Lead IAM Engineer – Resilience, Risk & Compliance

This job is with S&P Global, an inclusive employer and a member of my Gwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.

About the Role:

Grade Level (for internal use):
11  The Team
You will join the Identity and Access Management (IAM) leadership team, functioning as the  Operational Excellence Lead . You will work horizontally across all Identity product lines, ensuring that every solution we deploy meets strict standards for availability and auditability. You will be the primary technical point of contact for internal Audit, Risk, and Infrastructure teams, ensuring that our Identity fabric remains resilient in the face of cyberattacks, outages, or natural disasters.
The Impact
Your work will directly determine the enterprise's ability to survive and recover from a catastrophic cyber event. by hardening our Active Directory and ensuring our Cloud Identity configurations can be restored in minutes, you are the ultimate safety net for the organization. You will transform our compliance posture from "reactive scrambling" to "proactive automation," giving leadership confidence in the security and stability of our access controls.
What's in it for you?
This is a role for a perfectionist who loves complex systems architecture. You will move beyond "provisioning users" to solving the hardest problems in IT:  "How do we bring the company back online if everything goes dark?"  You will have the authority to challenge existing architectures, implement cutting-edge recovery tools, and lead the strategy for Identity Resilience at a global scale.
We are seeking a seasoned  Lead IAM Engineer  to serve as the guardian of our Identity ecosystem. While other teams build new features, your mission is to ensure our Identity platforms (Okta, Active Directory, IGA, PAM) are  unbreakable, recoverable, and compliant .
In this strategic role, you will architect the  Business Continuity and Disaster Recovery (BC/DR)  strategies for the enterprise's most critical infrastructure. You will bridge the gap between technical resilience (backups, failover, high availability) and regulatory compliance (SOX audits, access certifications). You must possess broad, full-stack experience across all pillars of IAM-Access Management, IGA, and Privileged Access-to effectively identify single points of failure and design robust recovery workflows.

Key Responsibilities
IAM Resilience & Availability:  Architect and test High Availability (HA) and Disaster Recovery (DR) patterns for critical services (e.g., Active Directory, Okta, Cyber Ark). Design "Active-Active" or "Warm Standby" failover strategies to ensure 99.99% uptime.
Backup & Cyber Recovery:  Own the backup and recovery strategy for Identity data. This includes immutable backups for Active Directory (preventing ransomware lockouts), restoring IGA databases, and managing "Configuration as Code" backups for SaaS configurations (Okta/Entra ).
Compliance & Audit Defense:  Lead the technical response for external and internal audits (SOX, SOC2, ISO). Automate the collection of evidence for access controls, ensuring we are "audit-ready" 365 days a year.
Broad IAM Engineering:  Serve as a Subject Matter Expert (SME) across all IAM domains. Troubleshooting complex issues that span across SSO (Okta), Directory Services (AD/LDAP), Governance (SailPoint/Saviynt), and PAM.
Identity Integrity & Monitoring:  Implement advanced monitoring to detect configuration drift, unauthorized changes, or replication failures. Ensure that the "Identity Data" is consistent across HR feeds, Directories, and downstream apps.
Incident Management:  Act as the Major Incident Commander for identity-related outages. Lead Root Cause Analysis (RCA) processes and drive the implementation of preventative fixes.

Required Qualifications

Experience:

10+ years of total IT experience, with  7+ years specialized in Identity & Access Management .
Broad IAM Expertise:  You must be a "Full Stack" Identity Engineer with hands-on experience in at least three of the following areas:
Directory Services:  Deep expert-level knowledge of  Active Directory  (Forest/Domain architecture, replication, GPOs) and LDAP.
Access Management:  Strong familiarity with  Okta  or  Microsoft Entra   (Azure AD).
IGA:  

Experience with  SailPoint  or  Saviynt  (Identity Governance & Administration).
PAM:  Familiarity with  Cyber Ark  or  Beyond Trust .

Resilience & Recovery:  Proven experience performing  Forest Recoveries  in Active Directory or architecting DR failovers for global IAM platforms. Familiarity with AD recovery tools  is a plus.
Compliance Frameworks:  Strong understanding of regulatory requirements such as  SOX, NIST 800-53, and GDPR . Experience automating Access Reviews (UAR) and control testing.
Scripting & Automation:  Proficiency in  Power Shell, Python, or Terraform  to automate backups, evidence gathering, and configuration recovery.

What's In It For   You?
Our Mission:
Advancing Essential…