Skip to main content

7 Things to Look for When Hiring Your IAM Manager

August 05, 2013

Recently, Dave Kearns at KuppingerCole resurrected the concept of an Identity Officer asking at what level in a company it might exist and whether it made sense. As an end-to-end security and Identity & Access Management (IAM) consultancy, we often witness the importance of an effective IAM manager both to IAM-specific initiatives and the larger cyber security picture. We may not always recommend adding a separate Chief Identity Officer when we’ve seen a number of  CIO’s, CTO’s and CISO’s manage IAM programs effectively, but we DO believe in the importance of having a manager or director focused on IAM.

In the last two years we’ve seen a number of organizations actively evaluating candidates for IAM management vacancies. Having heard the horror stories of costly IAM-related overruns and failed IAM projects, many organizations are now taking a more cautious approach and not moving forward with IAM investment until the “right” IAM Manager is in place. Unfortunately, as it sometimes happens during the hiring process, the right candidate doesn’t always fill that request, and as a direct result, the 5 Causes of IAM Project Failure can come into play.

  • Lack of aligned stakeholders or cross-functional department buy-in
  • Lack of executive sponsorship
  • Lack of effective day-to-day project or program management
  • Unrealistic expectations (time, money, internal impacts, process change) or improperly set expectations
  • Lack of long-term IAM plan or roadmap; lack of an IAM endgame

The right candidate will be able to drive and own the multi-level communication, the long term planning and consensus building that comes with a successful IAM Program.

On a positive note, we have also seen what happens when the right candidate is in place and, over the years, have been able to advise customers on what traits and experiences to look for when hiring a good IAM Manager.

  • Experience working with applications and systems that cause widespread process change or require collaboration across many cross functionality groups (i.e. ERP or CRM deployment).  IAM experience is great, but it can also be learned. We find that candidates with backgrounds related to things like ERP deployments tend to adapt very quickly to the nuances of IAM.  They understand the communication and patience necessary to get disparate groups within their organization on board with IAM investment.
  • Breadth AND depth of IAM experience. The definition of IAM is rapidly expanding. It used to be just provisioning and role management but has since morphed into true access governance, Privileged Access Management, federation, cloud services, IDaaS, integration with DLP solutions, SIEM solutions, etc.
  • Experience with process change, definition and improvement rather than deep technology knowledge. Technology can be learned, but it’s much harder to teach how to build consensus between disparate teams in an organization or how to successfully sell an IAM business case up the management chain. Focus on experience that deals with an understanding of process change, definition and improvement and avoid hiring candidates who are focused on one technology vendor because that’s all they know.
  • Vertical industry experience. The candidate should have experience working in the organization’s industry vertical (i.e. healthcare), but additional industry verticals are even better. You never know when your company will diversify, be acquired or even partner with another company that may not be in your immediate market.
  • Technical project management experience. Candidates with technical project management experience bring an understanding of both how to manage complex projects and what it takes to be successful with an IAM program.
  • Experience managing others from an HR perspective as well as hiring and growing resources. It’s important that the teams they’ve managed have folks with varying levels of experience and ages and have demonstrated growth under the candidate’s guidance. It is difficult to build a team and a program with all senior resources, which makes teamwork and mentoring all the more important. These candidates often have the ability to evaluate and engage outside assistance to execute their IAM plans. Working effectively with integrators like FishNet Security can often improve an organization’s chances of IAM success.
  • "The team, the team, the team." To paraphrase the great Bo Schembechler, you don’t want candidates that give the impression they are “playing for a contract.” This is often displayed by an excessive use of the “I’s” - “I did this” or “I did that” - instead of “we” or “they.” When hiring, you want to create a team and a program that are represented by highly functioning, likeminded, team-focused individuals. In order to run that type of team, you need an IAM Manager whose first priority is the prosperity of that team and not individual accolades.

IAM investment will always be fraught with challenges and risk of failure due to its complexity and business focus. However, with the right IAM Manager in place to champion IAM in your organization, manage the day-to-day program and its governance and act as the central point of communication and escalation, you can reduce those risks and become a case study for IAM success.

    Bryan Wiese

By: Bryan Wiese

Vice President, Identity and Access Management

See More

Related Blogs

December 02, 2013

5 IDaaS Questions Answered

As we start to see more and more potential Identity as a Service (IDaaS) opportunities appear, we’re being asked about IDaaS and its viability. This p...

See Details

December 18, 2017

Security vs. End User Experience – Find the Balance

Have we become so focused on serving our customers that we are willing to cut corners for the sake of speed and convenience, only to subject the organ...

See Details

October 06, 2017

Avoid User in Training

Often when I’m onsite with clients, gathering requirements for an identity and access management (IAM) solution implementation, I’m asked, “What are s...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

May 18, 2017

What We Look for When Staffing Cyber Security Positions

It’s a well-known fact that there is a talent gap in the security industry. There are simply not enough qualified people to staff the positions in our...

See Details

April 23, 2014

INFOGRAPHIC: Making Sense of IAM

Let’s face it, developing an Identity & Access Management (IAM) program can be a complex undertaking that must be tailored to each organization’s uniq...

See Details

September 18, 2014

Cybersecurity Awareness & End User Training

You’ve probably seen the news about companies around the world being hacked. These are companies that have millions of dollars invested in technology ...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.