VP, Identity and Access Management (IAM)

About the position The Identity & Access Management (IAM) Lead is responsible for the strategic design, implementation, and management of systems pertaining to identity management, identity security, and directory/federation services. This role ensures that access to Pennymac’s systems and data is secure, efficient, and compliant with internal policies and external regulations. The Lead will protect the organization against unauthorized access and identity-based threats by maintaining robust authentication and authorization frameworks. Responsibilities • Manages and/or improves multiple systems related to identity management, identity security, and directory/federation services. • Makes recommendations to improve identity, network, and application architectures to ensure "least privilege" access and enhance end user experience. • Analyzes and assesses vulnerabilities within identity infrastructure and application identity design, investigates countermeasures for identity-based attacks, and recommends best practices. • Reviews and updates information security policies, architectures, and standards specifically for Identity and Access Management. • Responds to audits, penetration tests, and vulnerability assessments related to user access and identity governance. • Utilizes new technologies and scripting to enhance security capabilities and automate manual provisioning/deprovisioning processes. • Works with IT and business partners to ensure identity security is factored into the selection and configuration of all new software and hardware. Requirements • Minimum of 7 years of experience in systems administration, automation, or technology architecture. • Proficiency in PowerShell for automation and administrative tasks. • Deep technical knowledge of Active Directory (AD) and directory services. • Experience managing Privileged Account Management (PAM) tools (e.g., CyberArk, BeyondTrust, Keeper). • Expertise in SSO Providers and Federation (e.g., OneLogin, Okta, SAML, OIDC). • Knowledge of network security including VPN, Firewall, and web server security as it relates to identity. • Experienced in working with compliance and regulatory program requirements (e.g., SOX, GLBA). • Strong initiative and decision-making capabilities and the ability to communicate clearly with technical and non-technical stakeholders. Nice-to-haves • BS or MA in Computer Science, Information Security, or related field. Relevant cyber security and/or identity certifications. Benefits • Comprehensive Medical, Dental, and Vision • Paid Time Off Programs including vacation, holidays, illness, and parental leave • Wellness Programs, Employee Recognition Programs, and onsite gyms and cafe style dining (select locations) • Retirement benefits, life insurance, 401k match, and tuition reimbursement • Philanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorships Apply tot his job