10,363 Identity And Access Management jobs in the United States

• Evaluate authentication for IT Assets, Administration, Corporate Users, and Customers
• Document authentication and authorization requirements and processes
• Publish a company-wide Identity and Access Management Standard and Practices
• Evaluate build vs. buy for customer authentication mechanisms
• Evaluate contractual requirements, terms and conditions as pertinent to IAM
• Perform threat assessments on identity management for systems and services
• Define strategies to minimize and prevent account take over
• Define methods for customer data access controls including step up authentication
• Define standards for managing secrets and encryption keys
• Evaluate cryptographic storage methodologies

• 8+ years of experience in Identity and Access Management, with a focus on solution design, development, and implementation.
• Understanding and familiarity with IAM protocols (e.g. OAuth 2.0, FIDO2, SAML, Kerberos, etc.)
• Understanding and familiarity with IAM services (e.g. AWS Cognito, AWS Permissions, secrets manager, certificate management, certificate authority, etc.)
• Understanding and familiarity with IAM tools (e.g. Lastpass, Onepassword, Auth0, Postman, etc.)
• Understanding of cloud identity management services and architectures and overall authentication, authorization and auditing best practices
• Understanding of device fingerprinting and techniques to prevent certificate exporting and reuse
• Understanding of regulatory landscape and requirements pertaining to Identity and Access Management

• Flexible paid time off
• Health, dental, and vision + 401k plan with company matching
• Paid parental, medical, military and family care leave
• Mental Health & Family Forming Benefits
• Employee Stock Purchase Plan (ESPP)
• Continuing education and travel benefits

Our Guiding Stars are the values at the heart of our organization that drive everything we do. We are committed to creating meaningful change not only in our industry but also in the communities we engage with. If our Guiding Stars resonate with you, we encourage you to consider joining our team.

• Drive Results : We think big, work smart, and execute fast to transform the future of commerce
• Cultivate Belonging : We welcome diverse backgrounds and experiences, driving positive change through inclusion and teamwork
• Champion Customers: We go the extra mile for our customers to help them unlock their full potential
• Adapt Boldly : We're curious and innovative, we take risks and grow from our failures

PENNYMAC

Pennymac (NYSE: PFSI) is a specialty financial services firm with a comprehensive mortgage platform and integrated business focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market.

At Pennymac, our people are the foundation of our success and at the heart of our dynamic work culture. Together, we work towards a unified goal of helping millions of Americans achieve aspirations of homeownership through the complete mortgage journey.

A Typical Day

As an Identity Access Management Architect , you will be the principal owner and strategic visionary for our enterprise-wide Identity and Access Management (IAM) ecosystem. This is a critical leadership role responsible for designing, building, and maintaining the architectural foundation that secures our corporate data and enables our global workforce. You will architect a modern, scalable, and resilient identity fabric, leveraging industry-leading platforms like Active Directory, Secret Double Octopus, OneLogin, Okta (Auth0) and Microsoft Entra ID to support our zero-trust security model and drive business agility.

You will oversee all company identity platforms, provide architectural guidance and best practices, design and lead the implementation of platform enhancements, and continuously identify areas for improvement, increased security and resiliency, and operational efficiencies.

Key Responsibilities

• Strategic Architecture & Platform Oversight:

• Provide high-level oversight of all company identity platforms, including Active Directory, Okta (Auth0), Entra ID, OneLogin, Secret Double Octopus, and Google Workspace.

• Design, own, and evolve the enterprise identity architecture and strategic roadmap, encompassing Workforce and Customer IAM (CIAM).

• Develop and maintain high-level and low-level design documents, standards, and patterns for our core identity platforms.

• Design robust identity patterns for internal application development and off the shelf applications.

• Implementation & Technical Leadership:

• Lead the architectural design of complex federation patterns using Multi-factor Authentication, SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) to securely integrate a diverse portfolio of SaaS, cloud applications, and internal applications.

• Drive and oversee platform improvements, including IDP consolidation (e.g., OneLogin -> SDO) and cleanup of existing identity providers.

