Back to search
Creative Artists Agency Linkedin · Posted 18d ago

Cybersecurity Architect - IAM

Nashville

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Job Description
Who We Are
Creative Artists Agency (CAA) is the leading entertainment and sports agency, with global expertise in filmed and live entertainment, digital media, publishing, sponsorship sales and endorsements, media finance, consumer investing, fashion, trademark licensing, and philanthropy. Distinguished by its culture of collaboration and exceptional client service, CAA’s diverse workforce identifies, innovates, and amplifies opportunities for the people and organizations that shape culture and inspire the world. The trailblazer of the agency business, CAA was the first to build a sports business, create an investment bank, launch a venture fund, found technology start-up companies, establish a philanthropic arm, build a business in China, and form a brand marketing services division, among other innovations. Named Most Valuable Sports Agency by Forbes for eight consecutive years, CAA represents more than 2,000 of the world’s top athletes in football, baseball, basketball, hockey, soccer, in addition to coaches, on-air broadcasters, and sports personalities and works in the areas of broadcast rights, corporate marketing initiatives, social impact, and sports properties for sales and sponsorship opportunities. Founded in 1975, CAA is headquartered in Los Angeles, and has offices in New York, Nashville, Memphis, Chicago, Miami, London, Munich, Geneva, Stockholm, Shanghai, and Beijing, among other locations globally.

The Role
This is a hands-on security position working within the Information Security group and with the internal IT department at large. We are looking for candidates who have a passion for cyber security, identity management and threat response. You will provide domain expertise to design and develop the capabilities of the identity and access management platform and the automation of application deployment pipelines to the platform. As a key leader in our security organization, the Cybersecurity Architect will drive the development of secure design principles, reference architectures, and security standards across a modern, SaaS-enabled and cloud-first ecosystem. This includes securing complex identity flows, third-party integrations, APIs, and distributed systems while addressing the shared responsibility model inherent across SaaS and internally developed line of business platforms. In this role, you will be an essential partner and technical specialist for identity and access platform development and provide thought leadership on enterprise security and architecture across identity access and governance. You will be a key part of our efforts to enable the business needs in a highly collaborative organization. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practice.

Responsibilities

  • Maintain architectural diagrams and workflows of the identity access management platform
  • Provide design, evaluation, analysis, of identity and access management programs to support the company’s strategy
  • Develop standards and guidelines for access management across the company and department
  • Understand user lifecycle management; including provisioning/de-provisioning, access requests, user entitlements and audit & validations
  • Collaborate with HRIS, IT service owners, service desk and end-users to gather feedback and design solutions with identity related workflows
  • Present on design & vision that meets user and business needs
  • Design overall structure for new and existing cloud and on-premise applications into the identity access management platform
  • Create identity governance workflows with the concepts of attestation and auditing.
  • Ensure systems are scalable, maintainable and meet business needs
  • Create documentation to support architectural decisions and workflows
  • Review identity workflows and processes for lifecycle management, auditing, reporting, governance and self-service
  • Design a RESTful identity API to provide Identity as a Service to downstream services and directory owners
  • Play an active role in CAA’s security incident response efforts, working to identify and mitigate information security threats

Required Capabilities
  • A minimum of 7 years in Information Technology, ideally with a focus on information security
  • A minimum of 3 years’ experience in identity and access management Architecture or Engineering
  • A Bachelor’s or Master’s Degree in a relevant field of work
  • Experience architecting IAM projects from design through implementation
  • Strong communication and presentation skills with ability to explain complex concepts to both technical and non-technical audiences
  • Have designed and supported the implementation of Zero Trust Identity architecture
  • Understanding of OAuth, SAML and OpenID frameworks
  • An understanding of the fundamental operations of servers, operating systems, networks, firewalls, cloud applications, and infrastructure
  • Knowledge in automation and integration with SaaS applications
  • Knowledge of lifecycle management and provisioning and de-provisioning
  • Knowledge of different MFA and compensating controls for identity
  • Knowledge of privilege identity management, privileged access management, and concepts of just in time provisioning, just enough access, and principal of least privilege
  • Knowledge of scripting in at least one of the following languages: PowerShell, Python, JavaScript

Desired Capabilities
  • Cross-team collaboration and vendor management
  • Set up and integrations for Single Sign-On with various SaaS vendors
  • Knowledge and experience of SCIM integration
  • Account set-up and access management
  • Application development and DevSecOps pipeline
  • Building and using REST APIs
  • Experience creating and supporting identity framework or IDaaS
  • An understanding of the NIST framework and using a continuous improvement loop

Desired Technical Skills
Azure AD, Active Directory, AD Connect, Azure Automation, Power Automate, SAML, OpenID, SSO, SCIM, OAuth, PowerShell, RESTful APIs, Okta, Workday, SailPoint, Ping Federate, PingID, Splunk, RBAC

Certifications with CIAM, CIMP, Okta, SailPoint, Microsoft Identity, Ping Identity, CISSP, CISM, CompTIA Security+

Location
This role is based in our Nashville office.

Compensation
The annual base salary for this position is in the range of $179,000 - $208,000 in Nashville. This position is also eligible for benefits and a discretionary bonus. Ultimately, the salary may vary based upon, but not limited to, relevant experience, time in the role, business sector, and geographic location, among other criteria. Please talk with a CAA Recruiter to learn more.

Environment
CAA has a service oriented collaborative environment where we help our colleagues then focus on our own work.

Creative Artists Agency, LLC (the “Company”) is committed to a policy of Equal Employment Opportunity and will not discriminate on the basis of race (inclusive of traits historically associated with race, including hair texture and protective hairstyles), color, religion, creed, gender or sex (including pregnancy, childbirth, breastfeeding or related medical conditions), national origin, ancestry, age, physical disability, mental disability, medical condition, genetic information, family and medical care leave status, military or veteran status, marital status, family status, sexual orientation, gender identity, gender expression, political affiliation, an employee’s or their dependent’s reproductive health decision making (e.g., the decision to use or access a particular drug, device or medical service), or any other characteristic protected by applicable law.

The absence of a permanent address is not a bar to employment. The Company does not discriminate against individuals based on housing status, including the absence of a fixed address.

The Company also complies with the Americans with Disabilities Act and applicable state and local laws with regard to providing reasonable accommodation for qualified individuals with disabilities.

CAA does not accept unsolicited resumes from third-party recruiters unless they were contractually engaged by CAA to provide candidates for a specified opening. Any such employment agency, person or entity that submits an unsolicited resume does so with the acknowledgement and agreement that CAA will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If repetitive applications get heavy, Managed Job Search adds supervised execution for $99/month.
View Managed Job Search