Identity and Access Management Consultant

Who We Are: Collective Insights is a group of experienced consultants who looked around and decided to create a different kind of partnership for the modern enterprise: one focused on increasing the business value of tailored transformation and technology solutions.  We are rooted in three guiding principles:

• Transform Clients
• Nurture Careers
• Uplift Communities

What Makes Us Unique: At CI our core values are not just a set of words on a wall; they are uniquely woven into the fabric of who we are as a company. 

• We Have Compassion: We respect each other and are free from bias of any kind in how we approach our work. We show esteem and honor for one another and the clients we serve.
• We Have Integrity: We are truthful, honest, and open in our actions and relationships, and perform our work with a high ethical standard.
• We Are Responsible: We are focused on growth the right way while fulfilling our obligations to each other and our clients.
• We Are Trusting: We have confidence in one another to do what we have committed to do. We always assume positive intent.

Don’t just take our word for it, hear it directly from our people:

“I was drawn to CI by its amazing company culture and people. From the very beginning, I was inspired by the collaborative and supportive environment that CI fosters. CI’s commitment to innovation and continuous improvement resonated with my personal values and career aspirations. Additionally, surrounding myself with such talented and passionate individuals has pushed me to grow more than I ever thought possible during my last two years at CI!”

Ruth Fitzgerald, Consultant

Job Description: As an Identity and Access Management Consultant, you will build and integrate identity solutions across Identity & Access Management, Identity Governance & Administration, Privileged Access Management and machine identity/secrets. You will configure platforms, engineer policies and connectors, automate deployments (IaC/CI‑CD), and validate end‑to‑end flows with high quality and documentation. Primary platforms include Microsoft Entra ID & Entra ID Governance (primary), Okta, Ping, SiteMinder/OAM, SailPoint/Saviynt, CyberArk/BeyondTrust/Delinea EPM, and Azure Key Vault / Entra workload identity federation.

What You Will Be Doing: 

• Solution Design: Configure OIDC/SAML apps, Conditional Access, device trust, FIDO2/Passkeys, step‑up auth; implement lifecycle workflows (joiner/mover/leaver), access packages, access reviews, SCIM connectors; onboard privileged accounts/secrets, session recording, JIT elevation, endpoint privilege controls; implement Key Vault/managed identity, AKS federation, certificate enrollment/renewal, and secret rotation automation.

• Client Engagement: Translate architecture into build tasks and acceptance criteria; communicate trade‑offs and impacts in clear, actionable terms.

• Implementation: Automate with Terraform/Bicep, PowerShell/Python, and CI/CD (Azure DevOps/GitHub Actions); enforce policy‑as‑code, testing (unit/integration), linting, and code reviews; execute cutovers, blue‑green/rollback, and performance tuning.

• Compliance & Risk Management: Implement controls that satisfy regulatory and security requirements (e.g., NIST 800‑63, ISO 27001, HIPAA/HITRUST, PCI‑DSS, SOX, FedRAMP, NYDFS 500). Ensure privileged access, secrets, and logs meet auditability and SoD expectations.

• Technical Leadership: Demonstrate technical depth, mentor other resources, and contribute scripts, modules, and how‑tos; participate in design and threat‑model reviews.

• Documentation & Reporting: Maintain as‑built docs, config baselines, runbooks, and knowledge transfer materials; provide status, risk/issue tracking, and metrics (e.g., MFA coverage, JML SLAs, privileged onboarding).

• Continuous Improvement: Instrument monitoring/alerting (Log Analytics/KQL), validate DR/backups, and tune policies for usability and security; contribute accelerators that reduce delivery time/cost.

• Practice Development: Support demonstrations, POCs, and SoW inputs (effort estimates, assumptions, dependencies).

What You Bring:

• Experience: 2–5+ years implementing IAM across at least two areas (SSO/MFA, IGA, PAM/EPM, machine identity), including scripting and CI/CD.

• Education: Bachelor’s in Computer Science, Information Security, or related field—or equivalent practical experience.

• Technical Expertise: Hands‑on with Entra ID (Conditional Access, PIM, B2B/B2C/External ID), Okta/Ping; SailPoint or Saviynt; CyberArk/BeyondTrust/Delinea EPM; Azure Key Vault, managed identity, AKS federation; APIs/Graph; Terraform/Bicep; PowerShell/Python; CI/CD with Azure DevOps/GitHub Actions; observability (KQL/Log Analytics). Development of scripts using tools like powershell/python/javascript/Logic Apps/Power Automate/Flow/Automation Accounts utilizing APIs including Graph API/Rest/SOAP/XML.
• Solution Design and Implementation Experience: Ability to translate architecture into secure, testable designs with clear acceptance criteria and rollback plans. Track record of integrating HRIS/AD/LDAP/SaaS, migrating legacy WAM, and delivering high‑quality builds with automated testing and code review discipline.

• Problem-Solving & Communication: Strong debugging, performance tuning, and root‑cause analysis; bias for automation and simplification. Concise documentation and status reporting; ability to explain technical decisions to mixed audiences.

• Industry Knowledge: Appreciation of regulated‑industry expectations and common audit asks for identity controls and evidence.
• Client-Facing Skills: Comfortable leading working sessions, Knowledge Transfer, and UAT support; proactive in surfacing risks/assumptions.

• Demonstrated Passion: Contributions to scripts/modules, community forums, or knowledge sharing; stays current on passkeys, tenant isolation, and identity threat defenses.

• Certifications (highly desirable): Microsoft SC‑300, AZ‑500; Okta, Ping, SailPoint, Saviynt; CyberArk Defender/Sentry; BeyondTrust/Delinea; HashiCorp Terraform Associate; AZ‑104.

Additional Requirements: Availability for periodic client travel and professional engagements. Commitment to continuous learning and keeping pace with evolving identity platforms, patterns, and threats.

 **Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future.

Join us:
Become a key part of our team and help clients modernize identity, reduce risk, and accelerate transformation with confidence.

Our Company is committed to the principles of equal employment. We are committed to complying with all federal, state, and local laws providing equal employment opportunities, and all other employment laws and regulations. It is our intent to maintain a work environment which is free of harassment, discrimination, or retaliation because of sex, gender, race, religion, color, national origin, physical or mental disability, genetic information, marital status, age, sexual orientation, gender identity, military service, veteran status, or any other status protected by federal, state, or local laws. The Company is dedicated to the fulfillment of this policy in regard to all aspects of employment, including but not limited to recruiting, hiring, placement, transfer, training, promotion, rates of pay, and other compensation, termination, and all other terms, conditions, and privileges of employment.