IDAM Active Directory Senior Administrator

POSITION RESPONSIBILITIES

• Maintain, configure, and operate

  the Active Directory platform and related integrations, focusing on hands-on implementation and technical engineering across all domains, including corporate and OT environments.

• Monitor and ensure the performance, scalability, and security

  of all in-scope platforms, collaborating with a team to manage day-to-day tasks while stepping in directly to address critical issues or escalations as needed.

• Monitor and optimize system performance,

  ensuring maximum uptime, scalability, and security of IDAM and Directory services.

• Provide Level 2 (L2) and Level 3 (L3) support

  for directory-related issues, troubleshooting complex problems and delivering timely, high-quality user experiences.

• Participate in shift rotations

  to deliver 16x5 operations for IDAM services and provide off-hours escalation support for high-priority incidents (P1, P2).

• Plan, execute, and supervise installations, maintenance, and configuration changes

  across in-scope IDAM systems and services, utilizing coding and engineering expertise for efficient implementation.

• Drive adherence to global IDAM policies and processes,

  ensuring secure and efficient access to Zoetis information systems for all users.

• Lead, mentor, and develop a team

  of L2 and L3 administrators, analysts, and engineers, fostering professional growth while driving operational excellence and efficiency across all IDAM functions.

• Ensure close collaboration

  between the ZICC IDAM team and Service Desk, Site Services, and Security Operations teams to enhance IAM support processes and optimize cross-team workflows.

• Act as a hands-on technical subject matter expert,

  providing detailed coding, configuration, and engineering guidance for relevant IDAM programs and initiatives.

• Ensure compliance with global IDAM policies, processes, and regulatory requirements,

  delivering secure and efficient access to Zoetis information systems for all users. (100%)

ORGANIZATIONAL RELATIONSHIPS

• Reports to ZICC Directory & Authentication Technology Lead, with a dotted line to US-based Head of IDAM and IDAM Operations & Directory Services Leads.
• Part of the global Technology Risk Management organization, reporting to the Chief Information Security Officer (CISO).
• Collaborates regularly with ZTD application, business partner, and infrastructure teams.
• Interacts with external vendors or partners providing software, services, or APIs that require integration with IDAM systems, including establishing requirements, negotiating contracts, and facilitating technical integration.
• Collaborates with implementation partners responsible for deploying, configuring, or maintaining integrated solutions within Zoetis IT landscape.

EDUCATION AND EXPERIENCE

Education:

• University Degree in Computer Science or Information Systems is required.
• MS or advanced security/identity courses or other applicable certifications is desirable, including:
• Certified Information Systems Security Professional (CISSP).

Experience:

• Minimum 6+ years of experience in Information Systems.
• 4+ years of detailed, hands-on experience with IDAM, especially AD, SSO, PKI, MFA.
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
• Experience working with global teams across multiple time zones.
• Proven experience in managing medium to large-scale, global IT projects.
• Demonstrated ability to work within diverse technical teams.
• Proven experience in leading technical teams and managing end-to-end solution delivery.
• Strong experience collaborating with Managed Service Providers (MSPs), focusing on ensuring quality and alignment.

TECHNICAL SKILLS REQUIREMENTS

This is a detailed, hands-on technical role. The ideal candidate will demonstrate proficiency in these areas and provide leadership with respect to specific technologies:

Enterprise & Cloud Directories:

• In-depth expertise in

  Microsoft Active Directory (AD) management

  , including trust relationships and replication.
• Synchronization between

  EntraID

  and other systems using

  EntraID Connect

  .
• Expertise with

  AD support tools

  such as

  Quest Active Roles Server (ARS), Change Auditor

  , and

  Recovery Manager

  .
• Proficiency in

  PowerShell scripting

  for automation, troubleshooting, and administrative tasks.
• Strong understanding of

  Organizational Units (OUs), Group Policies, software distribution, and Group Management

  , including dynamic groups, nested group structures, and permissions management.
• Experience implementing and securing

  password policy and self-service password reset solutions

  and deploying passwordless authentication methods to enhance security and user convenience.
• Strong understanding of

  OT domains

  and their integration with directory services.
• Understanding of

  Microsoft EntraID (formerly Azure AD),

  including

  Conditional Access Policies, Modern Authentication, Single Sign-On (SSO),

  and

  B2B trusts

  .
• Strong understanding of

  messaging and mobile device management principles

  and technologies to ensure seamless integration with directory services.
• Experience with

  Linux authentication

  and integration with directory services is highly desirable.

Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Digital Certificates & Encryption:

• Expertise in

  Microsoft Certificate Authority

  and domain controller encryption.
• Experience with

  MFA solutions

  such as

  SafeNet MobilePass

  or similar platforms.

Disaster Recovery:

• Experience with disaster recovery processes from a directory services perspective, ensuring business continuity during outages.

Application Hosting & Privileged Access Management (PAM):

• Strong understanding of on-premise and

  IaaS application hosting activities,

  especially in

  Azure environments

  .
• Proficiency in

  PAM integration with directory services

  , including password vaulting, rotation, and

  Just-in-Time Access (JITA)

  .

End-User and Technology Team Support:

• Experience providing or supervising

  Level 2 (L2) and Level 3 (L3) support

  for identity and authentication issues for both end users and technology teams.
• Knowledge of troubleshooting authentication failures and collaborating with application teams to resolve availability issues.
• Familiarity with

  incident response

  and

  root cause analysis

  for authentication service outages, identity synchronization issues, and cybersecurity events.
• Experience working with

  Service Desk, Site Services, and Security Operations teams

  to enhance IAM support processes.

Desirable Skills & Additional Expertise:

• Privileged Access Management (PAM):

  Experience with tools like

  Delinea Secret Server

  and

  Netwrix

  for JITA is highly desirable.

• Identity Governance & Administration (IGA):

  Knowledge of

  SailPoint IdentityIQ

  for Identity Lifecycle, Access Request & Recertification, and User Provisioning/Deprovisioning is a plus.

• Microsoft Power Apps:

  Experience building or customizing forms and applications to enhance identity-related workflows is advantageous.

• Database & Data Analytics:

  Experience with

  SQL, Alteryx,

  and data warehousing concepts to streamline workflows and troubleshoot data-related issues is a plus.

Language Proficiency:

• Must be fluent in both written and spoken

  English

  , with the ability to clearly communicate across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS

• Availability to work between

  1pm IST to 10pm IST

  hours (minimum 3 hours of daily overlap with US ET Time zone).