Job Title:  Manager Identity and Access Management

What You Need To Know

Shape a remarkable future with us. Build a career working for an industry leader that truly invests in their people – and equips them with leading technology, continuous learning, and the ability to bring their best selves to work. As the premier wine and spirits distributor, Southern Glazer’s isn't just one of Forbes’ Top Private Companies; it's a family-owned business with deep roots dating back to 1933.

The reputation of Southern Glazer’s is well-established, and it's no surprise that we are regularly recognized for our culture. Southern Glazer’s has been recognized by Newsweek as one of America’s Greatest Workplaces for Inclusion and Diversity, as well as for Women and Parents and Families. These accolades speak volumes about our commitment to creating a supportive and inclusive culture of belonging for all employees.

As a full-time employee, you can choose from a wide-ranging menu of our Top Shelf Benefits, including comprehensive medical and prescription drug coverage, dental and vision plans, tax-saving Flexible Spending Accounts, disability coverage, life insurance plans, and a 401(k) plan. We also offer tuition assistance, a wellness program, parental leave, vacation accrual, paid sick leave, and more.

By joining Southern Glazer’s, you would be part of a team that values excellence, innovation, and community. This is more than just a job – it's an opportunity to build the future of beverage distribution and grow with a company that truly cares about its people.

Overview

As the Manager, Identity & Access Management, you will lead a team of skilled IAM engineers and Analysts responsible for the design, engineering, and governance of the organization's enterprise identity platforms. This role is accountable for the full lifecycle of IAM platform delivery, from architecture and hands-on implementation to documentation, vendor management, and compliance. You will lead cloud and on-premise IAM platforms including identity governance, privileged access management, single sign-on, multi-factor authentication, and directory services, while partnering closely with a peer Manager who leads IAM Operations and Tier 1 support. You will apply engineering rigor, automation-first thinking, and a deep understanding of zero trust principles to build resilient, scalable identity platforms that protect the enterprise.

Primary Responsibilities Part I

Platform Engineering

• Lead the design, deployment, and continuous improvement of enterprise IAM platforms including Identity Governance & Administration (IGA), Privileged Access Management (PAM), Single Sign-On (SSO), Multi-Factor Authentication (MFA), Directory Services, Cloud Identity, and Customer IAM (CIAM).
• Own the full cycle of IAM platform engineering from contributing to architecture and hands-on implementation through documentation, testing, and operational handoff to the peer Operations team.
• Implement infrastructure-as-code (IaC) approaches for IAM platform provisioning and configuration using tools such as Terraform, Ansible, or CloudFormation.
• Drive platform integration strategies to reduce identity sprawl, automate joiner/mover/leaver workflows, and improve enterprise-wide access visibility.
• Lead platform upgrades, migrations, and automation initiatives; develop runbooks and standards that the peer Operations team executes against.

IAM Governance & Compliance

• Own the engineering execution of access certification, role engineering, and segregation of duties (SoD) controls across the enterprise.
• Ensure IAM platform configurations satisfy audit and compliance requirements under SOX, HIPAA, PCI-DSS, SOC 2, NIST, and applicable regulatory frameworks.
• Lead regular assessments of IAM environments using monitoring and logging tools to identify risks, gaps, and improvement opportunities.
• Support remediation of IAM audit findings in coordination with the peer Operations Manager and Compliance teams.
• Enforce least-privilege and need-to-know principles through engineering controls and automated provisioning workflows rather than manual processes.

Team Leadership & Development

• Lead and develop a team of IAM engineers and technical analysts, providing coaching, performance feedback, and career development support.
• Foster a culture of automation-first thinking, engineering excellence, and continuous improvement within the team.
• Manage workload distribution, sprint planning, and delivery prioritization; ensure the team meets its commitments reliably.
• Partner with HR and talent acquisition to recruit, onboard, and retain IAM engineering talent.
• Provide guidance and mentorship across the broader IAM organization, including knowledge transfer to the peer Operations team.

