Cloud IAM Security Architect

Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.

Position Overview:

Cloud IAM Security Architect and a subject matter expert to lead the design, implementation and governance of Identity and Access Management (IAM) strategies across GBT cloud environments, with deep experience in cloud security, architecture and compliance frameworks to enhance organization’s cloud security posture.

What You’ll do on a Typical Day:

• Contribute to align organization’s Information Security policies and standards with industry best practices and business needs in the adoption of IAM cloud services and technologies.
• Architect and develop scalable and secure IAM solutions across multi-cloud environments to fulfill the organization’s security policies and standards.
• Define and enforce IAM policies, standards and best practices for managing identity lifecycle, authentication, authorization and privileged access in cloud environments.
• Design IAM access models, implement roles, policies and permissions, and review current IAM roles, permissions, policies in the cloud environments.
• Manage the successful delivery of IAM projects and services for our customers by working directly with key business stakeholders and project teams.
• Collaborate with cloud engineering and excellence, DevOps, application teams, and compliance to integrate IAM solutions into CI/CD pipelines and enterprise applications.
• Provide IAM solutions for migrating or building new applications in the cloud environments.
• Design and lead enterprise initiatives including SSO, MFA, RBAC, ABAC and Identity Federation services for cloud environments, and optimize management.
• Define operating model, procedures and lead operations for cloud IAM team including optimization of Cloud IAM RBAC entitlement management processes.
• Perform risk assessments and access reviews to identify gaps and ensure compliance with industry regulations (e.g. NIST, PCI DSS, GDPR, ISO 27001, SOC2, etc.).
• Design and automate identity lifecycle and access provisioning processes using infrastructure-as-code tools (e.g. Terraform, Cloud Formation, etc.).
• Mentor security engineers and provide expert guidance on IAM security and incident response.

What We’re looking for:

• 8+ years of practical experience in the field of IT with at least 5+ years of direct experience as Cloud IAM architect or Security engineer role.
• Experience as Cloud IAM Architect for Amazon Web Services (AWS) required.
• Experience with Microsoft Azure preferred.
• Project leadership experience required.
• Experience with Cloud Security tools and SIEM tools such as Wiz, Veza, Crowdstrike, etc.
• Experience in migration to cloud, restructuring of cloud provider accounts on merger/acquisition, and structuring RBAC Policies in cloud environments (AWS and Azure).
• Subject-matter expertise across all IAM areas relating to both cloud and on-premises enterprise technology and architectures (Zero trust, least privilege principles, etc.).
• Experience with scripting (e.g. Python, PowerShell, bash, AWS SDK) and IaC automation (e.g. GitHub, Terraform, Cloud Formation, etc.).
• Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
• Experience with SSO/Federation (SAML, OAuth, FIDO2, etc.), multi-factor authentication (MFA) along with experience in directories, delegated administration, API gateways, and SOA services.
• Experience with Identity Governance, Access Management, Privileged Access and Secrets Management solutions (e.g. Saviynt, SailPoint, CyberArk, BeyondTrust, Okta, Ping, Hashicorp, etc.).
• Knowledge and understanding of networking technologies such as LAN, WAN, TCP/IP, load balancers, firewalls etc.
• Excellent customer service and communication (oral / written) skills required.
• Strong critical thinking and analytical skills and ability to think “out of the box” required.
• Must be able to work independently or with a team, under minimum supervision.
• Must be able to consult to key customers and senior management on project design and development scope.

Required Education:

• University degree in Information Technology, Computer Science or equivalent combination of education and industry certifications (CISSP, or relevant certifications a plus).
• Professional certifications like AWS Solutions Architect, AWS Security Specialty, etc.

Location

The US national annual base salary range for this position is from $110,000 to $220,000. The national range provided includes the base salary that GBT expects to pay for the role.  Actual base salary will be based on factors including the scope and complexity of the role and the successful candidate’s relevant experience, skills, knowledge, and work location.

In addition to base salary, this role is eligible for our Annual Incentive Award plan, which rewards participants based on company and individual performance. For information about our comprehensive US benefits programs and eligibility, please review our Benefits-at-a-Glance document.

Benefits at a glance

The #TeamGBT Experience

Work and life: Find your happy medium at Amex GBT.

• Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.

• Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.

• Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.

• We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.

• And much more!

All applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.

Click Here for Additional Disclosures in Accordance with the LA County Fair Chance Ordinance.

Furthermore, we are committed to providing reasonable accommodation to qualified individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the hiring process. For details regarding how we protect your data, please consult the Amex GBT Recruitment Privacy Statement.

What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!