Director, Identity Security
Job Summary: The Director of Identity is responsible for maturing the enterprise Identity and Access Management (IAM) program across strategy, engineering, operations, architecture, and emerging identity security capabilities. This role provides leadership for a global IAM function supporting a large-scale internal and external identity environment and is accountable for advancing identity governance, privileged access, authentication, lifecycle management, and secrets and cryptography capabilities in alignment with business, risk, and compliance requirements.
The role combines strategic direction, operational accountability, organizational leadership, and program execution. The Director of Identity will lead mature identity services while driving transformation initiatives such as IAM governance maturation, role-based access control, PAM modernization, passwordless authentication, certificate lifecycle automation, and enterprise secrets management.
What You Will Do:
Strategy, Governance, and Leadership
Define and own the enterprise IAM strategy, roadmap, and operating model aligned to cybersecurity, compliance, and business objectives.
Mature the IAM program through formal governance, policies, standards, controls, metrics, and leadership reporting.
Present IAM program status, risks, priorities, and investment needs to security leadership and executive stakeholders.
Lead prioritization decisions across operations, platform engineering, architecture, and project-based identity initiatives.
Establish and monitor KPIs, service performance, maturity goals, and program outcomes.
IAM Program Delivery
Lead delivery of enterprise IAM capabilities including identity lifecycle management, joiner/mover/leaver processes, access provisioning, access requests, access reviews, privileged access, authentication, federation, and directory services.
Oversee transformation initiatives such as IGA expansion, RBAC governance, PAM modernization, passwordless authentication, and identity security posture improvements.
Ensure IAM services meet operational expectations for reliability, resilience, scalability, and user support.
Partner with application, infrastructure, cloud, HR, audit, and security teams to implement identity controls and integration patterns across the enterprise.
Compliance, Risk, and Control Effectiveness
Ensure IAM processes and controls support audit, regulatory, and internal compliance requirements, including SOX-related controls where applicable.
Oversee audit readiness, remediation activities, control evidence, and policy enforcement across identity-related processes.
Align identity capabilities to recognized frameworks and standards such as NIST CSF 2.0, NIST 800-63, and enterprise security policies.
Reduce identity-related risk by strengthening governance, control automation, privileged access protections, and secrets management practices.
Architecture and Emerging Identity Security Capabilities
Provide leadership across identity architecture, platform standards, and integration patterns for workforce, privileged, and customer identity environments.
Lead the development of enterprise secrets and cryptography capabilities, including certificate lifecycle management, PKI modernization, vault strategy, and operational controls.
Support modern identity approaches across hybrid and cloud environments, including federation, conditional access, and non-human/service identity considerations.
Drive decisions on tooling, architectural direction, and strategic vendor partnerships that improve security, scalability, and operational efficiency.
Organizational and People Leadership
Lead and develop a distributed IAM organization consisting of managers, architects, engineers, and operations personnel.
Build organizational clarity across operations, engineering, architecture, and new capability areas.
Provide leadership in talent development, succession planning, coaching, performance management, and team engagement.
Manage staffing strategy across full-time employees, partners, and contingent resources to meet delivery needs.
Oversee third-party vendors and consulting partners supporting IAM programs and services.
Minimum Qualifications:
Bachelor's degree in Information Technology, Information Security, Computer Science, Engineering, or a related discipline; equivalent experience may be considered.
12+ years of progressive experience in Identity and Access Management, cybersecurity, or security engineering.
5+ years of leadership experience managing multi-team IAM functions at the Senior Manager or Director level.
Demonstrated success leading enterprise IAM programs across strategy, operations, engineering, governance, and transformation initiatives.
Experience owning IAM governance, policy development, audit response, executive reporting, and control maturity efforts.
Experience building or standing up new security capabilities, teams, or services.
Technical and Functional Qualifications:
Strong knowledge of Identity Governance and Administration platforms; Saviynt preferred. Experience with SailPoint or One Identity is also relevant.
Strong knowledge of Privileged Access Management concepts and platforms; BeyondTrust preferred, with CyberArk or Delinea also relevant.
Experience with Microsoft identity services including Active Directory, Entra ID, B2C, federation, and conditional access.
Knowledge of authentication and federation standards such as SAML, OAuth 2.0, and OpenID Connect.
Understanding of hybrid and cloud IAM patterns across Azure, AWS, and GCP environments.
Knowledge of secrets management, PKI, certificate lifecycle management, and key management technologies such as HashiCorp Vault or Azure Key Vault.
Familiarity with IAM maturity frameworks, security governance models, and regulatory or control expectations.
Preferred Qualifications
Experience in a Fortune 500, global, manufacturing, or industrial environment.
Experience with SOX-related IAM controls and certification processes.
Experience with ServiceNow-based access workflows and Workday-driven provisioning processes.
Relevant certifications such as CISSP, CISM, or identity-platform specific certifications.
Leadership Competencies
Strategic thinker with the ability to set direction and translate strategy into execution.
Strong decision-maker who operates effectively in complex, matrixed environments.
Delivery-oriented leader with a strong focus on accountability, outcomes, and service quality.
Effective communicator able to translate complex identity and security topics for executives, audit stakeholders, and technical teams.
Strong collaborator with the ability to influence across cybersecurity, infrastructure, cloud, HR, audit, and application teams.
Proven people leader with the ability to coach talent, build teams, and develop future leaders.
Additional Information
The role may require coordination across global teams, including off-hours support for key initiatives, escalations, or major incidents.
Annual or Hourly Compensation Range
The base salary range for this position is $137,400.00 - $206,200.00. This position is eligible for annual bonus and long-term incentives based on performance, per plan terms. Many factors are taken into consideration when determining compensation, such as experience, education, training, geography, etc. We comply with all minimum wage and overtime laws.Benefits
Ecolab strives to provide comprehensive and market-competitive benefits to meet the needs of our associates and their families. Click here to see our benefits.
If you are viewing this posting on a site other than our Ecolab Career website, view our benefits at jobs.ecolab.com/working-here.
Potential Customer Requirements Notice
To meet customer requirements and comply with local or state regulations, applicants for certain customer-facing roles may need to:
- Undergo additional background screens and/or drug/alcohol testing for customer credentialing.
Americans with Disabilities Act (ADA)
Ecolab will provide reasonable accommodation (such as a qualified sign language interpreter or other personal assistance) with our application process upon request as required to comply with applicable laws. If you have a disability and require accommodation assistance in this application process, please visit the Recruiting Support link in the footer of each page of our career website.
Our Commitment to a Culture of Inclusion & Belonging
At Ecolab, we believe the best teams are inclusive. We are on a journey to create a workplace where every associate can grow and achieve their best. We are committed to fair and equal treatment of associates and applicants and recruit, hire, promote, transfer and provide opportunities for advancement based on individual qualifications and job performance. In all matters affecting employment, compensation, benefits, working conditions, and opportunities for advancement, we will not discriminate against any associate or applicant for employment because of race, religion, color, creed, national origin, citizenship status, sex, sexual orientation, gender identity and expressions, genetic information, marital status, age, disability, or status as a covered veteran.
In addition, we are committed to furthering the principles of Equal Employment Opportunity (EEO) through Affirmative Action (AA).
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York City Fair Chance Act.