Primary Responsibilities Part II

Cross-Functional Collaboration & Stakeholder Engagement

• Collaborate closely with the peer Manager, IAM Operations to ensure seamless handoffs, clear escalation paths, and consistent service delivery across the two-team model.
• Partner with cybersecurity, enterprise architecture, software development, DevSecOps, and infrastructure teams to integrate IAM services across the enterprise.
• Support CI/CD pipeline integration for identity-related services and contribute to DevSecOps practices across the engineering organization.
• Communicate platform health, roadmap progress, and technical risks clearly to the Sr. Director of IAM and non-technical stakeholders.
• Represent IAM Engineering in enterprise change advisory, architecture review, and security governance forums.

Vendor & Technology Management

• Manage day-to-day vendor relationships for IAM platforms including escalations, product roadmap engagement, and license management.
• Evaluate new IAM technologies and tools to enhance capabilities, drive innovation, and keep pace with industry trends including advances in zero trust, cloud identity, and AI-assisted access governance.
• Ensure vendor SLAs are operationally meaningful and translate into measurable outcomes in coordination with the peer Operations Manager.

Incident Response & Operational Support

• When needed, lead Tier 3 incident response and troubleshooting for complex IAM platform issues escalated from the peer Operations team.
• Maintain and test disaster recovery and business continuity plans for IAM platforms.
• Ensure on-call readiness for platform-level issues within the engineering team.

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience.
• 7+ years of progressive experience in IAM or cybersecurity, with at least 2-3 years in a people management or team lead capacity.
• Hands-on experience with two or more enterprise IAM platforms (IGA, PAM, SSO/MFA, cloud identity, or directory services) such as Saviynt, CyberArk, Okta, Azure AD / Entra ID, or equivalent.
• Experience implementing IAM platforms using infrastructure-as-code tools such as Terraform, Ansible, or CloudFormation.
• Strong working knowledge of identity protocols and standards including SAML, OAuth 2.0, OIDC, SCIM, and LDAP.
• Understanding of zero trust architecture principles and identity-centric security models.
• Working knowledge of IAM compliance requirements under SOX, HIPAA, SOC 2, PCI-DSS, NIST, or similar frameworks.
• Experience with monitoring and logging tools (e.g., Splunk, Prometheus, Grafana, or cloud-native equivalents) for IAM environment visibility.
• Strong scripting skills in Python, PowerShell, or Bash for IAM automation and integration.
• Excellent problem-solving skills and ability to work effectively in a fast-paced, collaborative environment.
• Strong communication skills with the ability to convey complex IAM concepts to non-technical stakeholders.
• Ability to lead and drive collaboration with cybersecurity, software development, DevSecOps, infrastructure, and IT operations teams.
• Delivers results
• Strong attention to detail.

Minimum Qualifications

• Relevant certifications: CISSP, CISM, CIAM, Saviynt Engineer/Architect, CyberArk Defender/Guardian, Microsoft Certified: Identity and Access Administrator, or equivalent.
• Familiarity with containerization and orchestration tools (Docker, Kubernetes) in the context of identity workloads.
• Experience leading IAM workstreams in M&A integration, divestiture, or large-scale cloud migration programs.
• Exposure to Agile or DevSecOps delivery models for platform engineering work.

Physical Demands

• Physical demands include a considerable amount of time sitting and typing/keyboarding, using a computer (e.g., keyboard, mouse, and monitor), or adding machine
• Physical demands with activity or condition may include walking, bending, reaching, standing, squatting, and stooping
• May require occasional lifting/lowering, pushing, carrying, or pulling up to 20lbs

EEO Statement

Southern Glazer's Wine and Spirits, an Affirmative Action/EEO employer, prohibits discrimination and harassment of any type and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. SGWS complies with all federal, state and local laws concerning consideration of a qualified applicant's arrest and/or criminal conviction records. Southern Glazer's Wine and Spirits provides competitive compensation based on estimated performance level consistent with the past relevant experience, knowledge, skills, abilities and education of employees. Unless otherwise expressly stated, any pay ranges posted here are estimates from outside of Southern Glazer's Wine and Spirits and do not reflect Southern Glazer's pay bands or ranges.

If you have any questions or concerns about whether this posting complies/adheres with local pay transparency requirements, please contact the SGWS talent acquisition team at NationalTA@sgws.com