The Office of Technology and Innovation (OTI/DoITT) oversees all Citywide technology, privacy, cybersecurity, infrastructure, and telecommunications to ensure the security of, and enhance, City operations and service delivery to New York City's residents, businesses, employees, and visitors. As the City's technology and innovation leader, OTI is responsible for operating, maintaining and securing IT infrastructure and systems that touch every aspect of City life from public safety to human services, from education to economic development crossing the full spectrum of governmental operations.

The Identity and Access Management (IAM) team seeks a highly motivated individual with the following specifications to lead the ongoing modernization of our critical IAM/PAM infrastructure. The IAM team is responsible for the design and implementation of various IAM technologies including Microsoft Active Directory, Active Directory Federation Services, Azure Active Directory and Centrify Privileged Access Management.

Responsibilities will include:
- Work with IT Infrastructure and application teams to migrate privileged accounts from legacy to enterprise systems, and local Unix to AD accounts, and clean up local UNIX accounts and disable accounts in legacy systems;
- Collaborate with other Senior Engineers, Architects and Senior Management across the organization and across customer base with respect to Identity and Access Management policies, projects and controls;
- Provide direction and leadership in solving complex IAM related issues;
- Manage escalations from staff, assist in setting priorities and risk mitigation strategies across the environment;
- Resolve local Unix UID and GID conflicts;
- Provide overnight and engineering support for PAM agents in all *NIX environments;
- Provide oversight and engineering support for PAM/IAM backend infrastructure;
- Lead development or enhancement *NIX script process for accounts migration;
- Lead development and implement procedure, runbook and documents to support the PAM/IAM services;
- Support and onboard servers and users to PAM services;
- Support in troubleshooting and resolving complex authentication, authorization and integration problems;
- Administer Windows 2012/2016/2019 server- Forest, Domain trust, AD, DFS, DNS, WINS, DHCP, Group Policy, Distribution lists, Windows folder security, and IP filter;
- Administer a hybrid multi-tenant Microsoft Azure and Office 365, Amazon Web Services and Google Cloud Platform environments;
- Administer various Identity Access management (IAM), Role Based Access Control (RBAC), and Privileged Access Management (PAM); and
- Handle special projects and initiatives as assigned.

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or,

Education and/or experience which is equivalent to "1" above.

The preferred candidate should possess the following: - 3+ years of hands on experience with Windows 2008/2012/2016 server - Forest, Domain trust, AD,DFS, DNS, WINS, DHCP, Group Policy - 1 + years of experience in working Hybrid Multi-cloud, Multi-tenant environment including Active Directory, Azure Active Directory, GCP and AWS - Basic understanding of cloud architecture on Azure, AWS and/or Google - Intermediate knowledge and experience across business, security, application, information, integration, UX and infrastructure architecture domains - Understanding of DevOps concepts and tools.

New York City Residency is not required for this position

The City of New York is an inclusive equal opportunity employer committed to recruiting and retaining a diverse workforce and providing a work environment that is free from discrimination and harassment based upon any legally protected status or protected characteristic, including but not limited to an individual's sex, race, color, ethnicity, national origin, age, religion, disability, sexual orientation, veteran status, gender identity, or pregnancy.