Job Title: Identity & Access Management (IAM) Specialist – (Active Directory, Entra, Okta, SailPoint, CyberArk)

Location: Hybrid

Overview

Join a dynamic Identity & Access Management team supporting both IT and Operational Technology systems within a critical utilities environment. This role focuses on implementing and managing corporate and operational identity solutions, ensuring compliance with relevant security frameworks, and supporting the transition of IAM services to third-party partners.

We are seeking a seasoned IAM professional with deep expertise in Active Directory, Entra ID (Azure AD), and Okta, along with experience or familiarity in SailPoint or CyberArk. The ideal candidate will support both Identity Governance & Administration (IGA) and Privileged Access Management (PAM) initiatives while enabling secure hybrid identity integrations across IT and OT platforms.

Key Responsibilities

Project Delivery & Implementation:

• Support deployment of identity solutions for third-party smart access systems.
• Assist in designing IT and OT identity frameworks, identifying limitations, and resolving system inconsistencies.
• Facilitate smooth transitions across IT and OT environments, including hypercare and process adaptations.
• Investigate and resolve IAM security incidents, access anomalies, and authentication issues.
• Review and monitor Identity Threat Detection & Response (ITDR) systems.
• Collaborate with SOC teams to detect privileged account misuse and insider threats.

Identity & Access Management (IAM):

• Design, implement, and maintain IAM solutions leveraging Active Directory, Entra ID, Okta, SailPoint, and CyberArk.
• Configure Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Conditional Access Policies for OT integration with existing IT tooling.
• Define and enforce Role-Based Access Control (RBAC) and least privilege principles across enterprise and industrial systems.

Identity Governance & Administration (IGA) – SailPoint:

• Implement and manage automated provisioning, deprovisioning, and access certifications via SailPoint.
• Build workflows for user lifecycle management, identity reconciliation, and compliance reporting.
• Integrate SailPoint with Active Directory, Entra ID, SAP, ServiceNow, and other enterprise systems.

Privileged Access Management (PAM) – CyberArk:

• Administer CyberArk PAS for privileged account security.
• Manage Privileged Session Manager (PSM), Vault, and Endpoint Privilege Manager (EPM).
• Monitor privileged access, enforce Just-In-Time (JIT) access, and generate compliance reports.

Hybrid Identity & Security:

• Implement hybrid identity solutions connecting on-prem Active Directory with Azure AD, Okta, and SailPoint for OT environments.
• Apply Zero Trust principles and industry-standard security framework controls to IAM processes.

Compliance & Security:

• Ensure IAM solutions adhere to CAF, eCAF, NIST, and other regulatory frameworks.
• Conduct access audits, identity risk assessments, and compliance reporting.
• Work closely with cybersecurity, risk, and compliance teams to align IAM strategies with regulatory requirements.
• Partner with OT, cybersecurity, compliance, and risk teams to define policies and access controls.
• Develop IAM runbooks, playbooks, and conduct user access reviews.
• Provide IAM training and awareness for employees and technical teams.

Technical Skills & Experience:

• Directory Services: Active Directory (AD DS, AD FS, Group Policy, LDAP, Kerberos, NTLM); Microsoft Entra ID (Azure AD), Conditional Access, Identity Protection.
• IAM Platforms: Okta Identity Cloud – SSO, MFA, API integrations, identity governance.
• OT/ICS Knowledge: SCADA, ICS, and OT identity management.
• Identity Governance: SailPoint IdentityNow/IdentityIQ – access reviews, lifecycle automation, compliance workflows, and enterprise application integration.
• Privileged Access Management: CyberArk – Vault administration, credential rotation, JIT access, session monitoring, compliance reporting.
• Security & Compliance: CAF, eCAF, NIST frameworks; IAM controls for critical infrastructure; incident response and threat detection.

Preferred Certifications

• Microsoft Certified: Identity and Access Administrator Associate
• Okta Certified Administrator/Professional
• SailPoint IdentityNow/IdentityIQ Engineer
• CISSP or Certified Identity and Access Manager (CIAM)

Preferred Industry Experience

• OT cybersecurity best practices
• Hybrid cloud identity management for Azure & AWS

Seniority level

• Mid-Senior level

Employment type

• Contract

Job function

• Information Technology
• Industries: IT Services and IT Consulting