IAM Lead

IAM Lead

Denver, CO (fully on-site then hybrid after first month)

Duration: 1-year contract (W2)

Pay:$65-70/hr







An enterprise organization is seeking an experienced Identity Security Technical Lead to provide technical leadership, establish standards, and guide the strategic evolution of Identity and Access Management (IAM) capabilities. This role joins a collaborative IAM team where ownership is shared, but deeper expertise is needed to define best practices, align solutions, and set a clear technical direction—particularly around automation of Joiner-Mover-Leaver (JML) and User Access Review (UAR) processes.




The ideal candidate combines strong hands-on experience with architectural judgment and clear stakeholder communication, helping mature IAM capabilities into a scalable, auditable, and automation-driven operating model.

Key Responsibilities

Technical Leadership & Standards

• Provide technical direction for IAM design and implementation across platforms including SailPoint, Microsoft Entra ID, on-prem Active Directory, Privileged Access Management (PAM) tools, and ServiceNow.
• Establish and promote IAM standards, best practices, and reference architectures aligned with least-privilege and Zero Trust principles.
• Guide the team toward scalable, supportable solutions rather than isolated or one-off implementations.
• Act as the technical escalation point for complex IAM design and architecture decisions.

JML & UAR Automation

• Lead the evolution of automated Joiner-Mover-Leaver (JML) processes, including:
  • HR-driven lifecycle events
  • Birthright access models
  • Role-based and attribute-based provisioning
  • Timely, automated deprovisioning
• Improve User Access Review (UAR) processes by:
  • Increasing automation and intelligent scoping
  • Implementing risk-based and role-based certifications
  • Reducing manual effort and reviewer fatigue
• Partner with the team to enhance role modeling, access bundling, and entitlement hygiene to support sustainable automation.

Delivery & Program Support

• Provide technical oversight across IAM initiatives and workstreams.
• Translate strategic objectives into actionable technical milestones and backlog items.
• Review solution designs, configurations, and implementation approaches for alignment with long-term IAM strategy.
• Support prioritization decisions and manage dependencies across shared responsibilities.

Engineering & Operational Enablement

• Guide best practices for:
  • SailPoint lifecycle workflows and access certification design
  • ServiceNow integrations for access requests, approvals, and fulfillment
  • PAM onboarding patterns, including just-in-time access, credential rotation, and session management
• Help standardize operational runbooks, support models, and success metrics.
• Identify opportunities to reduce technical debt through automation and simplification.

Stakeholder Engagement

• Serve as a technical liaison between IAM engineering, Security, Risk, Audit, HR, IT, and business stakeholders.
• Clearly communicate IAM strategy, trade-offs, and progress to both technical and non-technical audiences.
• Help stakeholders understand how JML and UAR automation reduces risk, improves efficiency, and supports audit readiness.

Governance, Audit & Compliance

• Align IAM practices with industry standards including NIST 800-53/800-63, ISO 27001/27002, CIS Controls, SOC 2, and Zero Trust frameworks.
• Support audit readiness by defining control narratives, evidence expectations, and repeatable processes.
• Provide guidance on remediating IAM-related audit findings, especially those related to provisioning, deprovisioning, and access reviews.

Required Qualifications

• 8+ years of experience in Identity & Access Management, including experience setting technical direction and best practices.
• Proven hands-on experience automating JML and UAR processes using Identity Governance platforms.
• Deep expertise with:
  • SailPoint (IdentityNow or IdentityIQ): lifecycle automation, access certifications, role modeling
  • Microsoft Entra ID: conditional access, PIM, federation, and application integrations
  • Active Directory (on-prem): group strategy, secure delegation, hybrid identity
  • PAM solutions such as CyberArk, BeyondTrust, or Delinea
  • ServiceNow access request workflows and IAM integrations
• Strong understanding of IAM audit and control frameworks (NIST, ISO, SOC 2, CIS).
• Knowledge of identity standards and protocols (SAML, OIDC, OAuth 2.0, SCIM).
• Excellent communication skills with the ability to influence without formal authority.

Preferred Qualifications

• Experience maturing existing IAM programs that lack consistency or strategic alignment.
• Exposure to risk-based or continuous access review models.
• Scripting or automation experience (PowerShell, Python, APIs).
• Relevant certifications such as CISSP, CISM, Azure Security, SailPoint, or PAM vendor certifications.

What Success Looks Like

• Clear IAM standards, patterns, and guardrails for JML and UAR automation are in place.
• Manual effort and audit friction across access provisioning and reviews are significantly reduced.
• IAM implementations are more consistent, scalable, and supportable.
• Stakeholders understand and trust the IAM roadmap and technical direction.
• Fewer repeat audit findings related to identity lifecycle management and access governance.

...