Who We Are
Creative Artists Agency (CAA) is the world's leading entertainment and sports agency, with offices in Los Angeles, New York, Nashville, London and Beijing. Founded in 1975, CAA represents many of the most successful professionals working in film, television, music, theatre, video games, sport, and digital content, and provides a range of strategic marketing and consulting services to corporate clients.
This is a hands-on security position working within the Information Security group and with the internal IT department at large. We are looking for candidates who have a passion for cyber security, identity management and threat response. You will provide domain expertise to design and develop the capabilities of the identity and access management platform and the automation of application deployment pipelines to the platform.
In this role, you will be an essential partner and technical specialist for identity and access platform development and provide thought leadership on overall security and authentication across various workflows. You will be a key part of our efforts to enable the business needs in a highly collaborative organization. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practice.
• Provide design, evaluation, analysis, testing, debugging and implementation of identity and access management programs to support the company's strategy
• Maintain configuration, updates, and overall administration of the identity access management platform
• Have a deep understanding of user lifecycle management; including provisioning/de-provisioning, access requests, user entitlements and audit & validations
• Maintain standards for access management across the company and department
• Collaborate with HRIS, IT service owners, and service desk to troubleshoot and fulfill identity related workflows
• Knowledge of identity governance workflows with the concepts of attestation and auditing.
• Integrate new applications into the identity access management platform through RESTful APIs, JDBC, flat file, or built-in connectors and configure aggregation, provisioning, and entitlements
• Automate identity workflows and processes for lifecycle management, auditing, reporting, governance and self-service
• Provide and maintain a RESTful identity API to downstream services
• Play an active role in CAA's security incident response efforts, working to identify and mitigate information security threats
• A minimum of 5 years in Information Technology, ideally with a focus on information security
• A minimum of 3 years' experience in identity and access management
• A Bachelor's or Master's Degree in a relevant field of work
• A strong understanding of the fundamental operations of servers, operating systems, networks, firewalls, cloud applications, and infrastructure
• Experience in automation and integration with SaaS applications
• Understanding of OAuth, SAML and OpenID frameworks
• Experience in lifecycle management and provisioning and de-provisioning
• Knowledge of different MFA and compensating controls for identity
• Knowledge of privilege identity management, privileged access management, and concepts of just in time provisioning, just enough access, and principal of least privilege
• Set up and integrated Single Sign-On with various SaaS vendors
• Account set-up and access management
• Application development and DevSecOps pipeline
• Building and using REST APIs
• Knowledge and experience of SCIM provisioning and integration
• Worked closely with human resources and help desk support staff
• Experience creating and supporting fully identity framework or IDaaS
• An understanding of the NIST framework and using a continuous improvement loop
Azure AD, Active Directory, AD Connect, Azure Automation, Power Automate, SAML, OpenID, WS-Fed, SSO, SCIM, OAuth, Programming (java, python), PowerShell, RESTful APIs, MSSQL, OGNL, GraphQL, Workday, SailPoint, Okta, Ping Federate, PingID, Splunk, RBAC
CAA has a service oriented collaborative environment where we help our colleagues then focus on our own work.
CAA maintains a fully-vaccinated environment, for the safety and health of employees and guests, to the extent allowed by local law. Where permitted, all CAA employees will be required to be fully vaccinated against COVID-19 (including any waiting periods) and provide approved documentation when: 1) working in or visiting any CAA office; 2) attending any CAA company events, whether in the office or not; or 3) meeting with clients at any location. CAA also expects that all employees will take responsibility for maintaining optimal vaccine levels; for instance, this may include receiving boosters for which they are eligible. If you are unable to get a vaccine due to a medical condition, disability, or a religious belief, CAA will consider your accommodation request. The Company's policies in this regard may be updated from time to time, as pandemic/endemic conditions and local laws evolve.
Jobcode: Reference SBJ-gwv39n-44-200-171-74-42 in your application.