Role Summary/Purpose:
The Assistant Vice President (AVP) of Enterprise Authentication & Directory Services is a high impact, technical executive responsible for the global architecture, engineering, and lifecycle management of the enterprise identity fabric at Synchrony. This leader will drive the strategic modernization of traditional, on-premises Active Directory (AD) environments into cloud-first, unified identity platforms centered on Microsoft Entra ID. The ideal candidate combines deep engineering expertise in directory infrastructure with advanced technical project management frameworks to execute secure, complex enterprise identity migrations on time and within scope.
CORE RESPONSIBILITIES
1. Identity Strategy & Modernization (Active Directory to Entra ID)
On-Premises Deprecation: Lead the multi-year modernization and migration roadmap and transition strategy away from legacy Active Directory Domain Services (AD DS) toward cloud native Microsoft Entra ID.
Hybrid Architecture Design: Define architectural standards for a cohesive, resilient hybrid identity plane utilizing Azure AD Connect / Entra Cloud Sync while systematically reducing on-premises footprint.
Database & App Integration: Govern authentication frameworks for enterprise systems (e.g., MySQL, Oracle), ensuring secure schema optimization, seamless Entra ID App Registrations, and modern protocol connectivity.
2. Enterprise Technical Project Management
Migration Delivery: Apply rigorous technical project management methodologies (Agile, Scrum, or Waterfall) to manage cross functional directory modernization pipelines.
Resource & Milestone Tracking: Own the program budget, statement of work (SOW) validations, risk registers, and critical path scheduling for complex, multi-phased IAM rollouts.
Change Management: Partner with Synchrony corporate change management teams to minimize business friction during global authentication updates, application cutovers, and user migrations.
3. Advanced Entra ID Architecture & Lifecycle Management
Entra ID Governance: Overseeing Access Reviews, Entra Lifecycle Workflows (for automated joiner-mover-leaver processes), and Privileged Identity Management (PIM) to enforce just-in-time, least-privilege administrative access.
Hybrid Synchronization & Decommissioning: Managing the transition from legacy Azure AD Connect to Entra Cloud Sync agent architectures, alongside systematically phasing out on-premises Active Directory Domain Services (AD DS).
Entra ID App Registrations & Enterprise Apps: Governing the modernization of legacy application authentication by moving from local LDAP/Kerberos binds to modern Entra service principals, managed identities, and OAuth/OIDC permissions.
4. Next-Generation Security & Access Control
Entra Conditional Access: Designing complex, contextual security boundary policies (incorporating user risk, sign-in risk, device compliance, and trusted locations).
Entra ID Protection: Tuning machine-learning risk engines to detect, block, or force self-service password resets for compromised credentials or anomalous user behavior.
Entra Verified ID: Strategizing long-term digital identity initiatives using decentralized identities and verifiable credentials for secure, B2B, or partner authentication.
5. Network & Infrastructure Security (Zero Trust Security Edge)
Entra Private Access: Overseeing the replacement of traditional corporate VPNs by routing traffic to internal hybrid environments (like your MySQL servers) securely via a Zero Trust network access (ZTNA) model.
Entra Internet Access: Deploying Secure Web Gateway (SWG) policies to protect users from malicious web traffic while monitoring cloud application access.
Entra External ID: Architecting multi-tenant collaborations, B2B guest user lifecycles, and consumer-facing authentication flows.
6. Engineering & Operations Leadership
Team Leadership: Recruit, mentor, and lead a high-performing team of identity engineers, directory architects, and technical project managers.
Platform Availability: Ensure 99.99% availability of global directory infrastructure, establishing robust Entra Connect health monitors, disaster recovery, and automated failover pipelines.
REQUIRED TECHNICAL SKILLS & QUALIFICATIONS
Technical Proficiencies
Microsoft Identity Ecosystem: Mastery of Microsoft Active Directory (AD), Microsoft Entra ID (Azure AD), Azure AD Connect, Entra ID Governance, and Entra ID Protection.
Directory Management: Strong foundational knowledge of Group Policy Objects (GPOs), Active Directory trust relationships, and domain consolidation strategies.
Authentication & Protocols: Deep knowledge of LDAP, Kerberos, NTLM decommissioning, SAML 2.0, OIDC, OAuth, and modern API-driven identity patterns.
PAM & Vaulting: Hands-on governance of Privileged Access Management platforms, specifically Delinea or equivalent secrets vaults.
Project & Program Management Competencies
Framework Proficiency: Proven experience utilizing Jira, Microsoft Project, or equivalent software development lifecycle (SDLC) tracking tools to manage massive infrastructure dependencies.
Stakeholder Delivery: Demonstrated ability to present technical migration roadmaps, risk-remediation logs, and executive steering committee KPIs clearly to C-level leadership.
Professional Experience
7+ Years of progressive engineering and architectural experience in traditional, on-premises Microsoft Active Directory Domain Services (AD DS), including domain consolidation, GPO management, and legacy authentication protocols (LDAP, Kerberos, NTLM decommissioning).
