Who We Are:
Collective Insights is a group of experienced consultants who looked around and decided to create a different kind of partnership for the modern enterprise: one focused on increasing the business value of tailored transformation and technology solutions. We are rooted in three guiding principles:
- Transform Clients
- Nurture Careers
- Uplift Communities
What Makes Us Unique:
At CI our core values are not just a set of words on a wall; they are uniquely woven into the fabric of who we are as a company.
- We Have Compassion: We respect each other and are free from bias of any kind in how we approach our work. We show esteem and honor for one another and the clients we serve.
- We Have Integrity: We are truthful, honest, and open in our actions and relationships, and perform our work with a high ethical standard.
- We Are Responsible: We are focused on growth the right way while fulfilling our obligations to each other and our clients.
- We Are Trusting: We have confidence in one another to do what we have committed to do. We always assume positive intent.
Don’t just take our word for it, hear it directly from our people:
“I was drawn to CI by its amazing company culture and people. From the very beginning, I was inspired by the collaborative and supportive environment that CI fosters. CI’s commitment to innovation and continuous improvement resonated with my personal values and career aspirations. Additionally, surrounding myself with such talented and passionate individuals has pushed me to grow more than I ever thought possible during my last two years at CI!”Ruth Fitzgerald, Consultant
Job Description:
As an Identity & Access Management (IAM) Leader, you will design, implement, and optimize modern identity solutions across Identity & Access Management (IAM/SSO/MFA), Identity Governance & Administration (IGA), Privileged Access Management (PAM/PIM/EPM), including human, machine, workload, bot and device Identities & Secrets. You will translate business, security, and compliance needs into scalable architectures on platforms such as Microsoft Entra ID & Entra ID Governance (primary), Okta, Ping, SiteMinder/Oracle Access Manager, CyberArk, BeyondTrust, Delinea EPM, and Azure Key Vault / Entra workload identity federation (AKS, Managed Identity). You will partner closely with client stakeholders to align identity strategy to Zero Trust principles, regulatory obligations, and measurable value realization.
What You Will Be Doing:
- Solution Design: Lead the definition of target‑state IAM architectures (OAuth2/OIDC/SAML, Conditional Access, FIDO2/Passkeys, B2B/B2C/External ID, RBAC/ABAC), IGA operating models (birthright access, lifecycle workflows, access reviews, role mining/SoD), PAM/PIM/EPM patterns (vaulting, JIT/JEA, session management, break‑glass), and machine identity strategies (managed identity, AKS federation, certificate lifecycle, secret rotation). Ensure solutions are scalable, repeatable, secure, and aligned to industry best practices and Zero Trust.
- Client Engagement: Facilitate discovery and architecture workshops; assess current state and risks; advise executives on roadmap options and operating model implications (helpdesk, audit, NOC/SOC). Communicate complex issues with structured narratives and clear recommendations.
- Implementation: Guide the conversion of architecture into secure designs and implementation plans; collaborate with Technical Specialists to configure policies, connectors, and automation (Terraform/Bicep, PowerShell/Python, Graph API, CI/CD). Oversee integration, testing, cutover, and rollback strategies.
- Compliance & Risk Management: Align identity controls to regulatory and security frameworks (e.g., NIST 800‑53/63, ISO 27001, SOC 2, HIPAA/HITRUST, PCI‑DSS, SOX, FedRAMP, NYDFS 23 NYCRR 500). Define controls for privileged access, least privilege, strong auth, and auditability; partner with risk/audit to close findings.
- Technical Leadership: Serve as design authority; mentor engineers; run design reviews and threat modeling; establish non‑functional requirements (availability, resiliency/DR, performance, observability).
- Documentation & Reporting: Produce architecture diagrams, patterns, decision records, security requirements, test/acceptance criteria, and runbooks. Provide status, risk/issue tracking, and outcome reporting.
- Continuous Improvement: Conduct post‑implementation reviews; tune Conditional Access/PIM/EPM policies, provisioning performance, and cert/secret rotations; codify reusable modules.
- Practice Development: Support pursuits (SoW scope, assumptions, pricing guardrails), demos/POCs, and market presence through presentations and publications. Supports innovation thru asset development that supports acceleration of value.
What You Bring:
- Experience: 5–8+ years in IAM across at least two subdomains (IAM/SSO/MFA, IGA, PAM/PIM/EPM, machine identity) with enterprise delivery experience.
- Education: Bachelor’s in Computer Science, Information Security, or related field (or equivalent experience). Master’s/MBA preferred.
- Technical Expertise: Deep knowledge of Entra ID/Entra ID Governance, Okta, Ping, SiteMinder/OAM; SailPoint or Saviynt; CyberArk/BeyondTrust/Delinea EPM; Azure Key Vault, managed identity, AKS workload identity federation; protocols (OIDC/OAuth2/SAML, SCIM); policy and automation (Conditional Access, PIM, IaC, CI/CD). Development of scripts using tools like powershell/python/javascript/Logic Apps/Power Automate/Flow/Automation Accounts utilizing APIs including Graph API/Rest/SOAP/XML.
- Solution Design and Implementation Experience: Proven ability to craft secure, scalable architectures, patterns, and reference implementations with clear trade‑off analyses and decision logs. Hands‑on guidance of build teams; integration with HRIS/AD/LDAP/SaaS; migration from legacy WAM to modern identity; non‑functional requirements (HA/DR/scale) and observability/KQL.
- Problem-Solving & Communication: Structured thinking, root‑cause analysis, and optioning (good‑better‑best) aligned to risk and business value. Clear written and verbal communication from engineering to executive levels; workshop facilitation; executive‑ready materials.
- Industry Knowledge: Understanding of sector‑specific constraints (e.g., healthcare payer, financial services, public sector, etc) and auditor expectations.
- Client-Facing Skills: History of successful client engagements, stakeholder alignment, and outcome‑based delivery.
- Demonstrated Passion: Continuous learning, community contribution, and awareness of emerging identity trends (e.g., passkeys, external identities, identity threat detection).
- Certifications (highly desirable): Microsoft SC‑100, SC‑300, AZ‑500; Okta Professional/Consultant; Ping; SailPoint Architect/Engineer; Saviynt; CyberArk Defender/Sentry; BeyondTrust/Delinea; HashiCorp Terraform Associate; AZ‑104/AZ‑305.
Additional Requirements:
Availability for periodic client travel, conferences, and professional engagements. Commitment to ongoing education and staying current with identity standards, vendor capabilities, and threats.
Join us:
Become a key part of our team and help clients modernize identity, reduce risk, and accelerate transformation with confidence.Our Company is committed to the principles of equal employment. We are committed to complying with all federal, state, and local laws providing equal employment opportunities, and all other employment laws and regulations. It is our intent to maintain a work environment which is free of harassment, discrimination, or retaliation because of sex, gender, race, religion, color, national origin, physical or mental disability, genetic information, marital status, age, sexual orientation, gender identity, military service, veteran status, or any other status protected by federal, state, or local laws.
The Company is dedicated to the fulfillment of this policy in regard to all aspects of employment, including but not limited to recruiting, hiring, placement, transfer, training, promotion, rates of pay, and other compensation, termination, and all other terms, conditions, and privileges of employment.
