Dir, Identity & Access Mgmt (IAM)

Director Of Identity & Access Management (Iam)

The Director of Identity & Access Management (IAM) is accountable for the delivery, effectiveness, and ongoing maturity of enterprise workforce identity, secrets, and certificate management platforms. This role ensures secure, reliable, and automated access to systems, applications, and collaboration tools across a hybrid cloud, multi affiliate environment.

Aligned to the Infrastructure & Operations Platform vision, this leader transforms legacy, fragmented and manual identity practices into standardized, policy driven, and automated enterprise services that reduce operational toil, improve resilience, and strengthen regulatory compliance. The role partners closely with Platform Engineering, Security, HR, and Application teams to ensure identity related capabilities are engineered as scalable, consumable, and reliable platforms.

This position drives both technical modernization and enterprise change, standardizing identity practices across historically decentralized affiliates while balancing local regulatory and operational needs.

Responsibilities

1. Enterprise IAM Strategy & Transformation

• Define and execute a multi‑year IAM modernization roadmap aligned with I&O Platform priorities for reliability, automation, toil reduction, and cost efficiency.
• Lead the transition from affiliate‑specific identity practices to a standardized enterprise workforce identity platform.
• Drive organizational and cultural change required to adopt consistent identity standards across decentralized affiliates.
• Establish workforce identity, secrets, and certificate services as foundational shared capabilities supporting enterprise operations and modernization initiatives.

2. Workforce Identity, Secrets & Certificate Platform Ownership

• Accountable for enterprise workforce identity services, including:
• Identity lifecycle management (Joiner / Mover / Leaver)
• Directory services (e.g., Entra ID, Active Directory)
• IAM services (Saviynt, SailPoint, MIM)
• Single Sign‑On (SSO) and Multi‑Factor Authentication (MFA)
• Privileged access management (PAM)
• Own enterprise secrets and certificate management platforms as they relate to workforce identity and shared enterprise services, including lifecycle management, rotation, availability, and monitoring.
• Establish enterprise standards and guardrails for secrets and certificate usage in partnership with Platform Engineering for workload and runtime use cases.
• Ensure HR‑driven identity is the authoritative source for workforce provisioning and de‑provisioning.
• Ensure platforms are engineered for high availability, disaster recovery, and operational continuity.

3. Engineering‑First Identity & Automation

• Drive API‑first and event‑driven identity architecture enabling integration with enterprise platforms and developer workflows.
• Promote infrastructure‑as‑code and policy‑as‑code approaches for identity, access, secrets, and certificates.
• Integrate IAM capabilities into CI/CD pipelines and application delivery processes where appropriate.
• Replace ticket‑driven operations with automated, self‑service workflows.
• Define and track metrics such as time‑to‑provision, automation coverage, and reduction in manual access handling.

4. Governance, Risk & Control Effectiveness

• Design and operate scalable identity governance capabilities including access certifications, role governance, and segregation‑of‑duties controls.
• Ensure IAM capabilities support SOX, NERC‑CIP, and other regulatory requirements.
• Accountable for the design, effectiveness, and continuous improvement of workforce identity access controls.
• Partner with Security and Internal Audit on control testing, regulatory examinations, and remediation activities.

5. Platform Operating Model & Affiliate Alignment

• Establish a centralized IAM platform with federated execution across affiliates.
• Align affiliates to enterprise identity, secrets, and certificate standards through policies, patterns, and approved configurations.
• Serve as the primary IAM point of integration for leadership, HR, and application owners.

6. Partnership with Platform Engineering

• Partner with Platform Engineering on shared identity architecture principles and integration standards.
• Clearly define and maintain ownership boundaries:
• IAM owns workforce identity and enterprise secrets/certificate platforms
• Platform Engineering owns workload and runtime identity
• Coordinate roadmaps and architectural decisions to prevent fragmentation.

7. Operational Resilience & Incident Support

• Participate in major incident response when identity‑related failures impact critical systems or restoration activities.
• Ensure incidents result in root‑cause analysis and durable platform improvements.

8. Team Leadership & Capability Development

• Lead and evolve an IAM organization currently consisting of engineers and administrators to support modern IAM and maturing platform capabilities.
• Shift team culture from operations‑centric execution to platform ownership and engineering excellence.
• Build skills in automation, integration, and modern workforce identity practices.
• Own IAM vendor relationships, budgets, and investment planning.

Qualifications

Experience

• Bachelor's degree in information systems, computer science or related technical field; or equivalent work experience.
• 10+ years in identity, security, or enterprise infrastructure
• 5+ years leading IAM, security, or platform teams in complex enterprises
• Proven success modernizing IAM in federated or multi‑entity organizations
• Experience in regulated or critical‑infrastructure environments preferred

Technical & Domain Expertise

• Workforce identity lifecycle management
• Cloud and hybrid directory platforms
• SSO, MFA, PAM, and access governance
• Secrets and certificate management platforms
• Identity integration patterns (APIs, SCIM, event‑driven architectures)
• Infrastructure‑as‑code and automation concepts
• Working knowledge of Zero Trust principles

Experience with modern IAM and access platforms such as Entra ID, SailPoint, Saviynt, CyberArk, HashiCorp Vault, or similar is preferred.

What Success Looks Like

Workforce identity, secrets, and certificates are engineered as reliable enterprise platforms rather than operational bottlenecks. Access is automated, resilient, auditable, and easy to consume. Affiliates operate on shared standards while maintaining regulatory accountability. IAM quietly enables secure operations, modernization, and enterprise delivery at scale.

Work Authorization/Sponsorship

At this time, we're not considering applicants that need any type of immigration sponsorship (additional work authorization or permanent work authorization) now or in the future to work in the United States. This includes, but IS NOT LIMITED TO: F1-OPT, F1-CPT, H-1B, TN, L-1, J-1, etc. For additional information around work authorization needs please use the following links.

Nonimmigrant Workers and Green Card for Employment-Based Immigrants

About Us

MidAmerican Energy Company, a Midwest utility, provides regulated electric and natural gas service to more than 1.6 million customers in Illinois, Iowa, Nebraska and South Dakota. The company owns and operates a portfolio of power-generating assets, approximately 61% of which is wind generation.

About the Team

MidAmerican Energy Company is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or religious creed, age, national origin, ancestry, citizenship status (except as required by law), gender (including gender identity and expression), sex (including pregnancy), sexual orientation, genetic information, physical or mental disability, veteran or military status, familial or parental status, marital status or any other category protected by applicable local, state or U.S. federal law. Employees must be able to perform the essential functions of the position, with or without an accommodation.