IAM Systems Manager

Overview

Come join us at Con Edison as an IAM Systems Manager where you will play a pivotal role in shaping the future of our enterprise security. You will lead the design, implementation, and governance of our Identity and Access Management (IAM) systems. This role bridges the gap between legacy identity architectures and the autonomous, agent-driven future.

As the IAM Systems Manager, you will not only oversee traditional identity lifecycle and governance but also spearhead our Cloud Identity strategy and secure Agentic/Non-Human Identities (NHI) across our evolving AI and automation ecosystems. You will partner with business customers, security engineering, and cloud operations to ensure that all human, cloud, and machine identities are authenticated, properly authorized, and governed in real-time.

Responsibilities

• Lead the implementation, administration, and continuous optimization of Identity and Access Management (IAM) and Privileged Access Management (PAM) services.
• Direct cloud IAM strategies across public cloud environments (AWS, Azure, GCP), encompassing Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), Service Control Policies (SCPs), and permissions boundaries.
• Manage access, permissions, and identity stores, implementing automated solutions to streamline just-in-time access and session management.
• Ensure systems maintain audit and privacy compliance with regulatory requirements (e.g., NERC CIP, SOX) by providing robust access reporting, entitlement mapping, and certification.
• Manager Tier 0 application portfolio that include PAM, Active directory and DNS
• Design and implement robust security controls for agentic and non-human identities (service accounts, machine/workload identities, API keys, and AI agents).
• Establish unique non-human identities for AI agents, enforcing delegation instead of credential sharing, and applying dynamic, least-privilege authorization.
• Define and enforce security boundaries and containment strategies for AI agents and automated workflows to reduce excessive privilege exposure and limit blast radius.
• Perform credential and secrets scanning across AI environments to detect exposed credentials, utilizing tools like Secrets Manager, CIEM, and CSPM.
• Implement runtime identity controls where access decisions for AI agents are evaluated continuously at the moment of action.
• Manage and lead a team overseeing vendor relationships, technical interfaces, and system functionality between IAM platforms and business applications.
• Partner closely with IAM engineering, AI technical leads, and enterprise architecture teams to align enterprise identity controls with emerging AI security initiatives.
• Track investigation progress and access metrics, presenting complex analyses in clear, understandable terms to audiences at all levels via dashboards (e.g., Power BI).

Qualifications

• Bachelor's Degree and 8 years of relevant experience or
• Master's Degree and 6 years of relevant experience.

• Master's Degree in Computer Science, Information Systems, Cybersecurity, or a related field and 6 years of relevant experience.

• 6+ years of experience in enterprise Identity and Access Management (IAM/IGA), Privileged Access Management (PAM), and identity governance, required.
• Deep understanding of cloud-native identity controls, particularly AWS IAM, Azure AD, federated identities (SAML, OAuth, OIDC), and Secrets Manager, required.
• Proven hands-on experience securing non-human identities (NHIs), service accounts, and workload identities. Exposure to AI security, agentic identity concepts, and privilege escalation risks, required.
• Proficiency with infrastructure-as-code and scripting (Terraform, GitHub, Python, PowerShell) to automate cloud infrastructure and identity configurations, required.
• Ability to clearly articulate technical issues and concepts to business users, stakeholders, and vendors, working as a proactive member of a cross-functional team, required.

• Demonstrated problem solving skills
• Ability to lead/manage others
• Demonstrates a high commitment to quality
• Ability to build strong customer relationships

• Driver's License Required

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.