Sony Pictures Entertainment is looking for an IAM Operations Lead to support our enterprise Identity management program (IDM) in our Culver City headquarters. Within IT, the position reports to the Executive Director, Corporate IT and will be accountable for solving all the technology aspects of software development so that the product meets business and technology requirements and is delivered on-time/on-budget.  

The position is primarily focused on Identity Governance and Compliance using SailPoint IIQ, and knowledge of LDAP directories. The individual must have at least 5+ years of experience with SailPoint, OKTA or other IAM technologies. He / she will be responsible to support daily operations as well as contribute to long term strategy / architecture. The addition of this role will complement SPE’s relationship with its managed services vendor, resolve an imbalance with regard the dependency/risk of technical ownership, and focus on delivering value in three areas:

• Improving the management of incident queues and accountability of managed services support
• Ensuring that escalations are immediately handled without compromising incident SLAs or our enhancement stream
• Enable internal discovery for both code and process improvements related to data and solution footprint

Responsibilities: 

• Incidents: Supporting all L3 Service Now INCs and requests. Service Now INCs represent the predictable and essential workload of the Operations stream, and includes but is not limited to the following request types:
  • Queue Management
  • Bulk Updates
  • PAM Account Support
  • User Account Repair/Correction
• Access Certifications: Staging, launching, managing, and performing all close-out activities (SOX and non-SOX) associated with access certification campaigns.
• Production Debug: Debugging production issues pertaining to the operational current-state. This includes but is not limited to, troubleshooting defects for root cause analysis, discovery of design flaws, missed requirements, and coding defects.
• Recurring System Maintenance: Performing actions specific to recurring system maintenance, including but not limited to:
  • Performance check for IDM Systems
  • Verify file-based authoritative sources
  • Workday scan monitoring
  • Monthly custom reports (e.g. Blackbaud CSRConnect/YourCause, EINS/Swing/GHD Monthly Update Process)
• Password Rotations: Ensuring all IDM systems and IDM service account passwords are rotated and in compliance with the appropriate password policy.
• Ad Hoc Requests: Responding to ad-hoc demands generated via escalation from stakeholders.

Key outputs include: 

• Documenting SLA, KPI and other technical KT documents
• Project / task delivery 
• Problem Management & Root cause analysis 
• Contribute to assessment reports / position and recommendation documents on technology evaluations 
• Enterprise Standards documentation; usage guidelines; reference architectures 

Qualifications: 

• 5+ years of experience in architecting, designing, and implementing identity management strategies and solutions with at least 5 years of experience with SailPoint IIQ in following areas: 
• User life cycle management processes (on-premise and cloud), RBAC, certifications 
• Integration of IGA tools with ServiceNow, Workday, physical access systems, O365, CyberArk 
• Strong experience with developing and troubleshooting web services especially REST and SCIM 
• Familiarity with agile methodology. We use Jira for sprint planning and issue tracking  
• Ability to look at both the “big picture” as well as technical details. 
• Experience leading business requirements gathering, and solution design 
• Experience with Access management, SSO, & federation tools like SiteMinder, Ping Access, Forgerock 
• Some experience with ldap directory architecture including directory schema, namespace and replication topology and virtual directory products such as Openldap, ODSEE, Radiant Logic
• IDaaS tools such as Okta, Ping, Azure  
• Experience with AD, Azure AD, O365, ADFS and its integration with IGA tools 
• Some experience with modern protocols and frameworks such as SAML, WS-federation, OIDC, OAUTH, and jwt 
• Familiarity with RPA / BOTS in the context of Identity self-service processes 
• Familiarity with On-premise and cloud PAM tools such as CyberArk, Beyondtrust, etc. 
• Familiarity with public and private cloud services integration with IGA tools 
• Familiarity with MFA 
• Some experience with JBOSS, Tomcat, weblogic, apache, nginx 
• Some experience with common relational databases and nosql / document databases 
• Some experience with CICD / DevOps tools such as Jenkins and source control such as Git and Nexus. Other automation / devops / CICD experience is desirable but not required.   

Skills: 

• Excellent team player with a positive attitude.  
• Must be able to collaborate cross-functionally and globally with team members 
• Strong customer service orientation, personal commitment and accountability to deliver a best-in-class quality of service 
• Strong written and verbal communication skills  
• Be flexible to adapt to business changes due to digital transformation happening at Sony
• Some experience in resource and project management 
• Must be able to multi task and manage the time between operational and architecture tasks 

The anticipated base salary for this position is $115,500 to $154,500. This role may also qualify for annual incentive and/or comprehensive benefits. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location of the position.

*Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics.