Senior Director, Identity Governance

Hearst Technology is seeking an experienced, strategic and hands-on Sr. Director of Identity Governance to lead and operate the enterprise identity program across the Hearst Corporation. This is a senior leadership role for a deep practitioner of identity governance - someone who understands not just the tools, but the underlying principles that make an identity program effective at enterprise scale: how access should be modeled, how it should be granted and revoked, how it should be certified, and how governance policy translates into real controls that reduce risk.

The Senior. Director will own the full identity lifecycle across a complex, multi-brand enterprise supporting over 25,000 user accounts across 360+ global businesses. This includes identity governance and administration (IGA), identity provider (IdP) and single sign-on (SSO) platforms, privileged access management (PAM), secrets management, and the Microsoft Active Directory and Entra ID environments that underpin them all. Operating as a platform-as-a-service model, this role delivers identity services to internal Hearst business divisions. The Sr. Director will architect, design and oversee the engineering of enterprise identity solutions; manage a team of 5-9 identity professionals; and drive vendor relationships, licensing strategy and IT cost optimization across the identity portfolio.

• Co-author enterprise IAM policies and standards in partnership with Information Security, Risk and Compliance, providing clear guidance and guardrails for all Hearst business units on identity, access and directory practices.

• Lead the design and operation of access certification programs, ensuring timely, risk-appropriate review of entitlements across applications, infrastructure and privileged systems.

• Architect and mature the enterprise role model, including role-based access control (RBAC) design, role mining, role lifecycle management and separation of duties (SoD) frameworks.

• Drive the joiner/mover/leaver (JML) lifecycle program, ensuring identity provisioning and deprovisioning is accurate, automated where possible, and tightly integrated with HR systems of record.

• Establish and enforce least-privilege principles across the enterprise, with a structured approach to identifying and remediating access sprawl, orphaned accounts and over-privileged roles.

• Participate in and support audit activities conducted by internal audit, external auditors and regulatory bodies, providing documentation, walkthroughs and remediation support as required.

• Partner with the Information Security, Risk and Compliance teams to ensure identity governance controls satisfy SOX, HIPAA and PCI DSS requirements, and support audit activities with documentation, walkthroughs and evidence.

• Define and execute the multi-year strategy for Hearst’s enterprise identity program, spanning governance, access management, privileged access, secrets management and directory services, aligned with corporate security, compliance and technology objectives.

• Serve as the enterprise subject matter authority on identity governance principles and practice.

• Partner with IT leadership and business unit technology leaders to drive adoption, integration and continuous improvement of identity services across the Hearst portfolio.

• Develop and maintain the identity program roadmap, balancing platform stability, security posture and evolving business needs.

• Represent the identity program in senior leadership forums, steering committees and technology strategy discussions.

• Champion an automation-first and AI-forward approach across the identity program, identifying opportunities to apply automation, AI and generative AI to drive process efficiency, reduce operational cost and accelerate delivery of identity services.

• Lead the architecture and design of enterprise identity solutions, including single sign-on (SSO), multi-factor authentication (MFA), identity lifecycle management, role-based access controls (RBAC), privileged access, and secrets management.

• Oversee and contribute to engineering efforts across the identity platform portfolio, spanning IGA, IdP/SSO, PAM and secrets management capabilities.

• Govern the Microsoft Active Directory and Entra ID environments, including hybrid identity design, Conditional Access policy, directory synchronization and integration with cloud and SaaS platforms.

• Drive the design and implementation of identity integrations with cloud infrastructure (AWS, Azure, GCP), SaaS applications, HR systems and enterprise applications.

• Establish and enforce identity standards, reference architectures and engineering best practices across Hearst Technology and business unit partners.

• Evaluate and recommend emerging identity technologies, frameworks and vendors to continuously advance Hearst’s identity capabilities.

• Own the reliable, secure and scalable operation of Hearst’s full enterprise identity platform - including IGA, IdP/SSO, PAM, secrets management and directory services - serving as an internal platform-as-a-service provider to Hearst’s business divisions.

• Establish and monitor service-level objectives (SLOs), key performance indicators (KPIs) and operational health metrics for all identity services.

• Develop and maintain operational runbooks, service catalogs and self-service capabilities that enable internal business unit customers to onboard and consume identity services efficiently.

• Ensure high availability, disaster recovery and business continuity of identity systems across the enterprise.

• Drive continuous improvement in platform reliability, operational efficiency and cost-to-serve by applying an automation-first mindset - leveraging scripting, orchestration, AI and generative AI capabilities to reduce manual effort, accelerate identity processes and improve service quality.

