WIAM Manager

Ally and Your Career

Ally Financial only succeeds when its people do - and that’s more than some cliche people put on job postings. We live this stuff! We see our people as, well, people - with interests, families, friends, dreams and causes that are all important to them. Our focus is on the health and safety of our teammates as well as work-life balance and diversity and inclusion. From generous benefits to a variety of employee resource groups, we strive to build paths that encourage employees to stretch themselves professionally. We want to help you grow, develop, and learn new things. You’re constantly evolving, so shouldn’t your opportunities be, too?

The Opportunity

Ally Financial is looking for Cybersecurity Engineering Manager/Lead for Workforce Identity and Access Management (WIAM). The Workforce IAM Manager/Lead will run enterprise-wide projects using experience and domain expertise to address IAM and cybersecurity challenges. The ideal candidate(s) will be relentlessly passionate about security, innovation and automation. The manager will be responsible for the designing and engineering and oversight of Ally's Workforce Identity and Access Management platform including Okta, SailPoint, CA/Layer 7 Privileged Access Management, Single Sign-On, and integration with Active Directory, AWS and Azure/O365.

The ideal candidate is highly skilled at collaborating with global, multi-functional teams, and leading technology discussions and decisions. The WIAM Manager will primarily work on projects but also serve as a critical issue point for L1 and L2 support teams when needed. This individual will serve as a key resource on large projects, working directly with project managers, enterprise and operations teams as well as leadership to implement IAM technology solutions for Ally. This role requires substantial interaction with other Ally support and development teams, therefore good interpersonal and communication skills are required as well as a desire for delivering great customer service.

The Work Itself

• The WIAM Manager is responsible for the design and engineering of the identity and access security architecture.
• Serve as a subject matter expert (SME) in two or more security technologies within the identity and access management subject area.
• Under direction from the Director and in line with stated strategic objectives, this person will conduct industry research, explore the products available on the market to meet the requirements, OR devise a plan to build a solution internally.
• Assist management in creating business cases to obtain project funding.
• Work with project managers and other project resources to successfully implement projects on time and on budget.
• Responsible for ongoing incremental engineering architecting required to continuously achieve the best coverage and operation of the technology, and as the SME, will assist in fixing system degradations and outages if required.
• Act as a domain specialist for authentication, authorization and provisioning services across Ally Financial, including Okta, Active Directory, SailPoint, IdentityIQ, SSO/MFA, auto-provisioning, or related complex infrastructures.
• Responsible for Engineering Architecting IAM solutions, working closely with architects, vendors and business managers to interpret and apply business requirements and IAM designs to solution development.
• Installation, configuration and integration of automated workflows as defined.
• Integrates IAM Platform with in-house and third-party applications for birthright provisioning, request approval and fulfillment, de-provisioning, custom workflows etc.
• Performs IAM technical support and development, including supervising and responding to server events, ensuring data replication, gathering IAM statistics, and performing general maintenance by working with Level 2 and/or Level 3 operations personnel.
• Perform the configuration, automation, orchestration, and management of Workforce IAM systems across the enterprise.
• Develop technical IAM solutions, engaging during the lifecycle of solutions delivery, service owners, architects, project managers, global infrastructure teams, regional IT teams and key IAM product vendors.
• Participate in security and application troubleshooting and incident problem resolutions with other infrastructure teams, including storage, messaging, server, and network.
• Participate in capacity planning, performance monitoring, and maintenance to ensure high availability
• Provide Engineering Architecting support for sophisticated and recurring incidents related to IAM platforms and perform root causes analysis in accordance with Ally policies and standards.
• Lead and/or execute of daily, weekly and monthly support activities to maintain the overall global IAM environment, in coordination with IAM Sustain teams, IT operations and Middleware teams.
• Lead quality control and quality assurance activities, such as developing and executing test plans / scripts and resolving deviations or exceptions, for newly developed and/or enhanced IAM solutions
• Find opportunities and outline action plans to improve how existing IAM solutions are implemented
• Assist in configuring remediation of security risks and exposures by developing automated security reviews, evaluations, and risk assessments as vital
• Participate in activities to ensure that IAM systems are aligned with Ally policies and standards

