This job has closed.

NY Creates · 1 month ago

Associate Director of Identity and Access Management

Albany, NY

Full-time

Onsite

Lead/Staff, Director/Executive

$120K/yr - $175K/yr

8+ years exp

NY Creates is a leading organization in advanced electronics and emerging technologies. They are seeking an Associate Director of Identity and Access Management to oversee the enterprise-wide identity fabric, focusing on the design and implementation of identity systems and ensuring compliance across various environments.

Non ProfitSemiconductor

H1B Sponsor Likely

Responsibilities

Own the full Microsoft identity stack: on-premises Active Directory (multi-forest/domain, ADFS, AD CS), Entra ID (Conditional Access, Identity Protection, PIM), and Entra ID Connect synchronization with health monitoring and failover

Design and deploy enterprise IGA solution (SailPoint IdentityIQ/IdentityNow, Saviynt, OneIdentity, or Microsoft Identity Manager); implement birthright provisioning, access request portals, certification campaigns, and role-based access control (RBAC/ABAC)

Engineer zero-trust authentication flows: passwordless (FIDO2, Windows Hello for Business), MFA (push, TOTP, certificate), and SSO federation (SAML 2.0, WS-Fed) for 100+ SaaS, custom, and legacy applications

Build and enforce privileged access management (PAM): JIT elevation via Entra ID PIM, CyberArk, BeyondTrust, or HashiCorp Vault; session recording, keystroke auditing, and credential rotation for service accounts and admin jump boxes

Automate SCIM/REST provisioning connectors to HRIS (Workday, UKG), CMDB, cloud platforms, and research tools; maintain 99.99% sync SLA with error-handling and rollback

Develop and operationalize identity risk analytics: UEBA via Entra ID Identity Protection, risky sign-in suppression, impossible travel detection, and anomalous token issuance

Lead annual access certification campaigns; design segregation-of-duties (SoD) matrices for finance, research IP, and fab operations; remediate violations with automated deprovisioning

Integrate IAM with SOAR for automated incident response: isolate compromised identities, force MFA reset, and quarantine devices via Intune/Endpoint Manager

Produce executive dashboards (Power BI, Entra ID reports) on identity hygiene metrics: orphan accounts, stale privileges, MFA adoption, and certification completion; support CMMC, NIST 800-171, and audit evidence

Conduct red-team validated privilege escalation exercises; harden GPOs, LDAP signing, Kerberos armoring, and Entra ID app consent policies

Author and enforce identity policies, standards, and procedures aligned to NIST 800-63B, NIST 800-53 AC/IA families, CIS AD benchmarks, and CMMC 2.0 IA.L2-3.5.x controls

Train and mentor Tier 1/2 analysts on AD forensics, Entra ID troubleshooting, and IGA workflow design; develop internal IAM certification path

Represent NYC in SUNY IAM working groups, Microsoft EAP programs, and CISA Identity Priority initiatives

Critical thinking to trace lateral movement via Golden Ticket, Pass-the-Hash, or token theft across hybrid environments

Ability to script complex identity transformations (PowerShell, Graph API, Python) for bulk operations and custom connectors

High degree of initiative, dependability, and 24×7 on-call for identity outages or credential compromise incidents

Effective oral & written communication skills, including board-level identity risk briefings, regulatory submission authorship, and technical RFCs

Qualification

Identity Governance & AdministrationHybrid Active DirectoryZero-trust authenticationPrivileged Access ManagementMicrosoft Entra IDNIST Cybersecurity FrameworkScripting PowerShellScripting PythonEffective communicationCritical thinkingMentoring

Required

Minimum of eight (8) years of progressive identity engineering experience with at least five (5) years exclusively in enterprise IAM program leadership, hybrid AD/Entra ID architecture, and IGA platform ownership in regulated research, federal contractor, or critical manufacturing environments (5,000+ identities, multi-forest, cloud-native apps)

Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related STEM field from an accredited institution; master's degree preferred

Equivalent Microsoft Identity MVP or military cyber identity operations training accepted

Knowledge of information security management frameworks such as the NIST Cybersecurity Framework, NIST Special Publication 800-171, or CIS 18 Critical Security Controls

Preferred

Microsoft Certified: Identity and Access Administrator Associate (SC-300)

Microsoft Certified: Azure Security Engineer Associate (AZ-500) - IAM focus

Microsoft Certified: Cybersecurity Architect Expert (SC-100)

SailPoint Certified IdentityIQ Engineer OR IdentityNow Professional

Saviynt Certified Administrator

OneIdentity Manager Certified Professional

Certified Identity and Access Manager (CIAM)

Certified Information Systems Security Professional (CISSP) - IAM domain

GIAC Certified Windows Security Administrator (GCWN)

Benefits

Medical, Vision, and Dental

Competitive Pay and PTO

Flexible Heath Spending and Dependent Care Accounts

Basic / Optional Life Insurance

Post-Retirement Health Insurance

Employer contribution of 7% of earnings to a Basic Retirement plan after meeting one year of service.

Optional employee contributed retirement account

Company

NY Creates

NY Creates leads industry-connected innovation and commercialization projects to attract investment and create jobs in high technology.

Founded in 1993

Albany, Georgia, USA

1001-5000 employees

https://ny-creates.org/

H1B Sponsorship

NY Creates has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (1)

2024 (2)

2021 (1)

2020 (4)