• Develop and implement IAM strategies aligned with business objectives and security requirements
• Design IAM solutions to support authentication, authorization, and user provisioning/de-provisioning processes
• Define IAM architecture, including identity lifecycle management, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM)
• Lead the implementation of IAM solutions, integrating with systems and applications, both on-premises and in the cloud
• Configure IAM tools and platforms to meet functional requirements and security policies
• Collaborate with development teams to ensure IAM capabilities are integrated into applications and services seamlessly
• Establish IAM policies, procedures, and standards to enforce security best practices
• Conduct risk assessments and audits to identify security vulnerabilities and compliance gaps
• Ensure IAM solutions comply with relevant regulations such as GDPR, HIPAA, and PCI DSS
• Design and automate processes for user provisioning, de-provisioning, and access recertification
• Implement role-based access control (RBAC) and attribute-based access control (ABAC) mechanisms
• Monitor user activity and enforce least privilege access principles
• Collaborate with cross-functional teams, including IT operations, security, compliance, and business units
• Provide technical leadership and mentorship to junior team members
• Stay updated on emerging IAM technologies, trends, and threats

Required Experience:

• Bachelor's or Master's degree in Computer Science, Information Technology, or related field
• 5 years or more of experience as an Identity Architect or similar role, preferably in a large enterprise environment

Preferred Experience:

• In-depth knowledge of IAM concepts, principles, and technologies (e.g., LDAP, SAML, OAuth, OpenID Connect) and Digital Identity Standards (e.g. NIST 800-63)
• Hands-on experience with IAM solutions such as Microsoft Azure Active Directory, Okta, SailPoint, or Ping Identity
• Hands-on experience with cloud platforms such as AWS, Azure, or Google Cloud Platform
• Strong understanding of cybersecurity principles, including encryption, PKI, and secure authentication protocols
• Experience with scripting and automation tools (e.g., PowerShell, Python) for IAM deployment and configuration
• Experience with directory services such as Active Directory, Azure AD, or LDAP
• Excellent communication and interpersonal skills, with the ability to translate technical concepts into business terms
• Industry certifications such as CISSP, CISM, or CISA are a plus

Baxter is committed to supporting the needs for flexibility in the workplace. We do so through our flexible workplace policy which includes a minimum of 3 days a week onsite. This policy provides the benefits of connecting and collaborating in-person in support of our Mission.

#LI-LC1

Equal Employment Opportunity

Baxter is an equal opportunity employer. Baxter evaluates qualified applicants without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity or expression, protected veteran status, disability/handicap status or any other legally protected characteristic.

EEO is the Law

EEO is the law - Poster Supplement

[Pay Transparency Policy](https://www.dol.gov/ofccp/pdf/pay-transp_ English_formattedESQA508c.pdf)

Reasonable Accommodations

Baxter is committed to working with and providing reasonable accommodations to individuals with disabilities globally. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application or interview process, please click on the link here and let us know the nature of your request along with your contact information.

Recruitment Fraud Notice

Baxter has discovered incidents of employment scams, where fraudulent parties pose as Baxter employees, recruiters, or other agents, and engage with online job seekers in an attempt to steal personal and/or financial information. To learn how you can protect yourself, review our Recruitment Fraud Notice.