What You Will Do
Strategy and Leadership
- Own the strategic direction and roadmap for Confluent's internal access management program, with machine and workload identity as the durable center of gravity.
- Drive the program's maturity model from control-building toward sustained governance and least-privilege outcomes.
Machine & Workload Identity
- Lead the program to enforce service-to-service (S2S) authentication across Trust & Security-owned surfaces, taking ownership of the enforcement hand-off from the identity engineering team.
- Formalize non-human identity (NHI) — service accounts, keys, and workload credentials — from pilot into a funded, governed program.
- Stand up access controls for AI agents as agentic workloads acquire production access.
Access Governance & Standards
- Own the Access Management Standard and the policies that operationalize least privilege, separation of duties, and periodic access review across human and machine access.
- Ensure the standard keeps pace with the evolving access surface and remains audit-ready.
Metrics, Reporting & Governance Cadence
- Own access metrics and reporting (e.g., JIT/unilateral-access volume, broad-privilege usage, prod-access reduction).
- Define and track program OKRs and run the monthly execution and executive-review cadence, articulating risk posture and progress to senior leadership.
Cross-Functional Execution & Transitions
- Drive cross-functional delivery with engineering, platform, and identity teams without direct authority.
Integration with GRC and Partner Functions
- Ensure the access management program is tightly integrated with adjacent GRC domains and partner teams (Insider Threat, IT/Identity, Detection & Response, and engineering owners), with clear RACI across governance and operations.
What You Will Bring
Experience
- 8+ years in security program management, identity & access management, or a closely related security discipline.
- At least 3 years running an enterprise- or platform-scale access program in a technology company.
Technical Skills
- Deep expertise in identity and access management concepts: least privilege, separation of duties, RBAC/ABAC, just-in-time (JIT) and privileged access management (PAM), and access review/certification.
- Working knowledge of machine and workload identity — service-to-service authentication, non-human identity, service accounts, secrets/key management, and emerging AI-agent access patterns.
- Strong security engineering fundamentals across cloud infrastructure security controls in GCP, AWS, and/or Azure, including Kubernetes and cloud control-plane access models.
- Familiarity with identity platforms and access tooling (e.g., Okta, JIT/access-orchestration tooling) and how access controls are enforced in production.
Tooling and Automation
- Experience integrating access processes, controls, or findings into GRC and access-orchestration platforms.
- Bias toward automating access decisions over manual operations.
Program Management Skills
- Strong project management and organizational skills.
- Exceptional analytical and problem-solving skills, with a data-driven approach to decision-making.
- Experience running long-term, complex security programs that deliver iterative, measurable risk reduction.
Communication and Collaboration Skills
- Excellent written and verbal communication, with the ability to influence and lead without direct authority across engineering and security teams.
- Ability to articulate complex technical concepts and program status to executive-level audiences and technical teams alike.