IT Programs Manager

Description:
The IT Programs Manager oversees and manages infrastructure, application or process/integration projects for Information Technology; works across multiple IT groups to define solutions for infrastructure services and process deployment; supports mergers/acquisitions projects and support efforts such as deployment of infrastructure to support of new site and may be responsible for developing, implementing and enforcing policies, standards and methodologies.
His/her responsibilities include aiding in the negotiation of contracts and contractual changes and coordinating preparations of proposals, plans, specifications, and financial conditions of contracts.
He/she is responsible for contract administration and service levels measurement; ensures adherence to master plans and schedules and manages professional employees (project managers, technical staff and/or analyst staff ) and third part or outsourcing providers.
The IT Programs Manager is accountable for the performance and results of a team within own discipline.
(Assigns personnel to various projects and directs their activities); is responsible for customer relations and communications (with other groups and vendors) within own discipline or function and may oversee information systems personnel administration, including selection, training and personnel development Enable Skills-Based Hiring No Furlough Notification ll NextEra Energy Contingent Workforce Program (CWP) assignments are eligible for worker furlough. Typical furlough schedules coincide with select national holidays, but may be subject to change. Suppliers will be notified by the CWP of those workers impacted and the applicable furlough dates prior to each furlough period. Worker Building Location LFO - Lejeune/Flagler Office - 0000103500 Will driving be required as part of position duties/work? No Driving Record Validation For all positions indicating driving requirements, supplier must hold validation of non-restricted current driver''s license and demonstrate the following: no alcohol/drug related driving offenses within the previous five years and/or the license is not currently suspended or restricted related to hours of driving or reason for driving. Additional Job Details JD attached WORD doc Will Per Diem and Mob/De-Mob expense types be available for this requisition? No If Per Diem is available, please indicate the maximum amount: 0 If Nuclear Business Unit: On-Boarding Note Nuclear workers requiring unescorted badge access will follow onsite in-processing procedures.
All others will be required to complete Non-Nuclear pre-assignment screenings through their staffing supplier.
Please contact CWP with any questions: cwp@nexteraenergy.com or 561-694-4761. Will the selected worker require unescorted badge access into Nuclear protected areas? No Is NERC CIP unescorted physical or cyber access required for this assignment? Yes Which NERC access is needed? NERC CIP Unescorted Cyber access Is Federal Energy Regulatory Commission access required? Yes Shift Type Standard Shift (8-5) Hours per Day 8 Hours per Week 40 Total Hours 2,088.00

Attachment -

This job description is for a Lead Operations/Support for Identity & Access Management (IAM) tools and processes.
The IAM Operations & Support Leader owns the reliability, security, and compliance of enterprise identity services across on - prem and cloud environments.
This role leads 24x7 service delivery for identity governance and administration and privileged access, ensuring resilient operations, excellent user experience, and audit-ready controls.
The leader manages a multidisciplinary team and vendor partners, drives automation and continuous improvement, and aligns service outcomes to business, SOX, and NERC - CIP requirements.

Scale: Enterprise Windows, Enterprise Linux, hybrid AD/Azure AD, SailPoint Identity Security Cloud, One Identity Safeguard (including Safeguard for Sudo and Safeguard Authentication Services), SSO/MFA, HRIS integrations (SAP SuccessFactors, SAP Fieldglass), CyberArk Privileged Access Management.
Coverage: 24x7 operations, global user base, regulated utility environment.

Essential Duties and Responsibilities

Service Ownership and Strategy
1.1 Define the IAM operations strategy, service catalog, SLAs/SLOs/SLIs, and operational roadmaps aligned to business risk and compliance goals.
1.2 Establish SRE-aligned practices for availability, performance, capacity, and resilience, including error budgets and reliability targets.
1.3 Maintain the end-to-end service architecture and dependency maps for identity, SSO/MFA, PAM, and provisioning services.

Operations and Service Delivery
2.1 Lead day-to-day operations for AD/Azure AD, SailPoint ISC, SSO/MFA, PAM, Linux/macos directory integrations, and identity data pipelines.
2.2 Build and manage a tiered L1/L2/L3 support model, on-call rotations, runbooks, KB articles, and self-service tooling.
2.3 Drive monitoring/alerting, event correlation, and proactive problem detection using SIEM/observability platforms.

Incident, Problem, and Change Management (ITIL)
3.1 Serve as Major Incident Commander for IAM incidents; reduce MTTR via automation, diagnostics, and clear escalation paths.
3.2 Run formal problem management, RCAs, post-incident reviews, and corrective action tracking.
3.3 Govern changes through CAB/ECAB, maintenance windows, and release calendars; optimize change success rate.

Platform Administration and Reliability Engineering
4.1 Ensure healthy operations of SailPoint Identity Security Cloud (connectors, provisioning jobs, access certifications), Azure AD/AD (sync, domain controllers, GPOs), and One Identity Safeguard (PAM vaults, session mgmt, Sudo, SAS for Linux/macOS).
4.2 Oversee upgrades, patching, capacity planning, HA/DR, backups, and configuration baselines; validate failover and recovery procedures.
4.3 Manage API usage, throttling, and integration resiliency with HRIS, ITSM, SIEM/SOAR, and application endpoints.

