Program Lead - IDAM

Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. 
Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The ZICC IDAM Program Lead is responsible for overseeing all Identity, Directory & Access Management (IDAM) functions within the Zoetis India & Capability Center (ZICC) from both a technology and day-to-day operational perspective. Within the ZICC, this position will lead a team of approximately 16-20 colleague resources. The ideal candidate must also possess deep technical proficiency in key areas and maintain a broad understanding of others.

This role is part of the global IDAM team, which defines and enforces policies, executes processes, and manages systems to ensure that the right individuals have access to the right information at the right time, supporting the security and efficiency of Zoetis’ digital ecosystem.

Key IDAM functions at Zoetis include:
• Identity Governance & Administration (IGA)
• Directory & Authentication Services
• Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Digital Certificates & Encryption
• Customer Identity & Access Management (CIAM)
• Privileged Access Management (PAM)
• Data Hygiene
• Support for End Users and Technology Teams

As IDAM services are mission-critical to all Zoetis information systems, this role is primarily responsible for ensuring maximum uptime, security, and operational efficiency. The ideal candidate will possess deep expertise in business processes enabled by IAM solutions and will engage on multiple projects while collaborating with stakeholders at all levels, including executives.



POSITION RESPONSIBILITIES

• Oversee 16x5 operations for Identity, Directory & Access Management (IDAM) services, ensuring uninterrupted service and providing off-hours escalation support for high-priority incidents (P1, P2).
• Provide technical leadership and oversight for all IDAM services, data flows, and related integrations, spanning all of the key IDAM functions listed above.
• Monitor and manage system performance, ensuring maximum uptime, scalability, and security across IDAM platforms.
• Supervise L2 and L3 support for identity and authentication issues for both end users and technology teams, ensuring timely resolution and high-quality user experiences.
• Lead incident and problem management processes, ensuring service level agreements (SLAs) are consistently met, and root causes are identified and addressed effectively to prevent recurrence.
• Lead troubleshooting of authentication failures and collaboration with application teams to resolve availability issues, maintaining system reliability and addressing critical challenges.
• Supervise incident response and root cause analysis for authentication service outages, identity synchronization issues, and cybersecurity events to ensure timely recovery and mitigation.
• Serve as a key point of contact and subject matter expert for IDAM programs, providing technical guidance and strategic input for projects and initiatives.
• Plan and supervise all installations, maintenance, and changes across IDAM systems and services.
• Identify opportunities to enhance IDAM services and introduce new features to support business objectives, build compelling business cases, and drive these initiatives from conception to successful implementation as projects.
• Drive adherence to global IDAM policies and processes, ensuring secure and efficient access to Zoetis information systems for all users.
• Lead, mentor, and develop a team of L2 and L3 administrators, analysts, and engineers, fostering professional growth while driving operational excellence and efficiency across all IDAM functions.
• Ensure the ZICC IDAM team works closely with Service Desk, Site Services, and Security Operations teams to enhance IAM support processes and optimize collaboration across teams.
• Oversee IDAM Data Hygiene activities, ensuring clean, accurate, and well-managed identity data across systems. Collaborate closely with HR and other stakeholders to maintain data quality and integrity.
100%

ORGANIZATIONAL RELATIONSHIPS

• Take direction from the US-based Head of Global IDAM
• Close interaction with the US-based IDAM team
• Part of global Technology Risk Management organization, reporting to CISO
• Interacting with ZTD Infrastructure teams, especially Platform Services, IT Service Desk & Site Services, Global Network Services, and Digital Workplace Services teams.
• Interacting with ZTD business partner teams supporting Global Commercial, VMRD, AGB and GMS ZTD.
• Interacting with business stakeholders to gather integration requirements, understand business processes, and ensure that integration solutions align with organizational goals and objectives.
• Interacting with external vendors or partners who provide software, services, or APIs that need to be integrated with IDAM systems. This collaboration includes establishing integration requirements, negotiating contracts, and facilitating technical integration.
• Work with implementation partners who may be responsible for deploying, configuring, or maintaining integrated solutions within the client's IT landscape.



Supervision
Approximately 16-20 ZICC colleague members of the IDAM team.


