Non-Human Identity and Cloud IAM - Platform Lead

Non-Human Identity And Cloud IAM – Platform Lead

This position is part of AbbVie's Information Security & Risk Management (ISRM) team within Business Technology Solutions. The Identity & Access Management (IAM) team is responsible for the development, implementation, and oversight of the organization's IAM strategy, ensuring secure, efficient, and compliant access to systems and data. The NHI and Cloud IAM function addresses one of the fastest-growing attack surfaces in enterprise security—machine identities now outnumber human ones, and the rapid expansion of AI agents is accelerating that trend. This role does not own the AI agent or cloud platforms themselves—those are owned by partner teams across BTS—but it is the IAM team's authoritative voice on how those platforms must integrate with identity governance, and it is accountable for ensuring that no non-human identity operates outside of AbbVie's visibility or control.

Take the next step in your career with an organization that strategically invests in the long-term health of the company, its technology and its people. The AbbVie Business Technology Solutions (BTS) team shapes the digital transformation necessary for our treatments to positively impact patients' lives. In the role of Non-Human Identity and Cloud IAM – Platform Lead, you'll tackle one of the most complex and rapidly evolving challenges in enterprise security: establishing a unified strategy for non-human identities, AI agent governance, and cloud IAM—bridging today's fragmented landscape into a coherent, observable, and future-ready program. This is a senior, highly technical role that requires both architectural depth and the organizational influence to drive accountability across the teams that own AI, agentic, and cloud platforms—ensuring that every non-human identity is visible, governed, and secured from AbbVie's IAM systems.

In this role, you'll be responsible for:

• Define and drive the enterprise Non-Human Identity (NHI) strategy—rapidly assessing all in-flight initiatives across the organization, rationalizing overlapping efforts, and establishing a centralized, authoritative governance program covering all machine identities across on-premises, cloud, and agentic environments
• Build and maintain a comprehensive NHI registry encompassing service accounts, APIs, bots, application identities, robotic process automation (RPA), and AI agents—ensuring every non-human identity is discovered, inventoried, classified, and continuously governed within IAM systems
• Own AbbVie's identity governance posture for AI agents: while the creation and operation of AI agent platforms is owned by other teams, this role is accountable for ensuring those platforms integrate with IAM—so that every AI agent is inventoried in the NHI registry, mapped to its owning human or system identity, governed through appropriate access controls, and visible for security monitoring
• Proactively discover and identify new AI agents and agentic workloads as they are introduced across the enterprise; partner with AI platform, cloud, and business teams to ensure timely onboarding into the NHI governance framework, and drive remediations or mappings where gaps exist
• Serve as the IAM point of accountability for all agent-related identity questions: defining standards for how agents authenticate, what credentials they use, how those credentials are secured, and how agent activity is observable from an identity and access perspective
• Establish centralized NHI observability by driving integration between IAM platforms and external systems—including AWS, Azure, GCP, and agentic platforms (e.g., Microsoft Copilot ecosystem, AWS Bedrock, or similar)—so that IAM maintains a living, authoritative view of all non-human identities regardless of where they originate
• Design and implement modern NHI credential security controls including just-in-time (JIT) access, dynamic secrets, short-lived certificates, automated credential rotation, and runtime authentication—reducing standing privilege for machine identities to near zero where possible
• Assess the current tooling landscape for NHI and cloud IAM; determine whether existing platforms can be extended or reconfigured, or whether new capabilities are needed; and build a pragmatic, phased modernization roadmap
• Own and evolve the Cloud IAM and IGA strategy, closing the integration gap between cloud-native identity platforms (AWS IAM, Azure Entra ID, GCP IAM) and AbbVie's central IAM/IGA tools—ensuring cloud identities, entitlements, and access certifications are governed consistently and automatically
• Design cloud identity governance frameworks including role-based access models, entitlement management, access certifications, and least-privilege enforcement across cloud environments
• Drive cross-functional alignment across IAM, AI Platform, Cloud, Security Architecture, Compliance, Audit, and business teams—translating complex, fast-moving requirements into executable roadmap priorities and holding partner teams accountable for IAM integration commitments
• Establish KPIs and maturity metrics for the NHI and Cloud IAM program, providing executive-level visibility into inventory completeness, risk posture, program progress, and open gaps
• Ensure compliance with regulatory requirements (SOX, GDPR, PCI-DSS) for machine identities and cloud access controls; respond to and remediate audit findings
• Manage budget, resources, and vendor relationships for all NHI and Cloud IAM technologies and solutions
• Lead and mentor a team of technical specialists, cultivating a culture of proactive governance, automation, and continuous improvement

Qualifications

• Bachelor's degree with 8 years experience OR 7 years of relevant experience with 7 years experience OR PhD with 3 years experience
• Hands-on experience with non-human identity management, cloud IAM, or machine identity governance in large enterprise environments
• Demonstrated experience establishing or maturing NHI programs—including service accounts, API credentials, application identities, and/or automated/agentic workloads
• Strong hands-on expertise with cloud IAM frameworks: AWS IAM, Azure Entra ID, and/or GCP IAM, including integration with central IGA platforms
• Experience designing and implementing cloud IGA processes: entitlement management, access certifications, role-based access models, and least-privilege enforcement in cloud environments
• Proven experience with secrets management platforms and modern credential security patterns (JIT access, short-lived certificates, dynamic secrets, automated rotation)
• Architecture-level understanding of identity federation, service-to-service authentication, and cloud-native identity patterns (OAuth, OIDC, SAML, workload identity)
• Strong track record of driving complex, cross-functional programs in matrixed organizations—including influencing and holding accountable teams that are not direct reports
• Demonstrated ability to proactively identify governance gaps, drive partner teams to remediate, and establish scalable, automated processes to prevent recurrence
• Excellent communication and executive presentation skills, with the ability to translate deeply technical concepts for non-technical stakeholders and build alignment across organizational boundaries

Beneficial:

• Familiarity with AI agent platforms and their identity/credential patterns (e.g., Microsoft Copilot ecosystem, AWS Bedrock agents, or similar agentic frameworks)
• Experience building NHI discovery and inventory capabilities, including integration with platforms not originally designed for identity governance
• Familiarity with containerization and Kubernetes service account management
• Hands-on experience with IGA platforms and their cloud connectors (Saviynt, SailPoint, or equivalent)
• Scripting and automation experience (PowerShell, Python, Terraform, or other IaC tools)
• Knowledge of certificate management, PKI infrastructure, and API security platforms
• Understanding of CIS, NIST, and other cloud security compliance frameworks
• Industry certifications such as CISSP, CCSP, AWS/Azure/GCP security certifications, or equivalent
• Experience in the pharmaceutical or life sciences industry

Tools and skills you will use in this role:

• Cloud IAM platforms: AWS IAM, Azure Entra ID, GCP IAM — and their integration with enterprise IGA
• Secrets management platforms: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, or equivalent
• IGA platforms with cloud connectors: Saviynt, SailPoint, or equivalent
• NHI discovery, inventory, and governance tooling
• Just-in-time access, dynamic secrets, and runtime authentication frameworks
• Integration APIs and connectors for agentic platforms (e.g., Microsoft Copilot ecosystem, AWS Bedrock) — for identity inventory and observability, not platform ownership
• Service-to-service authentication protocols: OAuth, OIDC, SAML, workload identity federation
• Containerization and Kubernetes service account management
• CI/CD pipeline integrations for identity and secrets (Jenkins, GitHub Actions, Azure DevOps, Terraform)
• Scripting and automation: PowerShell