• Serve as the senior technical expert on projects involving identity, authentication, and authorization.

• Provide expert-level troubleshooting for the most complex identity-related issues.

• Governance, Security & Continuous Improvement:

• Partner with the InfoSec team to define and enforce IAM policies, controls, and best practices aligned with a zero-trust framework.

• Maintain a strong awareness of security issues and considerations around identity platforms and lead efforts to mitigate and remediate risks.

• Lead Active Directory management and cleanup initiatives , including modernization, de-nesting groups, identifying risky service accounts, and performing remediation of over-privileged accounts and SPNs.

• Ensure all identity solutions meet stringent security requirements and comply with regulatory standards (e.g., SOX, GDPR, CCPA).

• Collaboration & Mentorship:

• Collaborate closely with application owners, infrastructure engineers, Infosec, and business stakeholders to translate requirements into secure and scalable identity solutions.

• Mentor and guide senior engineers, fostering technical excellence and professional growth.

• Clearly articulate and present complex architectural concepts to technical and non-technical audiences, including executive leadership.

What You’ll Bring

Required Qualifications

• 5+ years in a senior role focused specifically on Identity and Access Management.

• 5+ years of deep, hands-on experience with Microsoft Active Directory architecture and management.

• 3+ years of hands-on experience with SAML IDP/Brokers (e.g., ADFS, Okta, Entra ID, OneLogin).

• Expert-level architectural experience with Okta , Active Directory/Entra ID, and Okta (Auth0).

• Proven experience designing and implementing complex identity federation solutions using SAML 2.0, OAuth 2.0, and OIDC.

• Experience integrating identity services with enterprise SaaS applications, cloud-native services, and legacy systems.

• Ability to conceptualize, design, and implement identity models across systems, ensuring least-privileged RBAC, strong naming conventions, and rich identity metadata.

• Proficiency in PowerShell or other scripting/automation languages.

• Experience architecting identity solutions for major cloud platforms (AWS, GCP).

• Familiarity with JIRA, Service now, or other ITSM systems.

Preferred Qualifications

• Relevant industry certifications, such as Okta Certified Technical Architect , Microsoft Certified: Identity and Access Administrator Associate/Expert , or CISSP.

• Knowledge of Infrastructure as Code (IaC) principles and tools (e.g., Terraform) as they apply to IAM.

• Experience with adjacent security domains, such as Privileged Access Management (PAM) and Identity Governance & Administration (IGA) platforms.

Why You Should Join

As one of the top mortgage lenders in the country, Pennymac has helped over 4 million lifetime homeowners achieve and sustain their aspirations of home. Our vision is to be the most trusted partner for home. Together, 4,000 Pennymac team members across the country are guided by our core values: to be Accountable, Reliable and Ethical in all that we do. Pennymac is committed to conducting a business that makes positive contributions and promotes long-term sustainable growth and to fostering an equitable and inclusive environment, where all employees and customers feel valued, respected and supported.

Benefits That Bring It Home: Whether you're looking for flexible benefits for today, setting up short-term goals for tomorrow, or planning for long-term success and retirement, Pennymac's benefits have you covered. Some key benefits include:

• Comprehensive Medical, Dental, and Vision

• Paid Time Off Programs including vacation, holidays, illness, and parental leave

• Wellness Programs, Employee Recognition Programs, and onsite gyms and cafe style dining (select locations)

• Retirement benefits, life insurance, 401k match, and tuition reimbursement

• Philanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorships

To learn more about our benefits visit:

For residents with state required benefit information, additional information can be found at:

Compensation: Individual salary may vary based on multiple factors including specific role, geographic location / market data, and skills and experience as defined below:

• Lower in range - Building skills and experience in the role

• Mid-range - Experience and skills align with proficiency in the role

• Higher in range - Experience and skills add value above typical requirements of the role

Some roles may be eligible for performance-based compensation and/or stock-based incentives awarded to employees based on company and individual performance.