7+ Years of deep architectural and deployment experience with Microsoft Entra ID (formerly Azure Active Directory), managing cloud-native identity planes, complex tenant migrations, and hybrid synchronization environments (Azure AD Connect / Entra Cloud Sync).
5+ Years managing cross-functional infrastructure engineering, cybersecurity, and technical project management teams.
Proven Track Record of successfully executing multi-million-dollar Active Directory modernization programs, migrating legacy application stores to Entra ID, and implementing Privileged Access Management (PAM) vaulting solutions like Delinea
Education & Certifications
Bachelor’s or Master’s degree in Computer Science, Information Security, Technical Project Management, or a related discipline.
Optional Certifications: Microsoft Certified: Identity and Access Administrator Associate (SC-300) OR Microsoft Certified: Enterprise Administrator Expert.
Preferred Certifications: Project Management Professional (PMP), Agile Certified Practitioner (PMI-ACP), Certified ScrumMaster (CSM), or CISSP.
Grade/Level: 11
The salary range for this position is 115,000.00 - 200,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Our Way of Working:
We’re proud to offer you flexibility. At Synchrony, our way of working allows you to have the option to work from home near one of our Hubs or come into one of our offices. You will be required to commute to your nearest Hub (either virtual or physical) for in-person engagement activities such as regular business or team meetings, training and culture events.
*Field Sales and some Commercial team roles may have varied location requirements based upon partner obligations or preferences.
Eligibility Requirements:
You must be 18 years or older
You must have a high school diploma or equivalent
You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months’ time in position before they can post for future non-exempt roles. Employees, level 8 or greater, must have at least 18 months’ time in position before they can post. All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don’t meet the time in position or performance expectations).
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Our Commitment:
When you join us, you’ll be part of an inclusive culture where your individual skills, experience, and voice are not only heard – but valued. Together, we’re building a future where we can all belong, connect, and turn ideals into action. More than 50% of our workforce is engaged in our Employee Resource Groups (ERGs), where community and passion intersect to offer a safe space to learn and grow.
This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status. We’re proud to have an award-winning culture for all.
Reasonable Accommodation Notice:
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627. Representatives are available from 8am – 5pm Monday to Friday, Central Standard Time
Job Family Group:
Information TechnologySkills Required
- 7+ years engineering and architectural experience with Microsoft Active Directory Domain Services (AD DS)
- 7+ years architectural and deployment experience with Microsoft Entra ID (Azure AD) and tenant migrations
- 5+ years managing cross-functional infrastructure, cybersecurity, and technical project management teams
- Mastery of Microsoft Active Directory, Microsoft Entra ID, Azure AD Connect, and Entra Cloud Sync
- Deep knowledge of authentication protocols: LDAP, Kerberos, NTLM decommissioning, SAML 2.0, OIDC, OAuth
- Experience with Privileged Access Management and secrets vaulting (Delinea or equivalent)
- Experience integrating enterprise systems and databases (MySQL, Oracle) with modern identity frameworks and app registrations
- Strong knowledge of Group Policy Objects (GPOs), AD trust relationships, and domain consolidation strategies
- Proven experience using Jira, Microsoft Project, or equivalent tools for large infrastructure program tracking
- Bachelor's or Master's degree in Computer Science, Information Security, Technical Project Management, or related discipline
- Ability and willingness to submit to drug test, background investigation, and fingerprinting as part of onboarding
- Legal authorization to work in the U.S.; employer will not sponsor visas
- Microsoft Certified: Identity and Access Administrator Associate (SC-300) or Microsoft Certified: Enterprise Administrator Expert
- Preferred certifications: PMP, PMI-ACP, CSM, or CISSP
Synchrony Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Synchrony and has not been reviewed or approved by Synchrony.
-
Parental & Family Support — Parental leave is described as extensive, with long paid leave for birthing parents and additional paid leave for all new parents. Backup childcare and eldercare options provide practical support for caregiving needs.
-
Wellbeing & Lifestyle Benefits — Well-being offerings are broad, spanning integrated wellness tools, dedicated well-being coaches, and an enhanced assistance program. Reimbursements for activities like fitness apps, swimming lessons, art classes, and meditation, along with pet telehealth and adult orthodontia, reinforce lifestyle support.
-
Fair & Transparent Compensation — Pay practices emphasize pay equity across gender and race and a high wage floor for U.S. hourly roles. These signals aim to underpin fairness in base compensation across the organization.
Synchrony Insights
What We Do
At Synchrony (NYSE: SYF), we’re changing what’s possible for people and businesses every single day. From offering financing options to creating innovative tech, we help make shopping go smoothly across a variety of industries, like retail, auto, travel and home. Synchrony is one of the largest issuers of store credit cards in the United States. We help consumers pay over time for important expenses, issue co-branded cards for small- and medium-sized business credit products, as well as offer consumer savings products through Synchrony Bank. So, how can we change what’s possible for you?
