Director / Principal Security Architect - Identity and Access Management
IT - Information Technology
Estimated Travel Percentage (%): Up to 25%
Relocation Provided: No
American International Group, Inc.
The Principal Security Architect - Identity and Access Management (IAM) will be responsible for:
- Identity and Access Management Strategy: Develop AIG global IAM security strategy, identify gaps between current state and target state architecture, and build execution roadmap. Align IAM project execution to the strategy. Develop IAM investment plan. Serve as the accountable leader from Information Security Office on IAM and work with the rest of AIG stakeholders on managing IAM security investment projects.
- IAM Security Architecture: Develop IAM security capabilities for internal employees and external customers that include credential management, AWS Cloud IAM, identity provisioning, access provisioning, privileged account management, enterprise authentication, identity federation, identity storage and enterprise certificates. Build a cohesive architecture to realize global IAM capabilities. Drive the architecture for all IAM security project execution. Provide rationalization for IAM toolset. Serve as the IAM security design authority.
- IAM Security Product Management and Technology Evaluation: Serve as a IAM technologist to lead IAM security technology evaluation and POCs. Survey and evaluate leading edge technologies that align with target state architecture. Develop product management roadmap.
In this capacity, the person will work closely with AIG's global IAM stakeholders, Effectiveness Assessment team and security monitoring team to deploy the right capabilities and evaluate the capability effectiveness (e.g., are all correct accounts should have been vaulted onboarded? Are Domain Admin access activities being monitored, alerted and proper handled?). The person will use the capability effectiveness assessment to revise IAM strategy, architecture, technology evaluation and drive future IAM security investment.
The Principal Security Architect - IAM Security main job responsibilities:
- Act as security design authority for all projects within Information Security Office's IAM portfolio. Engage from the idealization through the system development lifecycle in project execution.
- Develop AIG IAM security strategy, architecture and execution roadmap (short term and long term)
- Develop AWS Identity and Access management strategy, architecture and monitoring controls. Build AWS organization account model for AIG global cloud accounts. Develop cloud IAM model including standard roles and permissions to segregate privileged access (e.g., network access and root accounts), to standardize non-human access, and to enable monitoring and alerting privileged access.
- Perform IAM security capability “effectiveness” assessment, identify capability gaps and propose enterprise solutions (could be new solution or re-architecting or re-configuring existing solutions)
- Function as a principal IAM security technologist to perform technology evaluation, define use cases, architect POC environment, lead POC execution and conduct trade-off analysis
- Drive IAM security solution design for in eight areas of the security architecture framework (credential management, access provisioning, authentication and authorization, IAM security, application security, infrastructure security, security monitoring and operations security)
- Deliver security architecture diagram and security architecture specification per security architecture engagement.
- Review enterprise critical project security architecture and assist IAM security solution integration for enterprise projects as needed.
- Develop / Harvest security architecture patterns from architecture engagements and build enterprise security architecture pattern repository.
- Communicate security strategy and drive the standardization and consistent definition and application of security principles to all stakeholders.
- 10 years' experience in an information technology role with increasing responsibility in information security architecture focusing on IAM security.
- Expert solution knowledge and implementation experience in building IAM capabilities in a complex global AWS environment (e.g., multiple AWS accounts across the globe).
- Expert solution knowledge and implementation experience in identity federation, single sign on, SAML, OAuth, adaptive authentication, identity proofing, Active Directory, and Active Directory Federation Service.
- Experience in security operation center execution. Understand how IAM supports cyber incident responses.
- Familiar with how cyberattacks are carried technically and can build architecture constructs to prevent them and enable incident response. Understands that architecting a good solution and architecting the right solution may not be the same thing - there are times when adding an application or functionality is not in the best interests of the organization.
- Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate
- Excellent written, verbal communication and presentation skills
- Must be a strong team player
- Trusted Advisor - the person needs to possess the personality and behaviors (diplomatic, tenacious and tactful) to rapidly establish themselves as trusted advisors to the business and as interpreters for the development of IT security solutions.
- Practical Futurist - need to have shown that they can be ready for ‘unpredictable' risks and opportunities, developing architectures that are resilient enough to keep up with the evolution of the enterprise and cyber threat landscape.
- Commercial acumen - needs to be familiar with ‘Do more for less', be able to identify and work with stakeholders to collect, aggregate and evaluate requirements in light of current and future technology resources and budgets.
- Bachelor's degree in information technology or computer science strongly preferred. Master degree preferred.
- CISSP, OSCP (Offensive Security Certified Professional), AWS Solution Architect certification preferred
It has been and will continue to be the policy of American International Group, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.
At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives