Cybersecurity Architect - IAM

Who we are 

Creative Artists Agency (CAA) is the world’s leading entertainment and sports agency, with offices in Los Angeles, New York, Nashville, London and Beijing. Founded in 1975, CAA represents many of the most successful professionals working in film, television, music, theatre, video games, sport, and digital content, and provides a range of strategic marketing and consulting services to corporate clients. 

The Role

This is a hands-on security position working within the Information Security group and with the internal IT department at large. We are looking for candidates who have a passion for cyber security, identity management and threat response. You will provide domain expertise to design and develop the capabilities of the identity and access management platform and the automation of application deployment pipelines to the platform. As a key leader in our security organization, the Cybersecurity Architect will drive the development of secure design principles, reference architectures, and security standards across a modern, SaaS-enabled and cloud-first ecosystem. This includes securing complex identity flows, third-party integrations, APIs, and distributed systems while addressing the shared responsibility model inherent across SaaS and internally developed line of business platforms. In this role, you will be an essential partner and technical specialist for identity and access platform development and provide thought leadership on enterprise security and architecture across identity access and governance. You will be a key part of our efforts to enable the business needs in a highly collaborative organization. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practice. 

Responsibilities 

• Maintain architectural diagrams and workflows of the identity access management platform 

• Provide design, evaluation, analysis, of identity and access management programs to support the company’s strategy 

• Develop standards and guidelines for access management across the company and department 

• Understand user lifecycle management; including provisioning/de-provisioning, access requests, user entitlements and audit & validations 

• Collaborate with HRIS, IT service owners, service desk and end-users to gather feedback and design solutions with identity related workflows 

• Present on design & vision that meets user and business needs 

• Design overall structure for new and existing cloud and on-premise applications into the identity access management platform 

• Create identity governance workflows with the concepts of attestation and auditing. 

• Ensure systems are scalable, maintainable and meet business needs 

• Create documentation to support architectural decisions and workflows 

• Review identity workflows and processes for lifecycle management, auditing, reporting, governance and self-service 

• Design a RESTful identity API to provide Identity as a Service to downstream services and directory owners 

• Play an active role in CAA’s security incident response efforts, working to identify and mitigate information security threats 

Required Capabilities 

• A minimum of 7 years in Information Technology, ideally with a focus on information security 

• A minimum of 3 years’ experience in identity and access management Architecture or Engineering 

• A Bachelor’s or Master’s Degree in a relevant field of work 

• Experience architecting IAM projects from design through implementation 

• Strong communication and presentation skills with ability to explain complex concepts to both technical and non-technical audiences 

• Have designed and supported the implementation of Zero Trust Identity architecture 

• Understanding of OAuth, SAML and OpenID frameworks 

• An understanding of the fundamental operations of servers, operating systems, networks, firewalls, cloud applications, and infrastructure 

• Knowledge in automation and integration with SaaS applications 

• Knowledge of lifecycle management and provisioning and de-provisioning 

• Knowledge of different MFA and compensating controls for identity 

• Knowledge of privilege identity management, privileged access management, and concepts of just in time provisioning, just enough access, and principal of least privilege 

• Knowledge of scripting in at least one of the following languages:  PowerShell, Python, JavaScript 

Desired Capabilities 

• Cross-team collaboration and vendor management 

• Set up and integrations for Single Sign-On with various SaaS vendors 

• Knowledge and experience of SCIM integration 

• Account set-up and access management 

• Application development and DevSecOps pipeline 

• Building and using REST APIs  

• Experience creating and supporting identity framework or IDaaS 

• An understanding of the NIST framework and using a continuous improvement loop 

Desired Techincal Skills 

Azure AD, Active Directory, AD Connect, Azure Automation, Power Automate, SAML, OpenID,  SSO, SCIM, OAuth, PowerShell, RESTful APIs, Okta, Workday, SailPoint, Ping Federate, PingID, Splunk, RBAC 

Certifications with CIAM, CIMP, Okta, SailPoint, Microsoft Identity, Ping Identity, CISSP, CISM, CompTIA Security+