IT Security Identity & Access Technical Leader

We’re hiring at Pitney Bowes, where top talent builds meaningful careers and lasting impact. We Move fast, Deliver excellence, and Win together…that’s The Pitney Bowes way. Here, how we work matters just as much as what we achieve.

We’re Looking For People Who

• Act with urgency, accountability, and purpose
• Deliver high quality work with consistency and pride
• Collaborate effectively and elevate those around them
• Focus on outcomes that drive impact and growth
  
  

Job Description

You Are:

A Security Identity & Access Technical Leader responsible for designing, implementing, and governing the enterprise-wide Identity and Access Management (IAM) program. You partner across security, infrastructure, HR, engineering, and business teams to build a modern, scalable identity ecosystem, winning together to deliver secure, seamless access experiences across the organization.

You Will

• Develop and maintain the organization’s Identity & Access Management (IAM) strategy, roadmap, and governance model, driving alignment and shared accountability across teams.
• Architect and oversee solutions for security, authentication, authorization, privileged access, SSO, MFA, SaaS security posture, API access controls, conditional access policies, and lifecycle management, delivering excellence in secure design and execution.
• Technically lead modernization efforts such as Zero Trust, passwordless authentication, identity automation, Attribute-Based Access Controls, AI-driven threat detection and response, identity models for AI agents, and continuous AI behavioral authentication, helping the organization move fast while staying secure.
• Define standards for API security, including API identity and access controls, secure API key and token management, least-privilege access for machine identities, and monitoring and anomaly detection for API usage.
• Establish secure patterns for API authentication and authorization, including OAuth, OIDC, and token lifecycle management.
• Lead the design and operation of Privileged Access Management (PAM) solutions (CyberArk).
• Ensure projects are delivered within scope, budget, and schedule, balancing speed with precision.
• Lead a technical team supporting user access provisioning, deprovisioning, terminations, and password resets across multiple SaaS and on-premise applications (Dell OneIdentity, Salesforce, SAP, Workday), fostering collaboration and continuous improvement.
• Perform regular audits to ensure security protocols are followed and risks are proactively addressed.
• Ensure technical solutions comply with privacy laws and regulatory requirements.
• Investigate and respond to irregularities in system access with urgency and rigor.
• Establish metrics to ensure IAM solutions meet both security and business objectives.
• Plan, test, and implement configuration changes efficiently and effectively.
• Document IAM processes and procedures to enable consistency and scalability.
• Escalate and resolve issues in a timely manner, maintaining a high standard of reliability and responsiveness.
  
  

Your Background

As a Identity Lead, you have:

• 7-12 plus years professional experience in IT and/or Cybersecurity with an Enterprise Identity Management Team
• Deep expertise in IAM frameworks, Zero Trust, and modern identity protocols (SAML, OAuth, OIDC, SCIM).
• Experience with enterprise scale IAM platforms, On Premise, and Cloud Platforms.
• Strong understanding of cloud identity (Azure AD/Entra, AWS IAM, GCP IAM, SaaS and API).
• Knowledge of security architecture, threat modeling, and identity attack vectors.
• Significant demonstrated knowledge of Active Directory and Entra processes and tools to include patching, hardening, configuration, and risk management
• Demonstrated communication skills to communicate, persuade, influence without authority, and handle challenging conversations
• Significant demonstrated knowledge of Identity management processes and tools to include Active Directory, Entra ID, Intune, Dell OneIdentity, Semperis, CyberArk, SAP, Salesforce and Workday.
• Demonstrated knowledge in recent advances in IAM technology.
  
  

Preferred

• Bachelor’s Degree in Information Security, Computer Science or equivalent
• Information Security Certifications such as CISSP, CRISC, CIMP and/or CISM
  
  

Knowledgeable And Experienced In

• Active Directory (Including Azure A/D Synchronization)
• Entra ID (Including App Registration, Passwordless Authentication, Enterprise Application SSO and Conditional Access Policies)Intune
• OKTA
• Semperis
• CyberArk
• Zscaler AppTotal
• Automation Tools including Task Scheduler and PowerShell
• InfoBlox BloxOne
• Microsoft PKI, NPS, SCCM Patching
• Illumio
• Microsoft Defender
• Dell OneIdentity (Configuration, Monitoring, Migration and Implementation)
• Microsoft NPS
• JIRA Service Desk
• Use of AI
  
  

Compensation

The wage range for this position is $130,000-$150,000 / year, with the actual pay dependent on your skills and experience as they relate to the job requirements.

Location:

This is a hybrid role, with 4 days in the Shelton, CT office required. (No relocation assistance offered.)

Sponsorship

Must be legally authorized to work in the US. Employer will not sponsor position for employment visa status now or in the future (ex. H-1B).

We Will

• Provide the opportunity to grow and develop your career
• Offer an inclusive environment that encourages diverse perspectives and ideas
• Deliver challenging and unique opportunities to contribute to the success of a transforming organization
• Offer comprehensive benefits globally (PB Live Well)
  
  

Pitney Bowes is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard for race, color, sex, religion, national origin, age, disability (mental or physical), veteran status, sexual orientation, gender identity, or any other consideration made unlawful by applicable federal, state, or local laws.

All qualified applicants, including Veterans and Individuals with Disabilities, are encouraged to apply.

All interested individuals must apply online. Individuals with disabilities who cannot apply via our online application should refer to the alternate application options via our Individuals with Disabilities link.