Qualifications
Responsibilities
Benefits
Role Summary/Purpose:
TheAssistant Vice President (AVP)of Enterprise Authentication & Directory Services is a highimpact, technical executive responsible for the global architecture, engineering, and lifecycle management of the enterprise identity fabricatSynchrony. This leader will drive the strategic modernization of traditional, on-premises Active Directory (AD) environments into cloud-first, unified identity platforms centered on Microsoft Entra ID. The ideal candidate combines deep engineeringexpertisein directory infrastructure with advanced technical project management frameworks to execute secure, complex enterprise identity migrations on time and within scope.
CORE RESPONSIBILITIES
1. Identity Strategy & Modernization (Active Directory to Entra ID)
On-Premises Deprecation: Lead the multi-yearmodernizationandmigrationroadmap and transition strategy away from legacy Active Directory Domain Services (AD DS) towardcloud nativeMicrosoft Entra ID.
Hybrid Architecture Design: Define architectural standards for a cohesive, resilient hybrid identity planeutilizingAzure AD Connect / Entra Cloud Sync while systematically reducing on-premises footprint.
Database & App Integration: Govern authentication frameworks for enterprise systems (e.g., MySQL, Oracle), ensuring secure schema optimization, seamless Entra ID App Registrations, and modern protocol connectivity.
2. Enterprise Technical Project Management
Migration Delivery: Apply rigorous technical project management methodologies (Agile, Scrum, or Waterfall) to manage crossfunctional directory modernization pipelines.
Resource & Milestone Tracking: Own the program budget, statement of work (SOW) validations, risk registers, and critical path scheduling for complex, multi-phased IAM rollouts.
Change Management: Partner withSynchronycorporate change management teams to minimize business friction during global authentication updates, application cutovers, and user migrations.
3.AdvancedEntra IDArchitecture & Lifecycle Management
Entra ID Governance: OverseeingAccess Reviews,Entra Lifecycle Workflows(for automated joiner-mover-leaver processes), andPrivileged Identity Management (PIM)to enforce just-in-time, least-privilege administrative access.
Hybrid Synchronization & Decommissioning: Managing the transition from legacy Azure AD Connect toEntra Cloud Syncagent architectures, alongside systematically phasing out on-premises Active Directory Domain Services (AD DS).
Entra ID App Registrations & Enterprise Apps: Governing the modernization of legacy application authentication by moving from local LDAP/Kerberos binds to modern Entra service principals, managed identities, and OAuth/OIDC permissions.
4. Next-Generation Security & Access Control
Entra Conditional Access: Designing complex, contextual security boundary policies (incorporating user risk, sign-in risk, device compliance, and trusted locations).
Entra ID Protection: Tuning machine-learning risk engines to detect, block, or force self-service password resets for compromised credentials or anomalous user behavior.
Entra Verified ID: Strategizing long-term digital identity initiatives using decentralized identities and verifiable credentials for secure, B2B, or partner authentication.
5. Network & Infrastructure Security (Zero Trust Security Edge)
Entra Private Access: Overseeing the replacement of traditional corporate VPNs by routing traffic to internal hybrid environments (like your MySQL servers) securely via a Zero Trust network access (ZTNA) model.
Entra Internet Access: Deploying Secure Web Gateway (SWG) policies to protect users from malicious web traffic whilemonitoringcloud application access.
Entra External ID: Architecting multi-tenant collaborations, B2B guest user lifecycles, and consumer-facing authentication flows.
6. Engineering & Operations Leadership
Team Leadership: Recruit, mentor, and lead a high-performing team of identity engineers, directory architects, and technical project managers.
Platform Availability: Ensure 99.99% availability of global directory infrastructure,establishingrobust Entra Connect health monitors, disaster recovery, and automated failover pipelines.
REQUIRED TECHNICAL SKILLS & QUALIFICATIONS
Technical Proficiencies
Microsoft Identity Ecosystem: Mastery of Microsoft Active Directory (AD), Microsoft Entra ID (Azure AD), Azure AD Connect, Entra ID Governance, and Entra ID Protection.
Directory Management: Strong foundational knowledge of Group Policy Objects (GPOs), Active Directory trust relationships, and domain consolidation strategies.
Authentication & Protocols: Deep knowledge of LDAP, Kerberos, NTLM decommissioning, SAML 2.0, OIDC, OAuth, and modern API-driven identity patterns.
PAM & Vaulting: Hands-on governance of Privileged Access Management platforms, specificallyDelineaor equivalentsecretsvaults.
Project & Program Management Competencies
Framework Proficiency: Proven experienceutilizingJira, Microsoft Project, or equivalent software development lifecycle (SDLC) tracking tools to manage massive infrastructure dependencies.
Stakeholder Delivery:Demonstratedability to present technical migration roadmaps, risk-remediation logs, and executive steering committee KPIs clearly to C-level leadership.
Professional Experience
7+ Yearsof progressive engineering and architectural experience in traditional, on-premises Microsoft Active Directory Domain Services (AD DS), including domain consolidation, GPO management, and legacy authentication protocols (LDAP, Kerberos, NTLM decommissioning).
7+ Years of deep architectural and deployment experience with Microsoft Entra ID (formerly Azure Active Directory), managing cloud-native identity planes, complex tenant migrations, and hybrid synchronization environments (Azure AD Connect / Entra Cloud Sync).
5+ Years managing cross-functional infrastructure engineering, cybersecurity, and technical project management teams.
Proven Track Record of successfully executing multi-million-dollar Active Directory modernization programs, migrating legacy application stores to Entra ID, and implementing Privileged Access Management (PAM) vaulting solutions likeDelinea
Education & Certifications
Bachelor’s orMaster’s degree in Computer Science, Information Security, Technical Project Management, ora relateddiscipline.
OptionalCertifications: Microsoft Certified: Identity and Access Administrator Associate (SC-300) OR Microsoft Certified: Enterprise Administrator Expert.
Preferred Certifications: Project Management Professional (PMP), Agile Certified Practitioner (PMI-ACP), Certified ScrumMaster (CSM), or CISSP.
Grade/Level: 11
The salary range for this position is 115,000.00 - 200,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Our Way of Working:
We’re proud to offer you flexibility. At Synchrony, our way of working allows you to have the option to work from home near one of our Hubs or come into one of our offices.You will be required to commute to your nearestHub (either virtual or physical) for in-person engagement activities such as regularbusiness or team meetings, training and culture events.
*Field Sales and some Commercial team roles may have varied location requirements based upon partner obligations or preferences.
About Synchrony
Similar Jobs
More Jobs at Synchrony
More Enterprise Technology Jobs
