CHEP helps move more goods to more people, in more places than any other organization on earth via our 347 million pallets, crates and containers. We employ approximately 13,000 people and operate in 60 countries. Through our pioneering and sustainable share-and-reuse business model, the world’s biggest brands trust us to help them transport their goods more efficiently, safely and with less environmental impact.
What does that mean for you? You’ll join an international organization big enough to take you anywhere, and small enough to get you there sooner. You’ll help change how goods get to market and contribute to global sustainability. You’ll be empowered to bring your authentic self to work and be surrounded by diverse and driven professionals. And you can maximize your work-life balance and flexibility through our Hybrid Work Model.
Key Responsibilities May Include:
Position Purpose
Engineer and enhance Identity Access Management (IAM) solutions to strengthen organizational security and support a zero-trust architecture.
Drive the development and integration of authentication, lifecycle governance, and customer IAM capabilities in line with strategic security objectives.
Collaborate across teams to ensure robust, compliant, and user-friendly IAM processes and technologies.
** YOUR MISSION ** – WHAT WILL YOU DO? **
Lead the build, configuration, and deployment of secure email, messaging, authentication (MFA, SSO), and identity lifecycle management solutions.
Develop and implement new IAM capabilities and enhancements as outlined in the IAM strategic roadmap.
Recommend and integrate additional IAM solutions or controls to improve frontline security defences.
Participate in the deployment and initial configuration of new IAM technologies, ensuring alignment with standards and best practices.
Establish and enforce IAM policies and procedures to maintain compliance with relevant regulations.
Coordinate with cross-functional teams to ensure seamless integration and operation of IAM solutions.
Provide training and support to users on IAM policies, procedures, and technologies.
Act as the escalation point for complex IAM issues, maintaining operational excellence and continuous improvement in IAM processes.
** WHAT WE ARE LOOKING FOR ** :
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Information Security, or a closely related field (or equivalent combination of education and experience). Many roles accept relevant professional experience in lieu of a degree, but a 4-year degree remains the most common baseline.
Professional experience in IAM or related cybersecurity fields — typically 3–7+ years depending on the role level (e.g., 3–5 years for mid-level IAM Engineer; 5–10+ for senior/principal roles). Hands-on experience with identity lifecycle management, access provisioning/de-provisioning, or access reviews is highly valued.
Strong knowledge of core IAM concepts and protocols — including authentication, authorization, RBAC (Role-Based Access Control), PBAC, SSO (Single Sign-On), MFA (Multi-Factor Authentication), federation, and standards like SAML, OAuth 2.0, OIDC, LDAP, and JWT.
Hands-on experience with leading IAM platforms/tools — such as Okta, SailPoint, Microsoft Entra ID (Azure AD), Ping Identity/ForgeRock, CyberArk (for PAM), Saviynt, or similar. Familiarity with at least one or two major vendors is often explicitly required.
Experience with directory services and identity stores — particularly Active Directory (AD), Entra ID/Azure AD, LDAP directories, or cloud identity solutions. Many roles emphasize hybrid/on-premises + cloud directory management.
Understanding of compliance, regulatory frameworks, and security standards — knowledge of NIST, ISO 27001, GDPR, HIPAA, SOX, PCI-DSS, COBIT, or Zero Trust principles. Ability to align IAM processes with audit and governance requirements is critical.
Cloud platform familiarity — experience integrating IAM with major cloud providers like AWS IAM, Azure AD/Entra ID, Google Cloud Identity, or multi-cloud environments. Cloud IAM is now a near-universal expectation.
Scripting and automation skills — proficiency in languages/tools such as PowerShell, Python, JavaScript, REST APIs, or BeanShell for automating IAM workflows, custom connectors, or integrations.
Strong communication and collaboration skills — excellent verbal and written English communication (critical for English-speaking roles), ability to explain complex IAM concepts to both technical and non-technical stakeholders (e.g., business leaders, auditors), and experience working cross-functionally in teams.
Relevant certifications (preferred or required in many postings) — common ones include CISSP, CISM, Okta Certified Professional, SailPoint Certified IdentityIQ Engineer, Microsoft Certified: Identity and Access Administrator, GIAC certifications, or vendor-neutral ones like Certified Identity and Access Manager (CIAM) from Identity Management Institute.
Fluency in English language
** WHAT WE OFFER **
* The benefit package for employees outside of the Czech Republic differs from the options listed below
Competitive salary package with annual bonus
Company car
Multisport card
Additional life insurance
Long term, international career growth & opportunities
Options to purchase CHEP/Brambles shares
3 Days paid leave for volunteering
Employee´s pension insurance plan (up to CZK 4100 monthly contribution)
25 the days of the annual holiday
5 sick days
Meal vouchers (225 CZK daily)
Cafeteria system to spend on health, culture, traveling, education, and purpose
We are an Equal Opportunity Employer, and we are committed to developing a diverse workforce in which everyone is treated fairly, with respect, and has the opportunity to contribute to business success while realizing his or her potential. This means harnessing the unique skills and experience that each individual brings and we do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state, or local protected class.
Individuals fraudulently misrepresenting themselves as Brambles or CHEP representatives have scheduled interviews and offered fraudulent employment opportunities with the intent to commit identity theft or solicit money. Brambles and CHEP never conduct interviews via online chat or request money as a term of employment. If you have a question as to the legitimacy of an interview or job offer, please contact us at recruitment@brambles.com.