Engineering Manager - Identity & Access Management

About the Role:

The New York Times is seeking a hands-on technical leader who will build and lead the team responsible for identity platforms and access orchestration across the enterprise. This role and team sit within the Cybersecurity Department, but their mandate covers the entire NYT organization.

In this role, you will own complex initiatives end‑to‑end, shape the long-term identity roadmap, and ensure that our identity and access controls are secure, strategic, and scalable. You will partner closely with teams across the Cybersecurity and Technology departments to drive strategic work across our core platforms, with a focus on automation, lifecycle workflows, and access governance. This is a people‑manager role with significant technical depth: you will coach and grow engineers while remaining close enough to the work to guide architecture and technical implementation.

Cybersecurity helps prevent The Times from becoming news. Our mission is to protect staff, subscribers, sources, and the intellectual property of The New York Times and its subsidiaries from unauthorized access, damage, and disclosure.

Responsibilities:

• Own the strategic direction and multi-year roadmap for enterprise Identity and Access Management initiatives, taking into account departmental and company objectives.
• Lead the execution of a Group Lifecycle Management strategy by leveraging a new Identity Governance and Administration layer, and help operationalize this strategy across relevant systems.
• Work with product and platform teams to model roles and access profiles that balance security and productivity.
• Partner with Enterprise Technology and Developer Platforms to implement and operate identity orchestration for provisioning, deprovisioning, and access reviews across key systems.
• Define and implement patterns for privileged access management and just‑in‑time elevation, especially for cloud and production roles.
• Be a thought leader for Identity in cross-functional initiatives like conditional access which impact thousands of NYT employees.
• Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world.
• You will report to the Senior Director, Cybersecurity.

Basic Qualifications:

• 8+ years of experience in software engineering, security engineering, or identity engineering, with 3+ years in a technical leadership or engineering management role (formal people management or tech‑lead experience)
• Experience designing and operating identity systems or platforms at scale, such as:
  • Entra/Azure AD and/or Active Directory
  • SSO and federation (OIDC/SAML)
  • SCIM‑based provisioning and group lifecycle management
  • Identity governance / access orchestration platforms (e.g., ConductorOne, SailPoint, Entra ID Governance, or similar)
• Strong understanding of security controls across multiple domains, including access management, authentication/authorization, privileged access, and endpoint/device posture
• Hands‑on familiarity with cloud platforms (AWS and/or GCP) and best practices for securing identity and access in those environments
• Working knowledge of engineering practices (CI/CD, GitOps, IaC) and how identity and access controls integrate into those workflows
• Familiarity with ConductorOne or similar identity orchestration platforms and experience implementing them

Preferred Qualifications:

• Experience leading or implementing:
  • Identity governance and administration (IGA) rollouts
  • Conditional access and device trust strategies (e.g., hardware MFA, high‑risk user/location controls)
• Experience with Terraform or similar IaC tools to manage Entra/AD, cloud IAM, and/or Google Org configuration

This role may require limited on-call hours. An on-call schedule will be determined when you join, taking into account team size and other variables.

#LI-Hybrid

REQ-020028