IDAM Directory & Authentication Technology Lead

POSITION SUMMARY

Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management Organization is a key building block of ZTD.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The global Identity, Directory & Access Management (IDAM) team defines and enforces policies, executes processes, and enables systems to ensure appropriate access management across Zoetis' digital ecosystem. Key IDAM functions at Zoetis include Identity Governance & Administration (IGA), Directory & Authentication Services, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Customer Identity & Access Management (CIAM), and Privileged Access Management (PAM), among others.

The IDAM Directory & Authentication Technology Lead is responsible for managing and ensuring the optimal performance of critical Identity, Directory, and Access Management (IDAM) services within the Zoetis India Capability Center (ZICC). This includes oversight of Directory & Authentication Services, Multi-Factor Authentication (MFA), and Public Key Infrastructure (PKI), while also providing guidance to Level 2 (L2) Support functions. Leading a team of 4-6 engineers, administrators, and analysts, the role requires deep technical expertise in critical IDAM domains and a broad understanding of associated functions. As IDAM services are vital to Zoetis' global operations, the lead is tasked with ensuring maximum uptime, security, and operational efficiency. Additionally, this role engages in strategic initiatives and projects, collaborating with stakeholders across all levels, including executives, to drive business success through effective IAM solutions.

POSITION RESPONSIBILITIES     Percent of Time
•    Provide technical leadership and oversight for IDAM services, with a focus on Directory & Authentication Services (including Microsoft Active Directory in both Corporate and OT domains and EntraID), Single Sign-On, Conditional Access, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Encryption Services, and relevant integrations.
•    Monitor and ensure the performance, scalability, and security of all in-scope IDAM platforms, overseeing a team of 4+ specialists who handle routine monitoring, management and lifecycle tasks while stepping in directly to address critical issues or escalations as needed.
•    Supervise Level 2 (L2) and Level 3 (L3) support activities for identity and authentication issues, ensuring timely resolution, facilitating account provisioning/deprovisioning, access management, ownership, and cleanup, while delivering exceptional user experiences.
•    Assist in providing 16x5 operations of IDAM services, ensuring continuity of service and providing off-hours escalation support for high-priority incidents (P1, P2).
•    Lead incident and problem management processes, ensuring timely resolution of critical issues, identifying root causes, and implementing preventive measures to meet SLAs and maintain system reliability.
•    Manage and guide a team of 4+ specialists responsible for day-to-day troubleshooting while stepping in to address complex authentication failures, identity synchronization issues, and other high-priority challenges as needed.
•    Act as a subject matter expert and key point of contact for IDAM programs, providing technical guidance and strategic input for projects, initiatives, and cross-functional collaboration.
•    Plan and supervise installations, maintenance, and configuration changes across in-scope IDAM systems and services.
•    Oversee certificate life cycle management, including proactively monitoring certificate expiration dates, notifying teams of upcoming expirations, and facilitating timely renewal processes to ensure uninterrupted services.
•    Identify opportunities to enhance Directory and Authentication services, introduce new features to support business objectives, build compelling business cases, and lead initiatives from conception to successful implementation.
•    Drive adherence to global IDAM policies and processes, ensuring secure and efficient access to Zoetis information systems for all users.
•    Lead, mentor, and develop a team of L2 and L3 administrators, analysts, and engineers, fostering professional growth while driving operational excellence and efficiency across all IDAM functions.
•    Ensure close collaboration between the ZICC IDAM team and Service Desk, Site Services, and Security Operations teams to enhance IAM support processes and optimize cross-team workflows.    100%

ORGANIZATIONAL RELATIONSHIPS

•    Reports to ZICC based IDAM Program Lead, with dotted line to US-based Head of IDAM and IDAM Operations & Directory Services Leads
•    Be part of the global Technology Risk Management organization, which reports to the Chief Information Security Officer (CISO).
•    Collaborate regularly with ZTD application, business partner, and infrastructure teams
•    Interact with external vendors or partners providing software, services, or APIs that require integration with IDAM systems, including establishing requirements, negotiating contracts, and facilitating technical integration.
•    Collaborate with implementation partners responsible for deploying, configuring, or maintaining integrated solutions within Zoetis’ IT landscape.

