IAM Systems Manager

Come join us at Con Edison as an IAM Systems Manager where you will play a pivotal role in shaping the future of our enterprise security. You will lead the design, implementation, and governance of our Identity and Access Management (IAM) systems. This role bridges the gap between legacy identity architectures and the autonomous, agent-driven future.

As the IAM Systems Manager, you will not only oversee traditional identity lifecycle and governance but also spearhead our Cloud Identity strategy and secure Agentic/Non-Human Identities (NHI) across our evolving AI and automation ecosystems. You will partner with business customers, security engineering, and cloud operations to ensure that all human, cloud, and machine identities are authenticated, properly authorized, and governed in real-time.

• Lead the implementation, administration, and continuous optimization of Identity and Access Management (IAM) and Privileged Access Management (PAM) services.
• Direct cloud IAM strategies across public cloud environments (AWS, Azure, GCP), encompassing Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), Service Control Policies (SCPs), and permissions boundaries.
• Manage access, permissions, and identity stores, implementing automated solutions to streamline just-in-time access and session management.
• Ensure systems maintain audit and privacy compliance with regulatory requirements (e.g., NERC CIP, SOX) by providing robust access reporting, entitlement mapping, and certification.
• Manager Tier 0 application portfolio that include PAM, Active directory and DNS
• Design and implement robust security controls for agentic and non-human identities (service accounts, machine/workload identities, API keys, and AI agents).
• Establish unique non-human identities for AI agents, enforcing delegation instead of credential sharing, and applying dynamic, least-privilege authorization.
• Define and enforce security boundaries and containment strategies for AI agents and automated workflows to reduce excessive privilege exposure and limit blast radius.
• Perform credential and secrets scanning across AI environments to detect exposed credentials, utilizing tools like Secrets Manager, CIEM, and CSPM.
• Implement runtime identity controls where access decisions for AI agents are evaluated continuously at the moment of action.
• Manage and lead a team overseeing vendor relationships, technical interfaces, and system functionality between IAM platforms and business applications.
• Partner closely with IAM engineering, AI technical leads, and enterprise architecture teams to align enterprise identity controls with emerging AI security initiatives.
• Track investigation progress and access metrics, presenting complex analyses in clear, understandable terms to audiences at all levels via dashboards (e.g., Power BI).

• Bachelor's Degree and 8 years of relevant experience or
• Master's Degree and 6 years of relevant experience.

• Master's Degree in Computer Science, Information Systems, Cybersecurity, or a related field and 6 years of relevant experience.

• 6+ years of experience in enterprise Identity and Access Management (IAM/IGA), Privileged Access Management (PAM), and identity governance, required.
• Deep understanding of cloud-native identity controls, particularly AWS IAM, Azure AD, federated identities (SAML, OAuth, OIDC), and Secrets Manager, required.
• Proven hands-on experience securing non-human identities (NHIs), service accounts, and workload identities. Exposure to AI security, agentic identity concepts, and privilege escalation risks, required.
• Proficiency with infrastructure-as-code and scripting (Terraform, GitHub, Python, PowerShell) to automate cloud infrastructure and identity configurations, required.
• Ability to clearly articulate technical issues and concepts to business users, stakeholders, and vendors, working as a proactive member of a cross-functional team, required.

• Demonstrated problem solving skills
• Ability to lead/manage others
• Demonstrates a high commitment to quality
• Ability to build strong customer relationships

• Driver's License Required

• The selected candidate will be assigned a System Emergency Assignment (i.e., an emergency response role) and will be expected to work non-business hours during emergencies, which may include nights, weekends, and holidays.

Mission Statement:

Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.

Benefits:

We are dedicated to supporting the physical, mental, and financial health of our employees and their families. This commitment extends beyond the workplace to foster personal growth and holistic wellbeing. Our life-changing rewards package includes:

• Rich medical & pharmacy benefits, including vision benefits
• Dental benefits
• Health Savings Accounts
• Health Care and Dependent Care Flexible Spending Accounts
• 401(k) with robust matching
• Employer paid Pension Plan
• Employee Stock Purchase Plan with a generous matching contribution
• State of the art Employee Assistance Program
• Paid Parental Leave
• Generous paid time off plus paid holidays
• Family support: emergency backup child, & elder care assistance
• Social responsibility and volunteer opportunities
• Employee discount program
• Commuter Benefits
• Culture of growth and learning: career development; tuition reimbursement; recognition program
• Life and Long-Term Disability Benefits

*Please be aware that some benefits may not apply to provisional or part-time job titles.

EEO Statement:

Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.

Technical Difficulty Statement:

For technical issues, please contact us at [email protected]