Salary

$140,000 - $175,000

Work Model

OFFICE

Cargill's size and scale allows us to make a positive impact in the world. Our purpose is to nourish the world in a safe, responsible and sustainable way. We are a family company providing food, ingredients, agricultural solutions and industrial products that are vital for living. We connect farmers with markets so they can prosper. We connect customers with ingredients so they can make meals people love. And we connect families with daily essentials - from eggs to edible oils, salt to skincare, feed to alternative fuel. Our 160,000 colleagues, operating in 70 countries, make essential products that touch billions of lives each day. Join us and reach your higher purpose at Cargill.

Job Purpose and Impact

• The Principal, Identity & Access Management leads the design, implementation and operation of identity and access management systems (IAM), including the IGA and governance aspects within the organization. As a recognized subject matter authority in IAM, this job provides thought leadership to ensure secure access to resources, minimize risk exposure, and maintain compliance with security standards.

Key Accountabilities

• DIRECTORIES & AUTHENTICATION: Leads the analysis of current systems and development of solutions to improve directory services and authentication processes, including implementing and maintaining identity governance processes and controls to ensure oversight and accountability for user access.

• DIGITAL IDENTITY LIFECYCLE: Advises the entire digital identity lifecycle, ensuring efficient provisioning, maintenance and archiving of user identities, and leads assessment and preparation for potential risks.

• ACCESS CERTIFICATIONS & RE-AUTHORIZATIONS: Leads the establishment and improvement of access certification processes to ensure compliance and security of user access rights, identifying and assessing systemic compliance gaps, finding root cause resolution and proposing improvement options, including cost benefit analysis.

• PRIVILEGED ACCESS MANAGEMENT: Leads the analysis and solution development for administering privileged accounts and access to sensitive information.

• ENTITLEMENT MANAGEMENT: Establishes and mentors the implementation of entitlement management standards to ensure consistent access control across the organization.

• COLLABORATION: Influences collaboration with cybersecurity peers, data privacy partners, external experts, industry consortia, and other internal and external teams to enable effective and efficient authentication and provisioning fundamentals and delivery of business objectives.

Qualifications

• 8-10 years of professional experience with IAM domains, such as IGA, privileged access management, credential/secrets management, governance and compliance

• Extensive experience with identity technologies and concepts

• Strong communication, collaboration, and change management experience

Equal Opportunity Employer, including Disability/Vet.

The mission of Washington Health Benefit Exchange (Exchange) is to radically improve how Washington residents secure health insurance through innovative and practical solutions, an easy-to-use customer experience, our values of integrity, respect, equity and transparency, and by providing undeniable value to the health care community.

The Exchange is a public-private partnership that operates Washington Healthplanfinder, the eligibility and enrollment portal used by one in four Washington residents to obtain health and dental coverage. Through this platform, and with support from a Customer Support Center and statewide network of in-person navigators and brokers, individuals and families can shop, compare and enroll in private, qualified health plans (as defined in the Affordable Care Act) or enroll in Washington Apple Health, the state Medicaid program.

The Exchange embraces the following equity statement adopted by our Board of Directors:

Equity is fundamental to the mission of the Washington Health Benefit Exchange. The process of advancing toward equity and becoming anti-racist is disruptive and demands vigilance to dismantle deeply entrenched systems of privilege and oppression. While systemic racism is a root cause of many societal inequities, we must also use an intersectional approach to address all forms of bias and oppression, which interact with and often exacerbate racial inequities. To be successful, we must recognize the socioeconomic drivers of health and focus on people and places where needs are greatest. As we listen to community, we must hold ourselves accountable to responding to recommendations to remedy inequitable policies, systems, or practices within the Exchange's area of influence. Our goal is that all Washingtonians have full and equal access to opportunities, power and resources to achieve their full potential.