EDUCATION AND EXPERIENCE 
Education:
•    University Degree in Computer Science or Information Systems is required 
•    MS or advanced security/identity courses or other applicable certifications is desirable, including
o    Certified Information Systems Security Professional (CISSP) 
Experience:
• Minimum 10+ years of experience in Information Systems
• 6+ years of detailed, hands-on experience with IDAM, especially AD, SSO, PKI, MFA
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
• Experience working with global teams across multiple time zones.
• Proven experience in managing medium to large-scale, global IT projects.
• Demonstrated ability to work within diverse technical teams.
• Proven experience in leading technical teams and managing end-to-end solution delivery.
• Strong experience collaborating with Managed Service Providers (MSPs), with a focus on ensuring quality and alignment.

TECHNICAL SKILLS REQUIREMENTS
This is a combination functional, technical, and leadership role. The ideal candidate will demonstrate proficiency in these areas and provide leadership with respect to specific technologies:

•    Enterprise & Cloud Directories
o    In-depth expertise in Microsoft Active Directory (AD) management, including trust relationships and replication.
o    Extensive experience with Microsoft EntraID (formerly Azure AD), including Conditional Access Policies, Modern Authentication, Single Sign-On (SSO), and B2B trusts.
o    Experience with AD support tools such as Quest Active Roles Server (ARS), Change Auditor, and Recovery Manager.
o    Proficiency in PowerShell scripting for automation, troubleshooting, and administrative tasks.
o    Ability to resolve authentication failures, replication issues, and service outages.
o    Experience implementing and securing password policy and self-service password reset solutions and deploying passwordless authentication methods to enhance security and user convenience.
•    Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Digital Certificates & Encryption
o    Expertise with MFA solutions such as SafeNet MobilePass or similar platforms.
o    Strong knowledge of PKI, including certificate lifecycle management and Microsoft CA/PKI.
o    In-depth understanding of SSL/TLS certificates, certificate authorities (CAs), and secure key management principles.
o    Familiarity with encryption schemes, key rotation best practices, and Hardware Security Modules (HSM).
o    Experience integrating MFA and PKI solutions with enterprise applications, VPNs, and cloud platforms.
o    Management of PKI hardware, including HSMs.
•    Disaster Recovery
o    Experience with disaster recovery processes from a directory services perspective, ensuring business continuity during outages.
•    Application Hosting & Privileged Access Management (PAM)
o    Strong understanding of on-premise and IaaS application hosting activities, especially in Azure environments.
o    Proficiency in PAM integration with directory services, including password vaulting, rotation, and Just-in-Time Access (JITA).
•    Data Hygiene
o    Proven ability to ensure clean, accurate, and well-managed identity data across enterprise systems.
o    Ability to establish and enforce procedures for decommissioning access for departing employees and reassigning service accounts and entitlements.
o    Collaboration with HR to ensure timely and accurate flows of authoritative user data.
•    End-User and Technology Team Support
o    Experience providing or supervising Level 2 (L2) and Level 3 (L3) support for identity and authentication issues for end users and technology teams.
o    Knowledge of troubleshooting authentication failures and collaborating with application teams to resolve availability issues.
o    Familiarity with incident response and root cause analysis for authentication service outages, identity synchronization issues, and cybersecurity events.
o    Experience working with Service Desk, Site Services, and Security Operations teams to enhance IAM support processes.
•    Desirable Skills & Additional Expertise
o    Customer Identity and Access Management (CIAM): Experience with SAP CDC (Gigya) is a plus.
o    Privileged Access Management (PAM): Experience with tools like Delinea Secret Server and Netwrix for JITA is highly desirable.
o    Identity Governance & Administration (IGA): Knowledge of SailPoint IdentityIQ for Identity Lifecycle, Access Request & Recertification, and User Provisioning/Deprovisioning is a plus.
o    Microsoft Power Apps: Experience building or customizing forms and applications to enhance identity-related workflows is advantageous.
o    Database & Data Analytics: Experience with SQL, Alteryx, and data warehousing concepts to streamline workflows and troubleshoot data-related issues is a plus.
•    Must be fluent in both written and spoken English, with the ability to clearly communicate across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS .

Availability to work between 1pm IST to 10pm IST hours (minimum 3 hours of daily overlap with US ET Time zone)