AVP, Enterprise Authentication & Directory Services

Benefits

Additional Information

Role Summary/Purpose: The Assistant Vice President (AVP) of Enterprise Authentication & Directory Services is a high impact, technical executive responsible for the global architecture, engineering, and lifecycle management of the enterprise identity fabric at Synchrony . This leader will drive the strategic modernization of traditional, on-premises Active Directory (AD) environments into cloud-first, unified identity platforms centered on Microsoft Entra ID. The ideal candidate combines deep engineering expertise in directory infrastructure with advanced technical project management frameworks to execute secure, complex enterprise identity migrations on time and within scope. CORE RESPONSIBILITIES 1. Identity Strategy & Modernization (Active Directory to Entra ID) On-Premises Deprecation: Lead the multi-year modernization and migration roadmap and transition strategy away from legacy Active Directory Domain Services (AD DS) toward cloud native Microsoft Entra ID. Hybrid Architecture Design: Define architectural standards for a cohesive, resilient hybrid identity plane utilizing Azure AD Connect / Entra Cloud Sync while systematically reducing on-premises footprint. Database & App Integration: Govern authentication frameworks for enterprise systems (e.g., MySQL , Oracle ), ensuring secure schema optimization, seamless Entra ID App Registrations, and modern protocol connectivity. 2. Enterprise Technical Project Management Migration Delivery: Apply rigorous technical project management methodologies (Agile, Scrum, or Waterfall) to manage cross functional directory modernization pipelines. Resource & Milestone Tracking: Own the program budget, statement of work (SOW) validations, risk registers, and critical path scheduling for complex, multi-phased IAM rollouts. Change Management: Partner with Synchrony corporate change management teams to minimize business friction during global authentication updates, application cutovers, and user migrations. 3. Advanced Entra ID Architecture & Lifecycle Management Entra ID Governance : Overseeing Access Reviews , Entra Lifecycle Workflows (for automated joiner-mover-leaver processes), and Privileged Identity Management (PIM) to enforce just-in-time, least-privilege administrative access. Hybrid Synchronization & Decommissioning : Managing the transition from legacy Azure AD Connect to Entra Cloud Sync agent architectures, alongside systematically phasing out on-premises Active Directory Domain Services (AD DS). Entra ID App Registrations & Enterprise Apps : Governing the modernization of legacy application authentication by moving from local LDAP/Kerberos binds to modern Entra service principals, managed identities, and OAuth/OIDC permissions. 4. Next-Generation Security & Access Control Entra Conditional Access : Designing complex, contextual security boundary policies (incorporating user risk, sign-in risk, device compliance, and trusted locations). Entra ID Protection : Tuning machine-learning risk engines to detect, block, or force self-service password resets for compromised credentials or anomalous user behavior. Entra Verified ID : Strategizing long-term digital identity initiatives using decentralized identities and verifiable credentials for secure, B2B, or partner authentication. 5. Network & Infrastructure Security (Zero Trust Security Edge) Entra Private Access : Overseeing the replacement of traditional corporate VPNs by routing traffic to internal hybrid environments (like your MySQL servers) securely via a Zero Trust network access (ZTNA) model. Entra Internet Access : Deploying Secure Web Gateway (SWG) policies to protect users from malicious web traffic while monitoring cloud application access. Entra External ID : Architecting multi-tenant collaborations, B2B guest user lifecycles, and consumer-facing authentication flows. 6. Engineering & Operations Leadership Team Leadership: Recruit, mentor, and lead a high-performing team of identity engineers, directory architects, and technical project managers. Platform Availability: Ensure 99.99% availability of global directory infrastructure, establishing robust Entra Connect health monitors, disaster recovery, and automated failover pipelines. REQUIRED TECHNICAL SKILLS & QUALIFICATIONS Technical Proficiencies Microsoft Identity Ecosystem: Mastery of Microsoft Active Directory (AD), Microsoft Entra ID (Azure AD), Azure AD Connect, Entra ID Governance, and Entra ID Protection. Directory Management: Strong foundational knowledge of Group Policy Objects (GPOs), Active Directory trust relationships, and domain consolidation strategies. Authentication & Protocols: Deep knowledge of LDAP, Kerberos, NTLM decommissioning, SAML 2.0, OIDC, OAuth, and modern API-driven identity patterns. PAM & Vaulting: Hands-on governance of Privileged Access Management platforms, specifically Delinea or equivalent secrets vaults. Project & Program Management Competencies Framework Proficiency: Proven exp