Associate Director of Identity and Access Management

Associate Director of Identity and Access Management

Salary: $120,000 - $175,000
•

Location:

Albany, NY
• Full-Time
• Posted:
Dec 5, 2025
• Closes:
Feb 18, 2038

NY Creates serves as a bridge for advanced electronics, leads projects that advance R&D in emerging technologies, and generates the jobs of tomorrow. NY Creates also runs some of the most advanced facilities in the world, boasts more than 3,000 industry experts and faculty, and manages public and private investments of more than $25 billion – placing it at the global epicenter of high‑tech innovation and commercialization.

The Associate Director of Identity and Access Management is the authoritative architect and operational owner of the enterprise‑wide identity fabric at NY Creates, responsible for the end‑to‑end design, implementation, hardening, integration, and lifecycle governance of hybrid identity systems encompassing on‑premises Active Directory, Microsoft Entra  (Azure AD), and a mature Identity Governance & Administration (IGA) platform.

• Own the full Microsoft identity stack: on‑premises Active Directory (multi‑forest/domain, ADFS, AD CS), Entra  (Conditional Access, Identity Protection, PIM), and Entra  synchronization with health monitoring and failover.
• Design and deploy enterprise IGA solution (SailPoint Identity
  
  IQ/Identity Now, Saviynt, One Identity, or Microsoft Identity Manager); implement birthright provisioning, access request portals, certification campaigns, and role‑based access control (RBAC/ABAC).
• Engineer zero‑trust authentication flows: passwordless (FIDO2, Windows Hello for Business), MFA (push, TOTP, certificate), and SSO federation (SAML 2.0, WS‑Fed) for 100+ SaaS, custom, and legacy applications.
• Build and enforce privileged access management (PAM): JIT elevation via Entra , Cyber Ark, Beyond Trust, or Hashi Corp Vault; session recording, keystroke auditing, and credential rotation for service accounts and admin jump boxes.
• Automate SCIM/REST provisioning connectors to HRIS (Workday, UKG), CMDB, cloud platforms, and research tools; maintain 99.99% sync SLA with error‑handling and rollback.
• Develop and operationalize identity risk analytics: UEBA via Entra  Protection, risky sign‑in suppression, impossible travel detection, and anomalous token issuance.
• Lead annual access certification campaigns; design segregation‑of‑duties (SoD) matrices for finance, research IP, and fab operations; remediate violations with automated deprovisioning.
• Integrate IAM with SOAR for automated incident response: isolate compromised identities, force MFA reset, and quarantine devices via Intune/Endpoint Manager.
• Produce executive dashboards (Power BI, Entra ) on identity hygiene metrics: orphan accounts, stale privileges, MFA adoption, and certification completion; support CMMC, NIST 800‑171, and audit evidence.
• Conduct red‑team validated privilege escalation exercises; harden GPOs, LDAP signing, Kerberos armoring, and Entra  consent policies.
• Author and enforce identity policies, standards, and procedures aligned to NIST 800‑63B, NIST 800‑53 AC/IA families, CIS AD benchmarks, and CMMC 2.0 IA.L2‑3.5.x controls.
• Train and mentor Tier 1/2 analysts on AD forensics, Entra , and IGA workflow design; develop internal IAM certification path.
• Represent NYC in SUNY IAM working groups, Microsoft EAP programs, and CISA Identity Priority initiatives.
• Critical thinking to trace lateral movement via Golden Ticket, Pass‑the‑Hash, or token theft across hybrid environments.
• Ability to script complex identity transformations (Power Shell, Graph API, Python) for bulk operations and custom connectors.
• High degree of initiative, dependability, and 24×7 on‑call for identity outages or credential compromise incidents.
• Effective oral & written communication skills, including board‑level identity risk briefings, regulatory submission authorship, and technical RFCs.

• Minimum of eight (8) years of progressive identity engineering experience with at least five (5) years exclusively in enterprise IAM program leadership, hybrid AD/Entra , and IGA platform ownership in regulated research, federal contractor, or…