SUMMARY

The Identity and Access Management (IAM) Lead is responsible for overseeing the development, configuration, and management of the WAHBE's IAM solution, leveraging ForgeRock technology. This role encompasses designing, managing, and monitoring IAM systems to ensure the implementation of robust security controls. The IAM Lead collaborates with the risk management team on IT audits and remediation efforts, partners with the delivery team to support modernization initiatives, and assists the incident response team in investigating IT security incidents and breaches. Additionally, the role involves evaluating new IAM requirements, assessing and migrating IAM products, and providing management with impact analyses and status updates.

DUTIES AND RESPONSIBILITIES
• Develop and lead the WAHBE's Identity and Access Management (IAM) strategy, ensuring alignment with delivery team goals and WAHBE policies.
• Design and architect IAM solutions that seamlessly integrate with existing and future infrastructure.
• Lead the evaluation, deployment, migration, and management of IAM technologies.
• Provide hands-on expertise in configuring and deploying IAM solutions.
• Ensure the availability, scalability, and reliability of IAM systems.
• Manage the end-to-end integration of IAM systems with cloud-based applications and services.
• Oversee the entire user identity lifecycle, including provisioning, deprovisioning, and account management.
• Implement and manage Single Sign-On (SSO), federation (SAML, OAuth, OIDC), Multi-Factor Authentication (MFA), and risk-based authentication.
• Ensure IAM compliance with regulatory standards such as NIST, CMS MARS-E, IRS publication 1075, and OWASP.
• Monitor and audit IAM systems to identify and address potential security incidents.
• Lead cross-functional teams to deliver successful IAM initiatives.
• Collaborate with IT, Security, Risk Management, and Delivery teams to define and refine IAM requirements.
• Manage vendor relationships, including monitoring performance, product updates, and organizational impacts.
• Serve as a subject matter expert during security incidents and investigations related to IAM.
• Perform root cause analysis and implement solutions to address IAM-related issues effectively.
• Mentor and manage a team of IAM administrators and engineers, promoting best practices and professional growth.
• Track and resolve IAM bugs and release issues, reporting progress to management.
• Conduct access re-certifications for privileged user accounts within the IAM framework.
• Manage and resolve day-to-day IAM issues, ensuring escalation and process adherence.
• Configure both standard and custom reporting using industry-standard tools.
• Stay informed about emerging trends and capabilities in IAM technologies.
• Advise management on IAM risk-related issues and recommend actions to support risk management and compliance goals.
• Lead risk assessments for proposed IAM solutions, escalating issues when necessary and ensuring resolution.
• Assist WAHBE in reviewing and updating policies, procedures, and standards related to IAM solutions.
• Collaborate with the Risk Management Office to remediate vulnerabilities and address audit findings.
• Collaborate closely with architects and engineers to share insights, best practices, and technical requirements.
• Perform additional responsibilities as needed within the scope of IAM solutions.

QUALIFICATIONS

Required:
• 7+ years of experience in Identity and Access Management (IAM) using tools like Oracle, ForgeRock, Okta, PingOne, or similar technologies, including at least 3 years in a lead or architect role.
• In-depth knowledge of IAM technologies such as ForgeRock, SailPoint, Okta, Ping Identity, or Oracle Identity Suite.
• Proficiency in SAML, OAuth, OIDC, MFA, and risk-based authentication mechanisms.
• Strong understanding of Directory Services, RESTful APIs, and microservices architectures.
• Ability to assess the impact of new requirements on IAM and all upstream and downstream applications, systems, and processes.
• Advanced troubleshooting capabilities, including log analysis and root cause identification.
• Hands-on experience with implementing IAM solutions in cloud environments, such as AWS, Azure, and Google Cloud Platform (GCP).
• Knowledge of hybrid cloud IAM deployments and integrations.
• Exceptional leadership and decision-making abilities with a proactive approach to problem-solving.
• Excellent verbal and written communication skills, with the ability to effectively convey technical concepts to diverse audiences.
• Strong project management skills, with the ability to prioritize and manage multiple projects simultaneously.
• Experience developing and documenting business processes and workflows within IAM implementations.
• Experience assisting in security/privacy incident investigations and collaborating with incident response teams.
• Experience in vendor management and oversight, with the ability to escalate concerns to management when necessary.
• Motivated self-starter with the ability to take initiative and ownership of responsibilities.
• Ability to maintain a high level of confidentiality and demonstrate sound judgment.
• Creative, proactive analytical person who can independently make decisions and manage work priorities.
• Highly organized, flexible, and resourceful, with strong attention to detail.

