Global It Director - Principal Security… at BCG

What you'd actually do

Own the end‑to‑end technical delivery of IAM services, including identity lifecycle management, authentication, authorization, SSO, and privileged access controls, ensuring they are secure, scalable, and highly available.

Lead design sessions, collaborating with Entrprise Architecture, and implementation of IAM integrations for SaaS, on‑prem, and AWS cloud platforms, including federation (SAML, OIDC, OAuth), MFA, and Passwordless capabilities.

Serve as the primary escalation point for complex IAM engineering issues; perform root‑cause analysis and drive long‑term remediation and hardening of IAM platforms and related services.

Partner with security architecture, infrastructure, application, and HR/IT teams to align IAM solutions with enterprise security strategy, compliance obligations, and business objectives.

Define IAM engineering standards, patterns, and reference architectures; guide other engineers in implementing secure onboarding patterns for applications into IGA, PAM, and SSO platforms.

Skills

Required

Information security engineering
Infrastructure engineering
IAM platforms
Microsoft Entra ID
Active Directory
Federation protocols (SAML, OIDC, OAuth2)
Hybrid multi-cloud environments
Automation of provisioning
Access reviews
RBAC/ABAC models
Secrets management solutions
Scripting or programming language (PowerShell, Python, or Java)
Privileged Access management (CyberArk)
Authentication/AuthN (Okta)
Federated Identity (EntraID)
Cloud Identity (AWS, GCP, Azure)
Automation (terraform, codex, claude)
Application SSO (OIDC, SAML)
Identity Governance (Sailpoint, Okta, Veza)

Nice to have

AI-driven access orchestration strategies
Agentic AI tools for intelligent decisioning

What the JD emphasized

5 years of hands-on-keyboard experience with core IAM platforms

Deep expertise with the majority of our IAM stack

Strong hands-on experience with Microsoft Entra ID and Active Directory

extensive experience implementing federation protocols (SAML, OIDC, OAuth2)

Proven track record designing and implementing IAM solutions in hybrid multi-cloud environments

automation of provisioning, access reviews, and RBAC/ABAC models

Proficiency in at least one scripting or programming language (such as PowerShell, Python, or Java)

Exceptional sense of ownership

Highly advanced ability to breakdown work to deliver value incrementally

Experience leading large-scale IAM programs

Prior responsibility as a technical lead or architect for IAM

mentoring teams and influencing roadmaps beyond direct reporting lines

strong bias toward automation and measurable risk reduction

Define and lead the implementation of the organization’s security strategy

Architect and implement solutions across workforce IAM, PAM, and customer IAM ecosystems.

Provide thought leadership in adopting passwordless authentication, passkeys, adaptive MFA, and AI-driven access orchestration strategies

Engineer integrations with Agentic AI tools for intelligent decisioning, policy enforcement, and autonomous identity lifecycle operations.

Develop and automate provisioning/deprovisioning workflows

Ensure integration of IAM with cloud platforms (Azure, AWS, GCP) and SaaS applications.

Mentor and develop the skills of senior security engineers

Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Principal IAM Engineer is the senior technical authority for identity services, responsible for designing, implementing, and governing enterprise-wide IAM capabilities across workforce, partner, and customer identities. This role combines deep hands-on engineering with architecture and leadership, driving the modernization of authentication, authorization, identity lifecycle, and privileged access controls across our cloud and on-prem environments.

Responsibilities:

Own the end‑to‑end technical delivery of IAM services, including identity lifecycle management, authentication, authorization, SSO, and privileged access controls, ensuring they are secure, scalable, and highly available.
Lead design sessions, collaborating with Entrprise Architecture, and implementation of IAM integrations for SaaS, on‑prem, and AWS cloud platforms, including federation (SAML, OIDC, OAuth), MFA, and Passwordless capabilities.
Serve as the primary escalation point for complex IAM engineering issues; perform root‑cause analysis and drive long‑term remediation and hardening of IAM platforms and related services.
Partner with security architecture, infrastructure, application, and HR/IT teams to align IAM solutions with enterprise security strategy, compliance obligations, and business objectives.
Define IAM engineering standards, patterns, and reference architectures; guide other engineers in implementing secure onboarding patterns for applications into IGA, PAM, and SSO platforms.
Lead modernization initiatives.
Contribute to audits, risk assessments, and regulatory reviews by providing technical evidence, designing compensating controls, and closing identified IAM control gaps.
Mentor and coach IAM engineers and analysts, promoting engineering excellence, documentation discipline, and a culture of continuous learning and improvement.

What You'll Bring

10+ years of experience in information security or infrastructure engineering, with at least 5 years of hands-on-keyboard experience with core IAM platforms.
Deep expertise with the majority of our IAM stack
Strong hands-on experience with Microsoft Entra ID and Active Directory as foundational directory services, and extensive experience implementing federation protocols (SAML, OIDC, OAuth2).
Proven track record designing and implementing IAM solutions in hybrid multi-cloud environments, including the automation of provisioning, access reviews, and RBAC/ABAC models.
Experience with secrets management solutions.
Proficiency in at least one scripting or programming language (such as PowerShell, Python, or Java) to automate tasks and build custom connectors for our IAM tools.
Excellent communication skills with the ability to translate complex technical concepts related to our IAM ecosystem for both technical and non-technical stakeholders.
Exceptional sense of ownership and the ability to work with a limited set of requirements.
Highly advanced ability to breakdown work to deliver value incrementally.
Experience leading large-scale IAM programs.
Prior responsibility as a technical lead or architect for IAM, including mentoring teams and influencing roadmaps beyond direct reporting lines.
Demonstrated ability to balance security, usability, and operational efficiency, with a strong bias toward automation and measurable risk reduction.
Define and lead the implementation of the organization’s security strategy, with a focus on Cloud Security, Identity Access Management, and all other aspects of Cybersecurity
Oversee the deployment of IAM solutions across both on-premise and cloud environments, ensuring they meet the highest standards of security.
Lead the most complex security assessments, including threat modeling, red teaming, and cloud security reviews.
Collaborate with executive leadership to ensure that security initiatives align with the organization’s strategic goals and risk appetite.
Act as the technical lead for large-scale security projects, coordinating cross-functional teams to ensure successful delivery.
Architect and implement solutions across workforce IAM, PAM, and customer IAM ecosystems.
Provide thought leadership in adopting passwordless authentication, passkeys, adaptive MFA, and AI-driven access orchestration strategies
Engineer integrations with Agentic AI tools for intelligent decisioning, policy enforcement, and autonomous identity lifecycle operations.
Develop and implement automated provisioning/deprovisioning workflows
Ensure integration of IAM with cloud platforms (Azure, AWS, GCP) and SaaS applications.
Mentor and develop the skills of senior security engineers, fostering a culture of continuous improvement and innovation.

Technical Experience Must-Have:

Privileged Access management (CyberArk)
Authentication/AuthN (Okta)
Federated Identity (EntraID)
Cloud Identity (AWS, GCP, Azure)
Automation (terraform, codex, claude)
Application SSO (OIDC, SAML)
Identity Governance (Sailpoint, Okta, Veza)

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws. BCG is an E - Verify Employer. Click here for more information on E-Verify.