Job Summary

We are seeking an experienced and forward-thinking Manager of Customer Identity and Access Management (CIAM) to lead our enterprise identity practice.

In this role, you will define and execute the strategy for our customer identity platform while overseeing day-to-day operations. You will play a critical role in modernizing authentication across the organization, transitioning from legacy approaches to secure, scalable, standards-based identity solutions.

This role combines strategic direction, architectural oversight, and team leadership. Your work will directly impact the security posture, regulatory compliance, and customer experience of our digital products.

Responsibilities

CIAM Platform Ownership & Governance

• Own and operate the enterprise customer identity platform, including IDP configuration, directory management, and user lifecycle (Joiner/Mover/Leaver) processes.
• Define and enforce identity standards across protocols such as OAuth2, OpenID Connect (OIDC), SAML, and SCIM.
• Design and maintain authentication policies, including adaptive and risk-based controls, to balance security and user experience.
• Oversee identity workflows for provisioning, de-provisioning, and orchestration across systems.
• Ensure platform reliability and performance, including service-level objectives (SLOs), incident response, and continuous improvement.

Authentication Modernization & Engineering Enablement

• Lead the enterprise transition from legacy authentication approaches to modern CIAM solutions.
• Establish scalable authentication patterns, including SSO, MFA, passwordless, and federated identity.
• Develop migration frameworks, playbooks, and reusable integration patterns for application teams.
• Track adoption progress, define KPIs, and communicate roadmap updates, risks, and outcomes to senior leadership.
• Evaluate emerging capabilities (e.g., passkeys, device trust) and align adoption with the enterprise security strategy.

Application Partnership & Developer Enablement

• Serve as the primary IAM advisor to application development teams, guiding secure and scalable identity integrations.
• Provide architectural guidance on authentication flows, token management, and session design.
• Build developer enablement resources, including documentation, reference implementations, and onboarding support.
• Establish engagement models (e.g., office hours, communities of practice) to promote self-service adoption.
• Partner with platform engineering, DevOps, and API teams to integrate identity into CI/CD pipelines and modern architectures.

Security, Risk & Compliance

• Ensure CIAM platform compliance with regulatory and contractual requirements (e.g., SOX, PCI-DSS, SOC 2) through embedded controls and audit readiness.
• Partner with Security, GRC, and SOC teams on identity risk management, including access reviews and threat detection.
• Define and monitor identity security signals (e.g., account takeover, credential abuse) and support SIEM integration.
• Oversee vulnerability management and security posture of identity systems and supporting services.

Team Leadership & Organizational Development

• Lead, mentor, and grow a high-performing IAM engineering team.
• Define team structure, roles, and capabilities aligned to enterprise identity strategy.
• Foster a culture of accountability, continuous learning, and psychological safety.
• Build strong cross-functional partnerships with Product, Security, Legal, Privacy, and Customer Experience teams.
• Manage vendor relationships and operating budget for CIAM platforms, tooling, and services.

Qualifications

Required

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field (or equivalent experience)
• 7+ years of experience in Identity & Access Management, cybersecurity, or a related field
• 3+ years of experience leading or managing technical teams
• Hands-on experience with CIAM platforms and modern identity standards (OAuth2, OIDC, SAML, SCIM, FIDO2/WebAuthn)
• Proven experience leading large-scale identity or authentication modernization initiatives
• Ability to translate complex IAM concepts into clear guidance for technical and non-technical stakeholders
• Experience operating high-availability systems, including SLO management and incident response
• Familiarity with compliance frameworks such as SOX, SOC 2, and PCI-DSS

Preferred

• Certifications in consumer identity platforms
• Experience with Customer Identity and Access Management (CIAM) patterns: progressive profiling, social login, consent management, and customer-facing MFA enrollment UX
• Familiarity with at least one modern programming language (Go, Java, Python, Node.js) sufficient to review integration code and guide teams on SDK usage
• Experience with cloud-native infrastructure (AWS, Azure, or GCP) and integrating consumer identity platforms with cloud IAM services
• Exposure to Zero Trust architecture principles and practical implementation via CIAM platform or Device Trust policies
• Working knowledge of SIEM integration for identity telemetry

Pay is competitive and based on a number of job-related factors, including skills and experience. The starting pay rate/range at time of hire for this position in New York is 133,661.00 - 219,586.00 / year. For other locations, please inquire with your recruiter. The rates/ranges provided herein are the anticipated pay at the time of hire, and do not reflect future job opportunity.

We appreciate your interest in this opportunity. Applicants must be authorized to work for ANY employer in the U.S. Please note that at this time, we do not provide visa sponsorship for employment.