Identity and Access Management Engineer

at  Lonza

Today, Lonza is a global leader in life sciences operating across three continents. While we work in science, there’s no magic formula to how we do it. Our greatest scientific solution is talented people working together, devising ideas that help businesses to help people. In exchange, we let our people own their careers. Their ideas, big and small, genuinely improve the world. And that’s the kind of work we want to be part of.
The IAM Engineer for directory services at Lonza, you will be responsible for the design, implementation, and management of Active Directory (AD) and Azure Active Directory (Azure AD) across the organization’s global infrastructure. Your role will involve ensuring the security, availability, and scalability of these directory services, which are critical to the company’s identity and access management framework. You will work closely with cybersecurity, IT operations, and business units to develop and enforce access control policies, manage user identities, and support seamless integration with both cloud and on-premises applications. Additionally, you will ensure that the directory services align with regulatory requirements such as GDPR and HIPAA, while continuously evaluating and adopting emerging technologies to enhance the organization’s security and operational efficiency.

Key responsibilities:

• Design and Implementation of Directory Services:
• Lead the design, deployment, and management of Active Directory (AD) and Azure Active Directory (Azure AD) environments, ensuring they are secure, scalable, and optimized for performance.
• Develop and implement policies for directory services that align with organizational security and compliance requirements, including GDPR and HIPAA.
• Collaboration with IAM Teams:
• Work closely with other IAM teams responsible for Identity Lifecycle, Privileged Access Management, Certificate Services, Application Lifecycle, Authentication, and Authorization to ensure seamless integration and consistent application of security policies across all identity-related areas.
• Integration and Automation:
• Develop and implement automation scripts and tools to streamline directory management tasks, domain provisioning, standardization in the OU structure and site provisioning & deprovisioning.
• Ensure seamless integration between AD, Azure AD, and other IAM tools, enabling a unified identity and access management platform.
• Security and Compliance:
• Implement and maintain strict security standards within directory services, ensuring that only authorized users have access to critical systems and data.
• Monitor and audit directory services for compliance with internal and external regulations, identifying and mitigating any security risks.
• Directory Services Optimization:
• Continuously evaluate and optimize the performance of directory services, implementing updates and patches as necessary.
• Lead efforts to migrate or upgrade directory services, ensuring minimal disruption to business operations.
• Support and Collaboration with Managed Services:
• Work closely with the IAM Managed Service team, providing them with technical guidance and support for the operational management of AD and Azure AD.
• Act as a customer concern point for complex directory services issues that cannot be resolved by the Managed Service team.
• Documentation and Training:
• Create and maintain comprehensive documentation for directory services architecture, processes, and policies.
• Deliver training and knowledge transfer to the IAM Managed Service team and other relevant collaborators.

Key requirements:

IAM KNOWLEDGE:

• Solid grasp of Identity and Access Management concepts, particularly in relation to directory services, authentication, authorization, and identity lifecycle management.
• Familiarity with other IAM domains such as Privileged Access Management (PAM), Certificate Services, and SSO/MFA solutions.

SCRIPTING AND AUTOMATION SKILLS:

• Proficiency in scripting languages such as PowerShell, Python, or similar, to automate directory management tasks and integrate with other IAM tools.

• Design and Implementation of Directory Services:
• Lead the design, deployment, and management of Active Directory (AD) and Azure Active Directory (Azure AD) environments, ensuring they are secure, scalable, and optimized for performance.
• Develop and implement policies for directory services that align with organizational security and compliance requirements, including GDPR and HIPAA.
• Collaboration with IAM Teams:
• Work closely with other IAM teams responsible for Identity Lifecycle, Privileged Access Management, Certificate Services, Application Lifecycle, Authentication, and Authorization to ensure seamless integration and consistent application of security policies across all identity-related areas.
• Integration and Automation:
• Develop and implement automation scripts and tools to streamline directory management tasks, domain provisioning, standardization in the OU structure and site provisioning & deprovisioning.
• Ensure seamless integration between AD, Azure AD, and other IAM tools, enabling a unified identity and access management platform.
• Security and Compliance:
• Implement and maintain strict security standards within directory services, ensuring that only authorized users have access to critical systems and data.
• Monitor and audit directory services for compliance with internal and external regulations, identifying and mitigating any security risks.
• Directory Services Optimization:
• Continuously evaluate and optimize the performance of directory services, implementing updates and patches as necessary.
• Lead efforts to migrate or upgrade directory services, ensuring minimal disruption to business operations.
• Support and Collaboration with Managed Services:
• Work closely with the IAM Managed Service team, providing them with technical guidance and support for the operational management of AD and Azure AD.
• Act as a customer concern point for complex directory services issues that cannot be resolved by the Managed Service team.
• Documentation and Training:
• Create and maintain comprehensive documentation for directory services architecture, processes, and policies.
• Deliver training and knowledge transfer to the IAM Managed Service team and other relevant collaborators