Principal Identity and Access Management Architect

Join to apply for the Principal Identity and Access Management Architect role at Cox Automotive Inc.

Cox Automotive is seeking a Principal Identity and Access Management (IAM) Architect responsible for designing, implementing, and maintaining IAM solutions to ensure secure user access to organizational resources. This role involves developing and executing the IAM strategy aligned with the enterprise security roadmap, managing risks, collaborating with stakeholders, and staying current on emerging technologies.

Key success factors include:

• Deep understanding of IAM principles, including authentication, authorization, access control, lifecycle management, privileged access management, and identity governance.
• Experience with IAM technologies such as Azure Active Directory, Okta, Ping Identity, and related tools.
• Knowledge of security best practices like least privilege, multi-factor authentication, and zero trust security principles.
• Hands-on experience designing, implementing, and managing IAM solutions in real-world environments.

This role reports to the Senior Director of Cybersecurity IAM at Cox Automotive.

Key Responsibilities:

• Develop and own the IAM architecture strategy, standards, and roadmap.
• Design scalable, secure IAM solutions including authentication, authorization, identity governance, and privileged access management.
• Lead the technical design and implementation of IAM platforms such as Okta, SailPoint, CyberArk, Microsoft Entra, Ping Identity, etc.
• Define IAM policies, roles, and entitlements in line with business and compliance requirements.
• Collaborate with engineering, application, and infrastructure teams to integrate IAM capabilities.
• Evaluate emerging IAM technologies and recommend adoption strategies.
• Mentor junior IAM engineers and architects, fostering growth and knowledge sharing.
• Serve as a subject matter expert for internal and external stakeholders on IAM initiatives.

Minimum Requirements:

• Bachelor's degree in a related discipline and 10+ years of experience, or equivalent combinations such as a master's degree with 8 years, a Ph.D. with 5 years, or 22 years in the field.
• In-depth knowledge of IAM frameworks and principles, including IGA, PAM, RBAC, ABAC, MFA, SSO, and Federated Identity Management.
• Experience with Cloud IAM platforms like Azure AD, AWS IAM, Google Cloud IAM, and secure API authentication (OAuth 2.0).
• Understanding of security compliance standards such as ISO 27001, NIST, GDPR, and SOX.
• Proficiency in directory and authentication services including AD, LDAP, SAML, Kerberos, and protocols like OIDC, OAuth.
• Hands-on experience with IAM tools such as Okta, Ping Identity, Microsoft Entra ID, SailPoint, CyberArk.
• Experience in identity workflow automation, scripting (Python, PowerShell, JavaScript), and CI/CD pipelines for IAM deployment.

Compensation: USD 159,400.00 - 265,600.00, with potential for additional incentives depending on location, skills, and experience.

Benefits: Flexible paid time off, holidays, wellness hours, and additional leave options such as bereavement, voting, jury duty, volunteer, military, and parental leave.

Applicants must be authorized to work in the U.S. without sponsorship.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Education and Training
• Industry: Software Development