Asia Identity and Access Management Manager

At Sephora, we stand together, and we stand for something more. Every day we reimagine beauty, discover new brands, and influence positive change. Security plays a big role in that. You will lead and drive the identity and access management domain for Sephora Asia with the support from internal team and vendor including OKTA, AD, ADFS and PKI services.

You will shine here if you enjoy…

Own IDM solution:

• Working with LVMH and Sephora global teams, you will own the identity management space at Sephora Asia.
• You will help to build IAM/IDM best practice to enhance user experience and strength security at the same time.
• You will work with security team closely and be responsible for the maintenance of Active Directory, OKTA and any other identity solutions in Sephora Asia on security and compliance requirement.
• Support global or local initiatives on project implementation, from technical design to implementation and run.

Drive implementation and delivery:

• Own OKTA Asia Integration delivery to ensure all required integrations are completed on time with quality.
• Own account lifecycle management and RBAC, drive and build the technical approach to ensure governance and better user experience.
• Take ownership of the technical issues and act as liaison with security and IT teams from Sephora Europe, LVMH and Sephora Asia to drive integration journey.

Team management:

• IDM team in Sephora Asia are consists of internal staff augmentation, managed services, and external vendor. You will manage both performance and budget for the team.

We would love to hear from you if…

• Have strong expertise in designing solutions with the standard IAM platforms like Okta, PingFederate, ADFS in enabling single sign-on services for both cloud and on-prem applications.
• Possesses SME/ "deep" experience in enterprise IAM (Identity and Access Management), including but not limited to federated SSO (single sign on), MFA (multi-factor authentication) user LCM (Lifecycle management) and provisioning, and Identity Governance and Administration (IGA)
• Must have working knowledge of Okta Lifecycle Management and Administrative APIs
• Ability to implement automated provisioning of endpoint by using custom provisioning flows, SCIM or JIT capabilities.
• Exposure to agile method, preferably to have experience with a large-scale project delivery using sprint planning approach.
• Experience working in a complex business environment and working under constraints (resource, funding etc) to deliver large scale project with a hard deadline.
• Have a think out of box approach and ready to challenge status -quo attitude to drive the program success
• Good knowledge of change management to ensure the successful adoption of the technologies across users from office and stores
• Good understanding of REST integration concepts
• Good understanding of the latest security principles like zero trust and password less authentication to implement new standards in the authentication model
• Experience with JavaScript, Python, Ruby, PowerShell, or other scripting languages is preferred
• Okta Certified Administrator, Okta Certified Consultant and/or Okta Certified Developer preferred
• Mandarin is preferred as this role will work closely with counter parts from China.

While at Sephora, you’ll enjoy…

• Work with Sephora global teams to support activities around Active Directory architecture, sites & replication, trust relationships, administrative management, global system security, policy configuration (GPOs), and PKI implementation.
• Work with Sephora global teams to support activities around AD-services such as AD-DNS, DHCP, PKI with integration to other infra services (such as NPS)
• Lead design and implement OKTA integration for user SSO (single sign-on) using SAML, OIDC
• Lead and own the architecture roadmap for identity management space, such as automation of account life cycle from provisioning to deprovisioning
• Lead design and implement privileged access management in Azure AD admin roles.
• Engage with other domain stakeholders to collaborate on OKTA integration process for all applications in Sephora Asia landscape.
• Setup and continuously improve AD related services governance framework.
• Own the space from project to run, ensure the hygiene of the accounts ( normal and privilege accounts).
• Provide expert advisories to operations team for continuous improvements in effectiveness of service monitoring, security-compliance, integrity and availability of AD Services.
• Work with operations team to improve existing processes through solutions to recurring problems and enhancements to existing solutions or documentation.
• Ensure Active Directory and PKI services are comply with Singtel policies, standards and operational guidelines.
• Support Audit topics related to AD and PKI services with evidences as and when required.
• Provide consultation to the Identity team with regards to solutions implementation, lead the change management topics, lead incident management, work with the operation team to enhance the current automation solutions and to innovate new automation topics to reduce the TCO.

Skills For Success

• At least 10 years of experience in designing and implementing Microsoft Identity technologies including Active Directory, CA-PKI, and Group Policies for large enterprises with more than 10,000 users.
• Expert knowledge in administering Active Directory (AD) and GPO’s.
• Expert knowledge of AD, ADFS, PKI technologies.
• Expert knowledge of DNS, DHCP, WINS, DFS, Microsoft enterprise technology.
• Must have deep and thorough understanding of monitoring best practices, and compliance to best practices for security and operations.
• Ability to exhibit leadership in championing the customers' requirements, delivery expectations and drive continuous improvement and transformation
• Develops architecture documents and standards for AD-related areas
• Knowledge of server virtualization technologies, preferably VMware and/or Microsoft technologies