatory requirements (CFIUS, NYDFS, SOX, HIPAA, GDPR) into actionable controls.

+ Extensive experience in knowledge and familiarity with cloud-based IAM/PAM solutions such as Saviynt, CyberArk, MS Entra-ID, Azure PIM.

+ Experience in process re-engineering, automation, and data-driven risk remediation.

+ Proficiency in scripting and automation (e.g., PowerShell, Python, REST APIs)

+ Ability to identify and assess IAM risk(s) and implement effective mitigation strategies.

+ Successful track record designing, developing, and executing complex projects in more than one area of functional expertise.

+ Demonstrated capacity to establish and maintain working relationships with Senior Management across functional groups and business units. Skilled in influencing or gaining acceptance from others in sensitive situations, while maintaining professional relationships.

**General Description of Available Benefits for Eligible Employees of CRC Group:** At CRC Group, we're committed to supporting every aspect of teammates' well-being – physical, emotional, financial, social, and professional. Our best-in-class benefits program is designed to care for the whole you, offering a wide range of coverage and support. Eligible full-time teammates enjoy access to medical, dental, vision, life, disability, and AD&D insurance; tax-advantaged savings accounts; and a 401(k) plan with company match. CRC Group also offers generous paid time off programs, including company holidays, vacation and sick days, new parent leave, and more. Eligible positions may also qualify for restricted stock units and/or a deferred compensation plan.

_CRC Group supports a diverse workforce and is an Equal Opportunity Employer that does not discriminate against individuals on the basis of race, gender, color, religion, citizenship or national origin, age, sexual orientation, gender identity, disability, veteran status or other classification protected by law. CRC Group is a Drug Free Workplace._

EEO is the Law (https://www.eeoc.gov/sites/default/files/2022-10/EEOC\_KnowYourRights\_screen\_reader\_10\_20.pdf) Pay Transparency Nondiscrimination Provision E-Verify (https://e-verify.uscis.gov/web/media/resourcesContents/E-Verify\_Participation\_Poster\_ES.pdf)

Join CRC Group, a leader in specialty wholesale insurance, and take your career to new heights. We're a dynamic team dedicated to innovation, collaboration, and excellence.

Why CRC Group?

• Growth: Advance your career with our learning and leadership development programs.

• Innovation: Work in a forward-thinking environment that values new ideas.

• Community: Be part of a supportive team that celebrates success together.

• Benefits: Enjoy competitive compensation, health benefits, and retirement plans.

Who We’re Looking For

We seek passionate individuals who thrive in a fast-paced, collaborative environment. If you value integrity and are driven to succeed, CRC Group is the place for you.