Lead, Identity & Access Management

About The Position

Requirements

• Bachelor of Computer Science or experience in identity security related field
• Strong expertise with RACF (or CA Top Secret) at system level, identity lifecycle, resource protection, and global controls
• PKI on z/OS: Expertise creating, importing, and managing certificates, keyrings, CAs, and trust chains; operational understanding of cert usage across DB2, CICS, MQ, TN3270, LDAP, z/OSMF.
• Comfortable with TSO/ISPF, JCL, SMF, JES; working knowledge of SMP/E and z/OSMF workflows for controlled changes.
• Proven scripting with REXX (and/or Ansible using z/OS collections); ability to turn runbooks into repeatable automated workflows (pre checks, execution, validation, rollback).
• Comfortable building small utilities (e.g., SMF parsers, RACF report generators) to standardize evidence and reduce manual toil.
• Experience designing or operating access controls for DB2 or similar RDBMS (e.g., Oracle, SQL Server, PostgreSQL) including role/privilege modeling, service account governance, and comfort collaborating with DBA/infra teams on least privilege enforcement.
• Practical knowledge of ISO IAM (or equivalent) and the skill to map standards to z/OS controls and monitoring.
• Hands on experience with access hygiene: dormant ID remediation, group/ownership transitions at scale, and recertification cycles; familiarity with Vanguard (or equivalent) reporting.
• Awareness of privileged operations across CA PAM/AutoSys; ability to streamline password update/reset workflows and secure tables.
• Strong grasp of TLS/PKI, cryptography basics, and mainframe authentication paths; able to detect and mitigate risks arising from certificate, policy, or ownership misconfigurations.
• Change management discipline - designs safe, testable changes; documents guardrails; produces reliable audit grade evidence.
• Communicates clearly with nonmainframe stakeholders, framing improvements in transferable security concepts (IAM lifecycle, least privilege, PKI automation, zero trust)
• Mindset that thrives here: You enjoy making “complex + critical” simpler and safer through automation. You see mainframe as a platform where security engineering excellence directly prevents outages and incidents, improves security posture, and where the skills you build are relevant everywhere in the information security area.

Responsibilities

• Mentor and codify: Work with team members to review JCL, RACF resource design, and dataset protections; convert tribal knowledge into runbooks with prechecks, rollback steps, and post deployment verification.
• Reduce unplanned work: Triage requests (ServiceNow/ISAMS), drive root cause fixes (e.g., account ownership hygiene, exception profile cleanup), and feed learnings back into automation to lower ticket volume.
• Automate the repetitive: Build or refine REXX/Ansible playbooks that standardize RACF certificate tasks, profile updates, and evidence generation.
• Advance ISO IAM alignment: Translate enterprise IAM standards into concrete controls and monitoring. Document gaps; propose remediation steps (recertification runs, ownership cleanups, exception reviews).
• Partner with Database/platform teams to implement and validate role based access for DB2 on z/OS (and other strategic on-prem or Cloud databases), review privileged roles, use appropriate tools to monitor identity and access compliance.
• Operate with precision: Execute certificate renewals or migration integrated workflow; validate application connectivity (CICS regions, MQ channels, DB2 subsystems) and capture audit ready evidence.
• When change windows arise: Participate in well scripted changes—but continuously shrink manual effort and shorten windows through automation, better staging, and reusable validation scripts.
• Share knowledge: Lead short “tech huddles” to demonstrate a new playbook, PKI improvement, or monitoring enhancement—highlighting transferable security skills that apply across platforms (PKI/TLS, IAM lifecycle, zero trust controls, automation at scale).

Benefits

• Market competitive base salaries, with a yearly bonus potential at every level.
• Medical, dental, vision, life insurance, disability insurance, Paid Time Off (PTO), and leave of absences, such as parental and military leave.
• 401(k) plan with company match (up to 4%).
• Company-funded pension plan.
• Wellness Programs including up to $1,600 a year for reimbursement of items purchased to support personal wellbeing needs.
• Work/Life Resources to help support topics such as parenting, housing, senior care, finances, pets, legal matters, education, emotional and mental health, and career development.
• Education Benefit to help finance traditional college enrollment toward obtaining an approved degree and many accredited certificate programs.
• Employee Stock Purchase Plan: Shares can be purchased at 85% of the lower of two prices (Beginning or End of the purchase period), after one year of service.