IAM Senior Engineer

At Holiday Inn Club Vacations, we believe in strengthening families. And we look for people who exhibit the courage, caring and creativity to help us become the most loved brand in family travel. We’re committed to growing our people, memberships, resorts and guest love. That’s why we need individuals who are passionate in life and bring those qualities to work every day. Do you instill confidence, trust and respect in those around you? Do you encourage success and build relationships? If so, we’re looking for you.

Holiday Inn Club Vacations is seeking a Senior Identity and Access Management (IAM) Engineer as a technical leader responsible for architecting, implementing, and supporting secure identity services across the enterprise and customer-facing environments. This role focuses on both workforce IAM and Customer IAM (CIAM), ensuring secure and seamless access to internal systems and guest-facing platforms. The engineer will also support Public Key Infrastructure (PKI), API access controls, and contribute to the broader identity governance and zero trust strategy of the organization. This position is ideal for individuals passionate about cybersecurity, and ready to contribute to protecting the digital infrastructure of a timeshare organization that serves thousands of vacation owners and guests.

• Design, deploy, and manage IAM and CIAM solutions including SSO, MFA, RBAC, and lifecycle management for internal users and external customers.
• Integrate identity solutions with cloud services (Azure AD, AWS IAM) and third-party SaaS platforms via SAML, OAuth2, OIDC, and SCIM.
• Lead the implementation and maintenance of CIAM capabilities, including self-service registration, identity verification, and consent management for customer portals.
• Build and manage secure APIs for IAM integration with enterprise applications, leveraging best practices in API security (e.g., token-based access, scopes, rate limiting).
• Support and maintain PKI infrastructure including certificate issuance, renewal, revocation, and key lifecycle management.
• Implement and automate provisioning/deprovisioning processes for workforce and guest identities using scripting or orchestration tools.
• Conduct access reviews, entitlement audits, and support regulatory compliance (e.g., GLBA, PCI, NIST CSF, CCPA).
• Act as a subject matter expert and escalation point for complex IAM issues and incidents.
• Collaborate with cybersecurity, DevOps, architecture, and application teams to ensure secure identity integration and modern authentication adoption.
• Document IAM architectures, workflows, and configuration standards, and contribute to IAM strategy and roadmap planning.
• Mentor junior IAM engineers and analysts on emerging technologies and secure design principles.

REQUIREMENTS:

Education & Experience:

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field; or equivalent professional experience.
• 5+ years of hands-on experience in IAM, with a focus on enterprise and CIAM environments.
• Strong expertise in IAM tools and services such as Azure AD, Okta, SailPoint, Ping Identity, or ForgeRock.
• Experience with customer identity platforms (e.g., Okta CIAM, Auth0, ForgeRock Identity Cloud, or similar).
• Strong knowledge of identity protocols: OAuth2, OIDC, SAML, LDAP, SCIM, and modern API authentication standards.
• Hands-on experience with PKI and certificate lifecycle management in enterprise settings.
• Proficiency in scripting languages (e.g., PowerShell, Python) for automation and integration tasks.
• Familiarity with API management and securing APIs through gateways and token-based controls.
• Experience supporting regulatory compliance and audits related to IAM and CIAM.
• Preferred certifications: Microsoft SC-300, CISSP, Certified Identity and Access Manager (CIAM), GIAC (GCSA, GCIH), or AWS/Azure security certifications.

Certifications (preferred but not required):

• Certified Identity and Access Manager (CIAM),
• AWS Certified Security Specialty.
• Microsoft SC-300
• Certified Information Security Manager (CISM)
• GIAC (GSEC, GCIA, GCSA)
• CISSP or equivalent

KEY COMPENTENCIES:

• Expertise in both enterprise and customer identity architectures and best practices.
• Strong analytical and troubleshooting skills with a proactive security mindset.
• Solid understanding of zero trust principles and secure API design.
• Excellent verbal and written communication skills with the ability to translate technical concepts to business stakeholders.
• Ability to lead technical initiatives and cross-functional project teams.
• Detail-oriented with a strong documentation and process improvement mindset.
• Ability to adapt to emerging technologies and evolving threat landscapes.
• Technical aptitude and strong troubleshooting skills.
• Strong communication skills for working with cross-functional teams.
• Ability to manage multiple tasks in a dynamic and fast-paced environment.
• Understanding of the principles of least privilege, segregation of duties, and identity governance.
• Familiarity with regulatory frameworks (e.g., NIST CSF, PCI-DSS,GLBA, GDPR,) as they relate to IAM.

Supervisory Responsibilities:

• This position does not have direct supervisory responsibilities.
• May provide guidance or mentoring to junior team members or support staff on IAM-related tasks or tools.
• May lead IAM project workstreams and coordinate with cross-functional teams and external vendors.

WORK SCHEDULE/HOURS

Schedules will vary depending on business needs, and may entail working nights, weekends and holidays. Must be flexible to work outside of departmental operating hours. Hybrid work model, Monday – Thursday (4 days) onsite and Friday is work from home.