The China Lead for Identity & Access Management (IAM) Services reports to ＜TBD＞. This role manages all IAM related architecture, engineering, and operational functions of the China IAM program, while maintaining compliance with EY Global policies and standards as well as applicable Chinese laws and regulations. The Lead works collaboratively with counterparts and stakeholders in EY global and China IT and business areas to define and implement the China IAM strategy, roadmap, and required services.

The Lead is responsible for the alignment of business, operational and security requirements, and translation of those requirements into technical IAM capabilities serving the EY China firm. IAM services include, but are not limited to, identity lifecycle management, authentication and authorization, access requests, access provisioning, access reauthorization, multi-factor authentication, IAM role and entitlement models, public key infrastructure, cloud services, and directory services technologies. The Lead will manage a China-based team of architects, engineers and operations personnel and work with architect, strategy and product leads to create a roadmap that meets business, IT, legal and regulatory requirements.
Essential Functions of the Job:
Primary responsibilities associated with this role are:

• Subject matter expertise in the areas of IAM technologies including directory services, authentication/authorization services, Identity Governance and Administration (IGA), public key infrastructure, and single sign-on technologies. Active Directory (AD) and Azure Active Directory (AAD) are predominant technologies used by the firm and as such deep skills in these areas are required.
• Manages and oversees the IAM service teams aligned to aspects of Identity Management, Secure Access, Public Key Infrastructure, Credential Management, Directory Services and Microsoft Enhanced Security Adminitrative Environment (ESAE) across architecture, engineering and operational support.
• Ensure compliance with EY Information Security policies and standards as they pertain to the IAM space.
• Ensure compliance with China laws and regulations.
• Lead teams which directly support the successful delivery of IAM projects through team management and project participation by working directly with key business stakeholders, executives and project teams.
• Drive adoption of global IAM architecture standards, implement resilient and scalable solutions, and ensure the operations and maintenance of the IAM solutions meet the needs of the China firm.
• Business case development for the introduction of new services and solutions supporting the China IAM program.
• Align the services and solutions of IAM to the needs of the China firm.

Analytical/Decision Making Responsibilities:
The individual in this role must be able to understand and interpret identity and access management strategies and direction given input from other strategy and architecture groups and business leads. Further, the person must be able to bring together key aspects of Information Security to the IAM strategies and develop technical security solutions that properly align. The IAM Services Lead will direct and lead the overall direction of IAM for the China firm.

Supervision Responsibilities:
This role is a management position. As such, the individual must have experience in the area of people management and managing large teams. This individual will be empowered to handle large-scale decision making within the team. Mentoring and guiding others in their career is a key component of the firm’s culture. The candidate must have the ability and willingness to lead by example and in partnership with their team.
Knowledge and Skills Requirements:

The individual in this role must be well educated in general aspects of Information Security and Identity and Access Management, namely:

• Expert knowledge of and experience with Active Directory in large corporate environment.
• Knowledge of the Microsoft Enhanced Security Administrative Environment (ESAE) used to secure Active Directory management and administration.
• Expert knowledge of and experience with cloud identity and access management services, particularly Azure and Azure Active Directory.
• Strong knowledge of and experience with Microsoft Windows Server systems design, development, maintenance techniques and processes.
• Strong knowledge of Identity Governance and Administration (IGA) solutions, such as SailPoint Identity IQ.
• Strong knowledge of federated identity solutions such as Azure B2B, Azure direct federation, Ping Federation, Auth0, and Active Directory Federation Services (AD FS).
• Knowledge of 2-factor authentication methods, including Azure MFA.
• Knowledge of public key infrastructure (PKI), digital certificate lifecycle management, and enterprise key management services.
• Knowledge of password vault solutions, such as CyberArk.
• Excellent customer service and communication (oral / written) skills.
• Strong critical thinking and analytical skills and ability to think “out of the box”.
• Outstanding management, planning, interpersonal, communication, organizational, and decision-making skills.
• Ability to appropriately balance firm security needs with business impact and benefit.
• Consult to key customers and senior leadership on project design and development scope.

Desired skills include:

• Expert level experience in MS Active Directory Domain Services and other Directory Services.
• Cloud IAM experience – Azure AD, AWS IAM, or other cloud-native supporting solutions for IAM services.
• Knowledge of identity federation services and protocols (e.g., SAML).
• Experience with multifactor authentication (MFA) services.
• Experience with digital certificate lifecycle management and enterprise key management services, standards and protocols.
• Experience with identity, account and group lifecycle management and provisioning services.
• Experience with privileged identity management and credential management services.
• Knowledge of fine-grained, policy-based entitlement management services.
• Knowledge of contextual and risk-based access management, just-in-time access management and zero trust architectures.
• 2-3 years of software development experience is desirable.
• Knowledge and understanding of networking technologies such as LAN, WAN, TCP/IP and related protocols.

Other Requirements:
Some travel is required for this position. It is anticipated that travel will be required to participate in vendor briefings, project meetings, team meetings, and/or education and conference opportunities.
Education:
Bachelor’s or Master’s degree in Information Assurance, Computer Science, Information Systems or related field of study.

Experience:
12+ years of practical experience in the field of IT is required along with 5+ years of direct Identity and Access Management experience.

Certification Requirements:
A security industry certification is required including but not limited to CISSP, SSCP, CISM, SANS GSEC, ECSA, ECSP, and Security+. [Are there certifications used in China that would be more appropriate to list here?]

其他信息
语言要求：英语