Desired:
• Minimum of 3 years of hands-on experience with ForgeRock Identity and Access Management (IAM) solutions.
• Strong knowledge and practical experience in understanding and implementing IT security controls.
• Experience working with Security Information and Event Management (SIEM) systems.
• Background in government and/or healthcare industries.
• Comprehensive understanding of standards and guidelines, including IRS 1075, MARS-E, NIST, FISMA, and HITECH.
• Proven experience in contracts management.
• Bachelor's or master's degree in Cybersecurity or a related field.

Relevant certifications such as CISSP, CISM, or vendor-specific IAM credentials (e.g., ForgeRock Certified Identity Management Specialist, Okta Certified Professional).

Demonstrated ability to quickly learn and apply new concepts effectively.

APPLICATION INSTRUCTIONS

This position will be open until we find a suitable number of candidates to review. If interested, please submit an application as soon as possible. The Exchange reserves the right to close the recruitment at any time.

SALARY INFORMATION

Full Salary Range: $109,719.00 to $64,579.00 annually, with midpoint at 137,149.00.

Hiring Range: 126,177.00 and 137,149.00 annually. This is an estimate of where a qualified candidate can expect to receive an offer.

The actual salary offer will consider candidate experience, skills, qualifications, internal equity, and the market. Our compensation policy reserves the salary range above the midpoint for employees who are meeting and exceeding expectations and for growth and development, up to the maximum.

BENEFITS

Take a peek at our benefits package.

WORKING CONDITIONS

Core business hours are 8:00 a.m. to 5:00 p.m., Monday through Friday. There are times where irregular hours will be required. The preferred duty station is our Olympia, Washington headquarters. The nature of this role relies heavily on remote and in-person collaboration. While a hybrid remote and on-site schedule may be considered, the position will require flexibility to allow for in-office availability as business needs dictate. Travel requirements will be limited, however there may be occasions where an employee is required to travel and work irregular hours to attend meetings or trainings. Duties of this position require the use of standard office furniture and equipment, including setup for remote work. The employee is responsible for providing and maintaining a safe, ergonomic, and secure workspace at their remote location.

The working conditions and physical demands are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

SPECIAL REQUIREMENTS

A criminal background screen will be conducted for candidates under final consideration, and if hired, every five years of employment where highly sensitive data is processed or maintained by the position. The result of this background screen must meet the Exchange's eligibility standards.

OTHER INFORMATION

The above statements are intended to describe the general nature and levels of work being performed. They are not intended to be construed as an exhaustive list of responsibilities, duties and skills of personnel so classified.

This is not an employment agreement or contract. Management has the exclusive right to alter this job description at any time without notice.

The Washington Health Benefit Exchange is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, marital status, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

We participate in E-Verify. You can view the Department of Justice's Right to Work poster here.

Join Us in Making an Impact

At OneAZ Credit Union, our success is measured only by yours. We're here to create lasting change in the lives of our members, our communities, and our team. If you're looking for a career with purpose, where your work truly matters-you've found it!

Who You Are

You're impactful, compassionate, and fearless, ready to embrace new challenges and shape the future of financial well-being. You take accountability for our success and thrive in an environment where curiosity is celebrated. If this sounds like you, let's build something great together.

What You'll Do

This position will be located at our Corporate Office: 2355 W Pinnacle Peak Rd, Phoenix, AZ 85027

The Identity & Access Management (IAM) Specialist is responsible for overseeing access governance processes across enterprise systems and applications. This role ensures that access controls are designed and operating effectively, aligned with regulatory requirements and internal security policies. The IAM Specialist will coordinate access reviews, support audit responses, and work to strengthen identity governance within a secure and compliant environment.