EDUCATION AND EXPERIENCE
Education:
• University Degree in Computer Science/ Information Systems/Business Administration or science related field is required
• MS or advanced security/identity courses or other applicable certifications (CISM, CISSP, CrowdStrike, Palo Alto etc.) is desirable
Experience:
• Minimum 13+ years of experience in Identity, Directory & Access Management
• 10+ years of experience in pharmaceutical or other regulated industry, especially Animal Health
• 10+ years of working as part of a global team, providing round-the-clock and follow-the-sun coverage
• 10+ years of detailed, hands-on experience with IGA, Enterprise Directories, PAM, Digital Certificates and PKI
• Experience leading a Managed Service Provider (MSP) team preferred
• Experience supporting highly available business critical services with maximum uptime requirements
• Experience designing, developing, implementing and managing Identity Services and processes
• Experience managing medium to large scale, global IT projects
• Clear understanding of IT Infrastructure lifecycle: Architecture, Design and Operations. Working knowledge of all areas of IT Infrastructure.
• Diverse technical team experience.


TECHNICAL SKILLS REQUIREMENTS
• This is a hands-on leadership role overseeing a team of technical specialists. The ideal candidate will possess a strong blend of high-level and detailed technical expertise in the majority of the following areas:

• Identity Governance & Administration (IGA):
o Proficiency with enterprise IGA tools such as SailPoint IdentityIQ (IIQ) or similar.
o Expertise in Identity Lifecycle, Access Request & Recertification, and User Provisioning/Deprovisioning.
o Experience integrating IGA tools with MS Active Directory, ServiceNow, Workday, SAP, and other enterprise systems.
o Strong development skills in Java, Beanshell, XML, or similar for customizing workflows, connectors, and creating REST APIs.
o Solid database/SQL skills for data management and integration.
• Enterprise & Cloud Directories
o Comprehensive knowledge of Microsoft Active Directory (AD) management, including trust relationships.
o Experience with Microsoft EntraID (formerly Azure AD), including Conditional Access Policies, Modern Authentication, and Single Sign-On (SSO), and B2B trusts.
o Familiarity with AD support tools such as Quest Active Roles Server (ARS), Change Auditor, and Recovery Manager.
o Proficiency in PowerShell scripting for automation and troubleshooting.
o Ability to resolve authentication failures, replication issues, and service outages.
• Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Digital Certificates & Encryption
o Expertise in MFA solutions such as SafeNet MobilePass or similar.
o Strong knowledge of PKI, including certificate lifecycle management and Microsoft CA/PKI.
o Experience with SSL/TLS certificates, certificate authorities (CAs), and secure key management.
o Familiarity with encryption schemes, key rotation best practices, and HSM (Hardware Security Modules).
o Integration of MFA and PKI solutions with enterprise applications, VPNs, and cloud platforms.
• Privileged Access Management
o Experience with password vault solutions such as Delinea Secret Server, including password rotation.
o Familiarity with Just-in-Time Access (JITA) solutions like Netwrix SecureOne.
• End-User and Technology Team Support
o Provide or supervise L2 & L3 support for identity and authentication issues for both end users and technology teams
o Troubleshoot authentication failures and collaborate with application teams to resolve availability issues.
o Support incident response and root cause analysis for authentication service outages, identity synchronization issues, and cybersecurity events
o Work closely with Service Desk, Site Services, and Security Operations teams to enhance IAM support processes.
• Customer Identity & Access Management (CIAM)
o Understanding of CIAM principles, including user registration, progressive profiling, and consent management.
o Familiarity with CIAM tools such as SAP Customer Data Cloud (CDC/Gigya) or similar.
o Experience integrating B2B and B2C applications for secure and seamless customer authentication.
o Knowledge of social login integrations (Google, Facebook, etc.) and fraud detection mechanisms.
o Integration of CIAM with enterprise systems like CRM, e-commerce platforms, and customer support portals.
• Data Hygiene
o Ensure clean, accurate, and well-managed identity data across systems.
o Establish procedures for decommissioning access for departing employees and reassigning service accounts and entitlements.
o Collaborate with HR to ensure timely and accurate flows of authoritative user data.
• Communication Skills
o Must be fluent in both written and oral English, with the ability to communicate effectively across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS

Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)