The Skills You Bring

• Minimum of 5 years of hands-on experience with IAM technologies, information security specific
• Bachelor's degree in information systems or an equivalent combination of education and experience
• Demonstrated experience with Okta implementation including access gateway, reverse proxy, policy configuration, supporting and implementing MFA and risk based adaptive MFA, IAM policies and network zones is required.
• Programming, scripting and automation experience; Java and PowerShell, preferred.
• Experience engineering and integrating applications using Okta federated solutions including out of the box (OOTB) connectors, SAML, OAuth, OIDC, as well as hands-on development experience utilizing Java, Okta APIs, SCIM, and custom connectors.
• Understanding of database structures, networking, VPNs, and firewalls is required.
• Understanding of Active Directory, Azure AD, ADFS, LDAP directories, OU structures, schemas, and updating schemas and attributes.
• Required to be familiar with IAM frameworks and have a deep understanding of identity management, assurance, authentication, access, and authorization entitlements. IAM integration experience with AWS, AzureAD, O365, Palo Alto, Proofpoint, CrowdStrike, Netskope, and network and firewall devices.
• Solid understanding of security standard methodologies, both theory and practical implementation
• Understanding of networking concepts, TCP/IP and systems architecture
• Unix administration background required
• Excellent problem-solving and troubleshooting skills with a good attention to detail.
• Single sign-on SSO and federated authentication systems such as ADFS, AD Connect, Azure ADF
• Experience with SAML / OAuth / OpenID Connect (OIDC), OpenID (OID)
• Highly motivated and self-motivated, capable of working with little instruction to resolve demanding tasks, as well as work with internal teams
• Excellent oral and written communications skills.
• A strong customer/client focus with ability to manage expectations appropriately and build long-term relationships.
• Effectively works as part of a technical team on projects and resolving incidents.
• Experience gathering and facilitating the development of business and system requirements
• Ability to learn and use business productivity and management software, including Jira.
• Must be willing to work after-hours and weekends when technical issues arise which require immediate resolution.

Preferred Experience:

• Microsoft Active Directory administration background is a strong plus
• CISSP or CISM preferred
• Understanding Agile methodology
• Knowledge of Role Based Access Controls (RBAC)
• Solid understanding of current cybersecurity threats and techniques
• Ability to document security governance processes and procedures in team runbook or playbook.
• Ability to perform data analysis using standard office productivity software
• IDaaS, Cloud Solutions, Okta, AWS, Cloud IAM
• Identity governance solutions, especially SailPoint IdentityIQ
• RHEL and CentOS, Windows Server 2012 R2, 2016 R2, MSSQL 2012+ and Oracle
• Privileged Identity Management (PIM), CA/Layer 7 Privileged Access Management (PAM) and API Gateway
• Multi-Factor Authentication, Multi-factor authentication solutions, including Okta and MS Authenticator
• Experience managing and securing machine to machine, service account, and application run-time account access.
• Application integration and onboarding
• Robotic Process Automation (RPA)

How We’ll Have Your Back

Ally's compensation program offers market-competitive base pay and pay-for-performance incentives (bonuses) based on achieving personal and company goals. But Ally’s total compensation – or total rewards – extends beyond your paycheck and is designed to support and enrich your personal and professional life, including:

• Time Away: competitive holiday and flexible paid-time-off, including time off for volunteering and voting.
• Planning for the Future: plan for the near and long term with an industry-leading 401K retirement savings plan with matching and company contributions, student loan and 529 educational assistance programs, tuition reimbursement, and other financial well-being programs.
• Supporting your Health & Well-being: flexible health and insurance options including dental and vision, pre-tax Health Savings Account with employer contributions and a total well-being program that helps you and your family stay on track physically, socially, emotionally and financially.
• Building a Family: adoption, surrogacy, and fertility support as well as parental and caregiver leave, back-up child and adult/elder day care program and child care discounts.
• Work-Life Integration: other benefits including LifeMatters® Employee Assistance Program, subsidized and discounted Weight Watchers® program and other employee discount programs.

Who We Are

Ally Financial is a customer-centric, leading digital financial services company with passionate customer service and innovative financial solutions. We are relentlessly focused on "Doing it Right" and being a trusted financial-services provider to our consumer, commercial, and corporate customers. For more information, visit www.ally.com.

Ally is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law.

We are committed to working with and providing reasonable accommodation to applicants with physical or mental disabilities. For accommodation requests, email us at work@ally.com. Ally will not discriminate against any qualified individual who is capable of performing the essential functions of the job with or without reasonable accommodation.