• Coordinate and monitor user access reviews across enterprise systems, including Active Directory, core banking platforms, and cloud applications.
• Review and validate role-based access models to ensure alignment with the principle of least privilege and segregation of duties.
• Analyze access rights and user entitlement data to identify and report on anomalies, excessive privileges, or policy violations.
• Partner with system administrators and business units to ensure timely remediation of access issues identified during reviews.
• Maintain documentation of access review procedures, escalation paths, and reviewer responsibilities.
• Support audit and compliance efforts by compiling and validating evidence related to user access controls and identity governance.
• Collaborate with HR, IT, and Information Security to improve access governance processes related to onboarding, transfers, and terminations.
• Participate in IAM policy and standard development, ensuring practices align with regulatory expectations (GLBA, FFIEC, NIST).
• Contribute to the evaluation and implementation of IAM tools or platforms to automate access review and certification processes.
• Assist in defining and refining IAM metrics and reporting dashboards to provide insights into access compliance and control effectiveness.

What You Bring

• H.S. Diploma required.
• Bachelor's degree in information security, computer science or a related field required.
• 1-3 years similar or related experience in Identity and Access Management required.
• 3-5 years similar or related experience in IT Security, or IT Compliance required.
• Experience supporting user access reviews and audit responses required.
• Experience with implementing and managing IAM tools preferred.
• Financial industry experience or knowledge of banking applications preferred.
• Familiarity with access control principles, user entitlement analysis, and access governance.
• Understanding of RBAC, least privilege, and segregation of duties principles.
• Working knowledge of regulatory and security frameworks such as GLBA, FFIEC, or NIST.
• Strong analytical and problem-solving skills.
• Excellent verbal and written communication skills.
• Ability to manage multiple tasks and meet deadlines under pressure.
• High attention to detail with a focus on accuracy and accountability.
• Strong collaboration skills across technical and business teams.
• Certified Identity and Access Manager (CIAM) Preferred
• Certified Identity and Access Professional (CIAP) Preferred
• Or similar industry certification
• A passion for people, innovation, and growth.

Not sure if you meet every requirement? That's okay. We believe great talent comes from all backgrounds and experiences. At OneAZ, we value potential, passion, and purpose. If you're excited about this opportunity and believe in our mission, we encourage you to join our Talent Community

Compensation & Benefits

• Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time
• Low-cost Medical, Dental & Vision plans
• Paid childcare assistance
• Award-winning 401K
• Gym fee reimbursement
• Tuition Reimbursement
• Student loan repayment
• .and much more. Explore all the details in our comprehensive Benefits Booklet
• Target hiring range $75K-$95K (Depending on experience and prior to any incentives this position is eligible for)

Why Join OneAZ?

At OneAZ, we're not just a credit union; we're a financial trailblazer that passionately cares about inspiring dreams and driving prosperity in the communities we serve. We exist to clear the way for dreamers and doers, aspiring to be the bank for new pioneers.

We are driving change in our communities, constantly improving our products and services so our members and their families can relentlessly pursue their dreams. By embodying our values and living our promise, you'll be part of a team committed to exceeding expectations and redefining what's possible.

Additional Notes:

Knowingly submitting false information will result in disqualification for consideration of future positions, termination of employment and forfeiture of other rights. Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws. All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws. Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC). This job description should not be considered all-inclusive. It is merely a guide of expected duties. The associate understands that the job description is neither complete, nor permanent and may be modified at any time. At the request of their supervisor, an associate may be asked to perform additional duties or take on additional responsibilities without notice. Complies with all policies and standards. Position grades could fluctuate based on market value.

• Ability to sit for long periods of time.
• Ability to process, analyze, problem solve, plan and manage projects and deliverables.
• Ability to develop relationships and communicate effectively.
• Visual, auditory, and computer usage skills.

• Work is primarily performed in a climate-controlled office environment.
• Incumbent may visit manufacturing plants and warehouses with potential exposure to climate, dust, chemical fumes, noise, and forklift traffic.