Identity Lifecycle and Provisioning
5.1 Operate joiner-mover-leaver processes sourced from SAP SuccessFactors/Fieldglass, including role/birthright access and approvals.
5.2 Ensure accurate, timely provisioning/deprovisioning to directories, SaaS, and on - prem apps; remediate orphaned accounts and access drift.
5.3 Govern AD group and entitlement hygiene, bulk UID creation and mapping, and automated GID/role assignments at scale.

Privileged Access Management (PAM) and Unix/macOS Controls
6.1 Enforce vaulting, rotation, session recording, and JIT elevation via One Identity Safeguard; expand coverage and remove standing privilege.
6.2 Standardize and audit sudoers policies and Safeguard Authentication Services across Linux/macOS fleets; centralize policy distribution and logs.
6.3 Integrate PAM telemetry with SIEM; drive least privilege and break-glass controls with continuous testing.

Security, Risk, and Compliance
7.1 Maintain controls for SOX, NERC - CIP, NIST 800 - 53/63, and IAM best practices; keep services audit - ready with evidence automation.
7.2 Support access certifications, entitlement reviews, SoD/toxic combination policies, and quarterly control attestations.
7.3 Partner with security and audit teams on risk assessments, control testing, and remediation tracking.

Automation and Continuous Improvement
8.1 Implement policy - as - code and configuration - as - code for IAM platforms; leverage CI/CD for safe, repeatable changes.
8.2 Automate monitoring, provisioning workflows, connector health checks, and evidence collection via APIs, PowerShell/Python, and orchestration tools.
8.3 Lead guided automated deployments, UAT frameworks, regression testing, and performance baselining.

Stakeholder Engagement and Communications
9.1 Publish service health dashboards, KPI reports (availability, MTTR, SLA attainment, certification completion), and executive briefings.
9.2 Coordinate with Security, HR, IT Ops, and application owners on priorities, readiness, and release plans.
9.3 Manage service intake and expectations; escalate risks and trade-offs clearly with recommended actions.
Business Continuity and Resilience
10.1 Maintain DR/MCBP plans, recovery runbooks, and cyber recovery posture for identity services.
10.2 Conduct exercises (tabletops, failovers, chaos drills) and close gaps proactively.
10.3 Ensure privileged recovery capabilities and offline procedures are tested and documented.

Qualifications

Required Skills and Experience

Education: Bachelor's in Computer Science, Information Systems, Cybersecurity, or related field; equivalent experience considered.
Experience: 8+ years in IAM with 3+ years leading operations/support teams in large, regulated enterprises.
Platforms: SailPoint Identity Security Cloud (or IdentityNow/IIQ), Azure AD/Active Directory, One Identity Safeguard (PAM, Safeguard for Sudo, Safeguard Authentication Services), SSO/MFA; LDAP/Kerberos, SAML/OIDC/OAuth2, SCIM, PKI.
HRIS Integrations: Operating identity lifecycle fed by SAP SuccessFactors and SAP Fieldglass.
Systems: Enterprise Windows, Linux, and macOS identity integration at scale.
ITIL/SRE: Major incident leadership, problem/change management, SLAs/SLOs, observability, capacity and performance management.
Automation: Strong scripting (PowerShell, Python), API orchestration, configuration - as - code, and CI/CD practices.
Compliance: Demonstrated success maintaining SOX and NERC - CIP controls and passing audits.
Communication: Clear executive and technical communication, concise incident updates, and stakeholder management.

Preferred Qualifications
Certifications: CISSP, CISM, ITIL v4, Microsoft Entra/Azure Administrator, SailPoint, One Identity Safeguard; SAFe certifications a plus.
Cloud: AWS/Azure/GCP IAM fundamentals, secrets management, conditional access, and identity threat detection.
Tooling: Experience with SIEM/SOAR, Splunk/Elastic, Prometheus/Grafana/Datadog, ServiceNow ITSM/CMDB.
Delivery: Experience running UAT/regression suites for IAM changes; familiarity with PI Planning and Agile release trains.

Core Competencies and Attributes
Security - first and reliability - obsessed mindset with strong customer empathy.
Ownership and bias for action; calm, decisive incident leadership.
Strategic and operational balance; data - driven and metrics - focused.
Collaborative, diplomatic, and effective at influencing across teams and vendors.

Work Conditions
Participation in on - call rotation and off - hours maintenance windows as needed; occasional travel for team, vendor, or audit engagements.
Key Success Metrics
Service availability/SLO attainment, MTTR and incident volume trend, change success rate, provisioning SLA compliance, certification completion on time, privileged account coverage and policy adherence, audit findings reduced/cleared, automation coverage and toil reduction.

---