Essential Job Functions:
- Own enterprise IAM control effectiveness, ensuring identity governance, certification, and access controls are enforced, measurable, and audit-ready.
- Lead and govern DOJ Data Security Program (DSP) IAM controls, including definition, implementation, and validation of access restrictions.
- Drive and mature access certification programs (campaign strategy, execution oversight, reviewer accountability, exception governance, remediation enforcement).
- Own role-based access control (RBAC) strategy and execution (role engineering, role lifecycle management, least-privilege alignment).
- Establish and enforce standardized access models and certification scope across enterprise and cloud applications.
- Oversee identity lifecycle management (joiner, mover, leaver) with timely, accurate provisioning aligned to authoritative sources and governance.
- Lead IAM operations: access request fulfillment, incident/problem management, and operational issue resolution.
- Act as service owner for IAM platforms (availability, performance, control enforcement, continuous improvement).
- Manage IAM managed service providers/vendors (SLAs/KPIs, monitoring, delivery accountability).
- Drive onboarding of applications into IAM platforms (RBAC alignment, certification inclusion, governance standardization).
- Ensure IAM processes support audit/compliance/regulatory readiness (including GxP and 21 CFR Part 11).
- Partner with Security, Architecture, and business stakeholders to evolve IAM control frameworks.
- Implement IAM improvements to enhance control maturity, efficiency, and scalability.
Required Skills & Job Qualifications:
- Bachelorβs degree plus 6+ years IT and/or Information Security experience.
- Experience owning IAM governance/control (certification and RBAC) at enterprise scale.
- Hands-on IAM platform experience: SailPoint IdentityIQ/Identity Security Cloud or Saviynt.
- Deep experience with access certification, RBAC design, and identity lifecycle governance.
- Regulatory-driven IAM controls knowledge: DOJ DSP, GxP, 21 CFR Part 11.
- Experience leading IAM operations/service delivery in complex hybrid environments.
- Working knowledge of directory services (Active Directory, LDAP) and application integration patterns.
Preferred Skills:
- Pharmaceutical/biotech/life sciences experience.
- Familiarity with ABAC and modern IAM architectures.
- Experience supporting regulatory audits and control validation.
- Broad knowledge of enterprise IT, cloud platforms, and application architectures.
Application Instructions:
- For current Gilead employees and contractors: apply via the Internal Career Opportunities portal in Workday.