Influence and drive the roadmap and delivery for enterprise authentication services across multiple Microsoft Entra ID tenants, establishing operational objectives and work plans that ensure consistent security controls, lifecycle management, and service reliability. Own and govern federation services, including Ping. Federate/ Ping. One components and Entra ID federation configurations, ensuring high availability, secure configuration baselines, certificate/key management, and resilient failover. Establish and enforce MFA and SSO standards for enterprise applications, including onboarding patterns, authentication methods, step-up authentication, and user experience guardrails. Partner with cybersecurity, architecture, and application teams to design and implement conditional access patterns, risk-based access decisions, and modern authentication protocols (e.g., SAML, OIDC/ O - Auth) where applicable. Partner with IAM Operations, Architecture, and Software Development teams and leadership. Provide leadership and direction for day-to-day engineering: incident response, problem management, change management, release planning, maintenance windows, and service reliability objectives for authentication platforms. Drive automation to remove friction from manual processes (e.g., application onboarding, federation configuration validation, certificate rotation, access policy deployment) and improve speed, quality, and traceability. Manage vendor and partner relationships related to authentication and federation technologies; oversee the department budget for tools and services, including licensing and renewals, with an emphasis on operational effectiveness and measurable outcomes. Lead and develop a high-performing team of 4 direct reports and multiple offshore-based staff members; set clear expectations, coach and mentor managers/engineers, conduct performance management, develop succession plans, and foster a culture of accountability, collaboration, and continuous improvement. Develop and report KPIs and operational metrics (e.g., availability, authentication success rates, MFA adoption, onboarding lead time, incident trends) to management and stakeholders, providing clear status, risks, and mitigation plans. Serve as an escalation point for authentication outages and high-severity security events; coordinate communications and remediation across technical and business stakeholders. Experience partnering with risk, audit, and compliance teams to implement and evidence controls. Perform other duties as assigned. Qualifications. Basic Requirements: Bachelor’s degree or equivalent work experience . years of experience in identity and access management, authentication engineering, or security engineering or architecture . years of management experience leading technical teams delivering highly available services. Understanding of Microsoft Entra ID (Azure AD), including multi-tenant/complex enterprise environments. Understanding of federation services and SSO integrations (e.g., Ping. Federate/ Ping. One and/or comparable federation stacks) and common protocols (SAML 2.0, OIDC, O - Auth 2.0). Understanding of MFA methods and authentication assurance. Demonstrated ability to communicate complex security and identity concepts to both technical and executive audiences and influence without direct authority. Desired Characteristics: Experience designing authentication architecture for large enterprises with multiple identity providers, complex tenant topologies, mergers/acquisitions, and hybrid dependencies. Experience with Entra Conditional Access, Authentication Strengths, Identity Protection, and privileged access concepts (e.g., PAM, PIM) as they relate to securing authentication. Strong background in service management and reliability practices (SRE concepts, SL - Is/ SL - Os, capacity planning, disaster recovery testing). Experience integrating authentication with endpoint/device trust signals and modern device management (e.g., Intune) to support phishing-resistant access patterns. Familiarity with zero trust and least privilege frameworks and how they translate into authentication and access decisioning. Experience building automation and deployment pipelines for identity configuration (e.g., infrastructure / configuration as code for policy and federation settings). Relevant certifications preferred (e.g., CISSP, CISM, Microsoft identity/security certifications, or comparable). Proven ability to develop talent, build cross-functional partnerships, and drive a positive security culture. Additional Requirements: Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence. This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $175 k - $210 k (bonus eligible) We are accepting applications for this position on an ongoing basis.