Job Description

As part of the Global Operations & Technology Engineering organization, the Identity & Access Management (IAM) team enables secure, seamless access to enterprise applications, data, and infrastructure across our businesses. We partner with business, technology, and cybersecurity teams to improve user experience, reduce risk, and meet regulatory and audit requirements through modern identity capabilities and strong access governance.

We are seeking a Senior Manager, IAM Authentication to provide technical and operational leadership for enterprise authentication services, including governance and operations across multiple Microsoft Entra ID tenants, Ping and Entra ID federation services, Multi-Factor Authentication (MFA), and Single Sign-On (SSO) for workforce and partner application ecosystems. This leader is accountable for delivering reliable, secure, and scalable authentication capabilities while enabling business agility and a consistent end-user sign-in experience.

This role partners closely with cybersecurity, infrastructure, endpoint engineering, application owners, and risk/audit stakeholders to establish operational objectives, policies, procedures, and work plans for authentication and federation services. The Senior Manager drives a secure-by-design authentication program, handles unforeseen issues and service disruptions with strong tactical decision-making, and applies influence to align stakeholders on desired outcomes while preserving relationships.

Responsibilities:

• Influence and drive the roadmap and delivery for enterprise authentication services across multiple Microsoft Entra ID tenants, establishing operational objectives and work plans that ensure consistent security controls, lifecycle management, and service reliability.
• Own and govern federation services, including PingFederate/PingOne components and Entra ID federation configurations, ensuring high availability, secure configuration baselines, certificate/key management, and resilient failover.
• Establish and enforce MFA and SSO standards for enterprise applications, including onboarding patterns, authentication methods, step-up authentication, and user experience guardrails.
• Partner with cybersecurity, architecture, and application teams to design and implement conditional access patterns, risk-based access decisions, and modern authentication protocols (e.g., SAML, OIDC/OAuth) where applicable.
• Partner with IAM Operations, Architecture, and Software Development teams and leadership
• Provide leadership and direction for day-to-day engineering: incident response, problem management, change management, release planning, maintenance windows, and service reliability objectives for authentication platforms.
• Drive automation to remove friction from manual processes (e.g., application onboarding, federation configuration validation, certificate rotation, access policy deployment) and improve speed, quality, and traceability.
• Manage vendor and partner relationships related to authentication and federation technologies; oversee the department budget for tools and services, including licensing and renewals, with an emphasis on operational effectiveness and measurable outcomes.
• Lead and develop a high-performing team of 4 direct reports and multiple offshore-based staff members; set clear expectations, coach and mentor managers/engineers, conduct performance management, develop succession plans, and foster a culture of accountability, collaboration, and continuous improvement.
• Develop and report KPIs and operational metrics (e.g., availability, authentication success rates, MFA adoption, onboarding lead time, incident trends) to management and stakeholders, providing clear status, risks, and mitigation plans.
• Serve as an escalation point for authentication outages and high-severity security events; coordinate communications and remediation across technical and business stakeholders.
• Experience partnering with risk, audit, and compliance teams to implement and evidence controls.
• Perform other duties as assigned.

Qualifications

Basic Requirements:

• Bachelor's degree or equivalent work experience.
• 8+ years of experience in identity and access management, authentication engineering, or security engineering or architecture.
• 3+ years of management experience leading technical teams delivering highly available services.
• Understanding of Microsoft Entra ID (Azure AD), including multi-tenant/complex enterprise environments.
• Understanding of federation services and SSO integrations (e.g., PingFederate/PingOne and/or comparable federation stacks) and common protocols (SAML 2.0, OIDC, OAuth 2.0).
• Understanding of MFA methods and authentication assurance.
• Demonstrated ability to communicate complex security and identity concepts to both technical and executive audiences and influence without direct authority.

Desired Characteristics:

• Experience designing authentication architecture for large enterprises with multiple identity providers, complex tenant topologies, mergers/acquisitions, and hybrid dependencies.
• Experience with Entra Conditional Access, Authentication Strengths, Identity Protection, and privileged access concepts (e.g., PAM, PIM) as they relate to securing authentication.
• Strong background in service management and reliability practices (SRE concepts, SLIs/SLOs, capacity planning, disaster recovery testing).
• Experience integrating authentication with endpoint/device trust signals and modern device management (e.g., Intune) to support phishing-resistant access patterns.
• Familiarity with zero trust and least privilege frameworks and how they translate into authentication and access decisioning.
• Experience building automation and deployment pipelines for identity configuration (e.g., infrastructure / configuration as code for policy and federation settings).
• Relevant certifications preferred (e.g., CISSP, CISM, Microsoft identity/security certifications, or comparable).
• Proven ability to develop talent, build cross-functional partnerships, and drive a positive security culture.

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee's residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $175k - $210k (bonus eligible)

We are accepting applications for this position on an ongoing basis.

Additional Information

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision.