Identity Access Management (IAM) Architect

Casella Waste Systems, Inc. seeks a highly skilled and proactive Identity Access Management (IAM) Engineer to join our growing Information Security team. This role plays a vital part in enhancing our organization's security posture by overseeing the full identity lifecycle-managing user credentials, access rights, and entitlements across enterprise applications and infrastructure. Working collaboratively with business stakeholders, HR, IT, and compliance teams, the IAM Engineer is expected to architect, implement, and continually optimize IAM processes in alignment with business needs, compliance frameworks, and security best practices. This high-impact role requires a strong technical foundation, analytical mindset, and commitment to maintaining security controls that support organizational integrity, regulatory compliance, and operational efficiency.

Hiring Range $115-145K depending on experience

#INDSJ

Applicants must be legally authorized to work in the United States without restriction for any employer. We are not able to provide visa sponsorship or assume existing sponsorships.

• Drives the execution and continuous improvement of Identity and Access Management (IAM) controls technology. This includes, but isn't limited to, administration, configuration of IAM/SSO technology, designing and implementing access provisioning and de-provisioning workflows, enabling thorough entitlement reviews and access recertification, implementing and optimizing role-based authorization, ensuring segregation of duties based on business rules, and enabling robust computer user account management.
• Partners closely with Human Resources to maintain precise access and authorization controls, ensuring alignment with employee lifecycle events.
• Proactively Identifies and resolves gaps within business processes related to IAM. This often involves configuration of IAM/SSO technology, analyzing security and authorization setups, contributing to user documentation, assisting with data interface design, and overseeing data migration and reconciliation efforts.
• Regularly interacts with end-users, managers, IT and data custodians to ensure IAM/SSO controls are properly configured and comply with access controls and audit procedures.
• Provides expert operational support and guidance for critical authentication and authorization services, such as Multi-Factor Authentication (MFA), Active Directory, and Identity Management (IdM) platforms.
• Responds to and troubleshoot IAM-related incidents, ensuring timely resolution and minimal disruption to operations.
• Collaborates with various stakeholders, including internal audit/risk management, third-party vendors, and internal IT departments, to identify, document, and support the remediation of information security and operational issues impacting Casella's IAM systems.
• Ensures all IAM activities and solutions adhere to internal security policies, industry best practices, and relevant regulatory compliance requirements (e.g., SOX, HIPAA, GDPR, etc.).
• Provides input and support for the design and implementation of secure IAM architectures and solutions.
• Trains other security staff and maintain documentation for IAM processes and configurations.
• Participates in training and other learning opportunities to expand knowledge of the company, products, sales, and services and performs any other duties needed to help drive our vision, fulfill our mission, and/or abide by our core values.
• Ensures compliance with all company, state, and federal policies, regulations, and laws regarding employment and employee safety.

A Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related field is required, although equivalent education and experience may also be considered. The ideal candidate will have over three years of experience in Identity and Access Management (IAM) or IT security, with hands-on expertise in SailPoint IdentityNow and Microsoft Entra (formerly Azure AD). Proficiency in scripting languages such as PowerShell, JavaScript, and TypeScript is essential, along with experience working with REST/SOAP APIs and JSON.

A solid understanding of Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), compliance frameworks like SOX, HIPAA, and GDPR, as well as Governance, Risk, and Compliance (GRC) practices, is also important. Strong troubleshooting and analytical skills are required. Preferred certifications include Microsoft Certified: Identity and Access Administrator, SailPoint IdentityNow Professional, CISSP, and CIAM.

Only U.S. citizens, lawful permanent residents, TN Visa holders, or applicants with authorized temporary work status may apply. U.S. work authorization is required. Visa sponsorship is not available.

Excellent communicator with outstanding critical thinking and decision-making skills who is adept at navigating nuances of leading a team of technical and non-technical company professionals in creating cyber architecture while building and maintaining key stakeholder relationships, developing trust, encouraging continuous learning, and achieving business results.