Who we are

Creative Artists Agency (CAA) is the world’s leading entertainment and sports agency, with offices in Los Angeles, New York, Nashville,Londonand Beijing. Founded in 1975, CAArepresentsmany of the most successful professionals working in film, television, music, theatre, video games, sport, and digital content, andprovidesa range of strategic marketing and consulting services to corporate clients.

The Role

This is a hands-on security position working within the Information Security group and with the internal IT department at large.We are looking for candidates whohave apassionforcyber security,identitymanagementandthreatresponse. Youwill provide domainexpertiseto design and develop the capabilities of the identity and access management platform and the automation of application deployment pipelines to the platform. As a key leader in our security organization, the Cybersecurity Architect will drive the development of secure design principles, reference architectures, and security standards across a modern, SaaS-enabledand cloud-first ecosystem. This includes securing complex identity flows, third-party integrations, APIs, and distributed systems while addressing the shared responsibility modelinherentacross SaaS andinternallydeveloped line of businessplatforms.In this role, you will be an essential partner and technical specialist for identity and access platform development and provide thought leadership onenterprisesecurity and architectureacrossidentity access and governanceYouwill be a key part of ourefforts toenablethebusinessneedsinahighly collaborative organization The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud servicesalong withthe challenges of integrating those services into our security practice.

Responsibilities

• Maintain architectural diagrams and workflows of the identity access management platform

• Provide design, evaluation, analysis, of identity and access management programs to support the company’s strategy

• Develop standardsand guidelinesfor access management across the company and department

• Understanduser lifecyclemanagement;including provisioning/de-provisioning, access requests, userentitlementsand audit & validations

• Collaborate with HRIS, IT service owners, servicedeskand end-userstogather feedbackanddesign solutions withidentity related workflows

• Presentondesign & vision that meets user and business needs

• Design overall structure for newand existing cloud andon-premiseapplications into the identity access management platform

• Createidentity governance workflows with the concepts of attestation and auditing.

• Ensure systems are scalable,maintainableand meet business needs

• Create documentation to support architectural decisions and workflows

• Reviewidentity workflows and processes for lifecycle management, auditing, reporting,governanceand self-service

• Design aRESTful identity API toprovide Identity as a Service todownstream servicesand directory owners

• Play an active role in CAA’s security incident response efforts, working toidentifyand mitigate information security threats

Required Capabilities

• Aminimum of7years in Information Technology, ideally with a focus oninformation security

• Aminimum of3years’ experience inidentity and access managementArchitecture or Engineering

• ABachelor’s or Master’sDegree in a relevant field of work

• ExperiencearchitectingIAM projects from design through implementation

• Strong communicationand presentation skills with ability to explain complex conceptsto both technical and non-technical audiences

• Have designed and supported the implementation of Zero TrustIdentity architecture

• Understandingof OAuth, SAMLandOpenIDframeworks

• An understanding of the fundamental operations of servers, operating systems, networks, firewalls, cloud applications, and infrastructure

• Knowledge in automation and integration with SaaS applications

• Knowledge oflifecycle management and provisioning andde-provisioning

• Knowledge ofdifferentMFA and compensating controlsfor identity

• Knowledge ofprivilegeidentity management,privilegedaccess management,and concepts ofjust in timeprovisioning, just enough access, and principal of least privilege

• Knowledge of scripting in at least one of the following languages: PowerShell, Python, JavaScript

Desired Capabilities

• Cross-team collaboration and vendor management

• Set up and integrations forSingle Sign-On with various SaaS vendors

• Knowledge and experience of SCIM integration

• Account set-up and access management

• Application developmentandDevSecOpspipeline

• Building and using REST APIs

• Experience creating and supporting identity framework orIDaaS

• An understanding of the NIST framework and using a continuous improvement loop

DesiredTechincalSkills

Azure AD, Active Directory, AD Connect, Azure Automation, Power Automate, SAML,OpenID, SSO, SCIM, OAuth, PowerShell, RESTful APIs,Okta,Workday, SailPoint, Ping Federate,PingID, Splunk, RBAC

Certifications with CIAM, CIMP, Okta, SailPoint, Microsoft Identity, Ping Identity, CISSP, CISM, CompTIA Security+