Washington DC

Identity and Access Management Senior Specialist

CM Legal

Identity & Access Management Senior Specialist
Summary: The Access Management Senior Specialist is responsible for ensuring that the Firm designs and implements appropriate identity and access management controls. The Senior Specialist operates a focused, thematic risk and control program that sets expectations for all identity and access management topics, including physical and logical authentication for employees and clients, access control, entitlements and re-certifications, privileged user access, and identity proofing. This is a highly technical role with requires hands-on, collaborative work with stakeholders and IT implementers.

  • Bachelor's degree in Computer Science or Engineering preferred; advanced degree and CISSP certification preferred.
  • Requires 15+ years' experience in cybersecurity, with 5+ years’ experience executing security advisory or oversight programs.
  • Expert working knowledge in password managers, privileged user credential management systems, entitlement review systems, authentication technologies such as biometrics or hardware tokens, single sign-on (SSO) technologies such as SAML and OIDC, access brokers, physical access and/or identity proofing systems.
  • Exceptional interpersonal skills; success in the role requires the ability to influence and persuade.
  • Ability to advise business and technology teams in matters of Identity Management including authentication, authorization, token management, API validation, and more.
  • Effective written and oral communications skills.

Duties and Responsibilities:

  • Defines, documents, and manages the Access Management security oversight programs, including charters, roadmaps, plans, and milestones for risk assessments and control implementations.
  • Works with process and asset owners to ensure program goals are being achieved. This role will work with the Physical Security Operations, Risk Operations, Information Technology Services, Information Resource Services, Human Resources, and the Practice Services and Support teams.
  • Regularly reports on program progress to the CISO and other senior stakeholders as appropriate, using defined Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to highlight control adoption gaps, identify areas of strong or weak performance, or quantify risks, respectively.
  • Develops and reviews processes for on-boarding new users to downstream application platforms.
  • Evaluates and manages identities across complex applications.
  • Performs other duties as assigned.



  • Max. file size: 300 MB.

Every connection begins with a conversation. Begin the legal recruitment process now.