IDAM Directory & Authentication Technology Lead

Position Responsibilities

Percent of Time: 100%

• Provide technical leadership and oversight for IDAM services, focusing on Directory & Authentication Services (Microsoft Active Directory in both Corporate and OT domains, EntraID), Single Sign-On, Conditional Access, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Encryption Services, and relevant integrations.
• Monitor and ensure the performance, scalability, and security of all in-scope IDAM platforms, overseeing a team of 4+ specialists who handle routine monitoring, management, and lifecycle tasks, while stepping in directly to address critical issues or escalations as needed.
• Supervise Level 2 (L2) and Level 3 (L3) support activities for identity and authentication issues, ensuring timely resolution, facilitating account provisioning/deprovisioning, access management, ownership, and cleanup, while delivering exceptional user experiences.
• Assist in providing 16x5 operations of IDAM services, ensuring continuity of service and providing off-hours escalation support for high-priority incidents (P1, P2).
• Lead incident and problem management processes, ensuring timely resolution of critical issues, identifying root causes, and implementing preventive measures to meet SLAs and maintain system reliability.
• Manage and guide a team of 4+ specialists responsible for day-to-day troubleshooting while stepping in to address complex authentication failures, identity synchronization issues, and other high-priority challenges as needed.
• Act as a subject matter expert and key point of contact for IDAM programs, providing technical guidance and strategic input for projects, initiatives, and cross-functional collaboration.
• Plan and supervise installations, maintenance, and configuration changes across in-scope IDAM systems and services.
• Oversee certificate life cycle management, including proactively monitoring certificate expiration dates, notifying teams of upcoming expirations, and facilitating timely renewal processes to ensure uninterrupted services.
• Identify opportunities to enhance Directory and Authentication services, introduce new features to support business objectives, build compelling business cases, and lead initiatives from conception to successful implementation.
• Drive adherence to global IDAM policies and processes, ensuring secure and efficient access to Zoetis information systems for all users.
• Lead, mentor, and develop a team of L2 and L3 administrators, analysts, and engineers, fostering professional growth while driving operational excellence and efficiency across all IDAM functions.
• Ensure close collaboration between the ZICC IDAM team and Service Desk, Site Services, and Security Operations teams to enhance IAM support processes and optimize cross-team workflows.

Organizational Relationships

• Reports to ZICC-based IDAM Program Lead, with dotted line to US-based Head of IDAM and IDAM Operations & Directory Services Leads.
• Part of the global Technology Risk Management organization, reporting to the Chief Information Security Officer (CISO).
• Collaborates regularly with ZTD application, business partner, and infrastructure teams.
• Interacts with external vendors or partners providing software, services, or APIs that require integration with IDAM systems.
• Works with implementation partners responsible for deploying, configuring, or maintaining integrated solutions.

Education and Experience

Education:

• University Degree in Computer Science or Information Systems is required.
• MS or advanced security/identity certifications desirable (e.g., CISSP).

Experience:

• Minimum 10+ years in Information Systems.
• 6+ years of hands-on experience with IDAM, especially AD, SSO, PKI, MFA.
• 2+ years in the pharmaceutical or regulated industry (especially Animal Health).
• Experience with global teams across multiple time zones.
• Proven experience leading technical teams and managing global IT projects.
• Strong collaboration experience with MSPs, focusing on quality and alignment.

Technical Skills Requirements

Enterprise & Cloud Directories:

• Expert in Microsoft AD (trusts, replication), EntraID (SSO, B2B trusts).
• AD tools: Quest ARS, Change Auditor, Recovery Manager.
• PowerShell scripting for automation and admin tasks.
• Authentication failure troubleshooting, policy management, and passwordless tech.

MFA, PKI & Encryption:

• MFA solutions (e.g., SafeNet MobilePass), Microsoft CA/PKI.
• Certificate lifecycle management, SSL/TLS, encryption best practices, HSMs.
• MFA/PKI integrations with enterprise and cloud apps.

Disaster Recovery:

• Strong DR experience for directory services.

Application Hosting & PAM:

• Azure hosting familiarity, PAM (e.g., password vaulting, JITA).

Data Hygiene:

• Ensures accurate identity data; collaborates with HR for timely updates.

Support & Collaboration:

• Leads L2/L3 support, root cause analysis, incident response.
• Works with Service Desk and Security Operations to enhance support.

Desirable Skills:

• CIAM (SAP CDC/Gigya), PAM (Delinea Secret Server, Netwrix).
• IGA (SailPoint), Microsoft Power Apps, SQL/Alteryx/data analytics.

Soft Skills:

• Fluent in English, excellent cross-functional communication.

Physical Position Requirements

• Work Hours:

  1pm IST to 10pm IST (minimum 3 hours overlap with US EST)

• Type:

  Full-time