• Lead, mentor and develop a high-performing identity team of 5–9 direct reports, including engineers, architects and operational staff.

• Establish clear goals, performance expectations and development plans for each team member, fostering a culture of accountability, continuous learning and professional growth.

• Recruit, onboard and retain top identity talent, building team depth and succession coverage across critical functions.

• Foster a collaborative, inclusive team culture aligned with Hearst’s values and commitment to diversity, equity and inclusion.

• Own all vendor relationships within the identity portfolio, spanning IGA, IdP/SSO, PAM, secrets management and directory tooling providers.

• Lead contract negotiations, renewals and RFP processes for identity platforms and services, partnering with Procurement and Legal as appropriate.

• Manage license entitlements, consumption tracking and true-up processes to ensure compliance and cost efficiency.

• Drive IT cost optimization initiatives within the identity portfolio, identifying opportunities to consolidate tools, reduce license waste and maximize return on investment.

• Develop and manage the identity program budget, including capital and operating expense planning, Technical Project Manager planning, forecasting and variance reporting.

• Build and maintain strong partnerships with Hearst’s business division technology teams, serving as a trusted advisor and primary escalation point for identity services.

• Develop and communicate a clear service catalog for identity platform offerings, enabling business units to understand and consume available services effectively.

• Lead regular business reviews with key internal customers, gathering feedback and translating it into program improvements.

• Communicate identity program status, risks, milestones and value delivery to senior leadership and executive stakeholders.

Qualifications

• 15+ years of progressive IT experience, with at least 10 years in identity governance, identity and access management, or a closely related discipline.

• 4+ years in a people management capacity, with demonstrated success leading and developing technical teams.

• Deep, principled understanding of identity governance concepts: joiner/mover/leaver lifecycle design, role engineering and RBAC modeling, access certification program design, separation of duties frameworks, least-privilege strategy, entitlement ownership models, and identity policy development. Candidates should be able to discuss these concepts independently of any specific tool or platform.

• Proven track record designing and maturing enterprise IGA programs at scale, including building or significantly advancing certification, provisioning and role management capabilities in complex, multi-application environments.

• Hands-on experience operating Identity Governance & Administration (IGA) platforms such as SailPoint, Saviynt, One Identity, Microsoft Entra ID Governance, or similar; depth in IGA concepts is required, specific vendor experience is transferable.

• Hands-on experience operating Identity Provider (IdP) and SSO platforms such as Okta, Microsoft Entra ID, Ping Identity, ForgeRock, or similar; depth in federation protocols (SAML, OAuth 2.0, OpenID Connect, SCIM) and access policy design is required.

• Working knowledge of Privileged Access Management (PAM) concepts and platforms such as CyberArk, BeyondTrust, Delinea or similar, including vault design, just-in-time access and session management.

• Working knowledge of secrets management platforms and practices, including integration patterns with applications and CI/CD pipelines.

• Solid understanding of Windows Active Directory and Microsoft Entra ID in a hybrid enterprise environment, including Group Policy, directory synchronization and Conditional Access.

• Experience supporting compliance programs involving SOX, HIPAA and/or PCI DSS access controls, including audit participation and evidence preparation.

• Demonstrated experience managing vendor relationships, software licensing, contract negotiations and IT cost optimization.

• Strong executive communication skills with the ability to translate complex identity governance concepts for non-technical stakeholders.

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity or a related field, or equivalent professional experience.

• Experience building or operating identity programs in a large, diversified enterprise serving multiple distinct business divisions or brands.

• Experience delivering identity governance in a shared-services or platform-as-a-service model with internal business unit customers.

• Familiarity with identity threat detection and response (ITDR) tools and methodologies.

• Experience developing and implementing zero-trust architecture principles within an identity program.

• Relevant certifications such as CISSP, CISM, Certified Identity and Access Manager (CIAM), Microsoft Certified: Identity and Access Administrator, or SailPoint Certified Engineer.

In accordance with applicable law, Hearst is required to include a reasonable estimate of the compensation for this role if hired in New York City. The reasonable estimate, if hired in New York City, is $215,000 to $235,000. Please note this information is specific to those hired in New York City. For candidates outside New York City, the salary range will be aligned with the specific location. A final decision on the successful candidate’s starting salary will be based on a number of permissible, non-discriminatory factors, including but not limited to skills, experience, training, certifications, and education.  Hearst provides a competitive benefits package, including medical, dental, vision, disability, and life insurance, 401(k), paid holidays and paid time off, employee assistance programs, and more.