Are You Ready to Make It Happen at Mondelēz International?
Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours.
About this Job
Mondelez International is hiring a Senior Manager – IAM Product Lead (Directory Services & Certificate Lifecycle Management)
Locations - Remote in the United States
Role Overview:
We are seeking a Senior Manager – IAM Product Lead (Directory Services & Certificate Lifecycle Management) to lead the strategy, engineering, and lifecycle management of enterprise directory and machine identity platforms within our global Identity and Access Management (IAM) organization.
Operating within a product operating model, this role owns the Directory Services and Certificate Lifecycle Management platforms end-to-end, including strategy, roadmap, architecture, engineering delivery, resilience, and governance. The role leads the operation and modernization of a global multi-domain, multi-forest identity environment spanning Active Directory, Microsoft Entra ID, and cloud identity integrations, while overseeing the enterprise certificate lifecycle management program.
This position plays a critical role in strengthening the organization’s identity security posture by reducing the technical attack surface, securing hybrid identity platforms across on-premise and cloud environments, and advancing automation through scripting and modern DevSecOps practices. Success in this role requires deep expertise in identity security architecture, Infrastructure as Code (IaC), and end-to-end certificate lifecycle management.
Key Responsibilities
Leadership – IAM Policy, Strategy & Roadmap
Own the strategic direction and roadmap for enterprise Directory Services and Certificate Lifecycle Management platforms within the IAM product portfolio.
Define and drive multi-year platform strategy aligned with enterprise Zero Trust, identity security, and hybrid cloud transformation initiatives.
Translate enterprise IAM policies and security standards into directory, machine identity, and certificate governance frameworks.
Lead platform lifecycle management, including modernization initiatives such as directory consolidation, hybrid identity adoption, and machine identity governance improvements.
Manage platform backlog, priorities, and engineering delivery in alignment with the product operating model and agile delivery practices.
Partner with IAM leadership to ensure directory and certificate platforms support broader identity governance, authentication, and privileged access strategies.
Directory Services & PKI Platform Engineering & Operations Leadership
Lead engineering and operational oversight of the enterprise directory services infrastructure, including Active Directory multi-domain and multi-forest environments.
Ensure reliability, scalability, and security of enterprise directory infrastructure including domain controllers, replication topology, DNS integration, and group policy architecture.
Establish engineering standards for directory architecture, operational stability, and platform resilience.
Oversee platform lifecycle management including patching, upgrades, monitoring, and disaster recovery planning.
Manage the enterprise PKI ecosystem, ensuring secure certificate issuance, validation, renewal, and revocation processes.
Cloud Integrations, Hybrid Identity & DevOps Enablement
Lead hybrid identity architecture integrating Active Directory with Microsoft Entra ID and cloud identity services.
Oversee identity synchronization, federation, and identity lifecycle processes across on-premise and cloud environments.
Partner with cloud engineering teams to enable secure identity integration for enterprise applications, SaaS platforms, and cloud infrastructure.
Enable application and DevOps teams with secure identity and certificate services required for modern development pipelines.
Certificate Lifecycle Management (CLM) Leadership
Lead the enterprise machine identity and certificate lifecycle management program, including governance of Venafi or equivalent CLM platforms.
Maintain centralized governance and inventory of machine identities and certificates across infrastructure, applications, APIs, and network devices.
Reduce operational and security risks related to certificate expiration, unmanaged certificates, and machine identity sprawl.
Integrate certificate lifecycle management capabilities into enterprise infrastructure and DevOps pipelines.
Oversee integration and secure operation of Hardware Security Modules (HSMs) used for certificate authority and cryptographic key protection.
Security, Operational Resilience & Identity Threat Management
Strengthen the security posture of identity infrastructure platforms, including Active Directory, Entra ID, and PKI services.
Partner with the Security Operations Center (SOC) and cyber defense teams to monitor and respond to identity-related threats and anomalies.
Establish monitoring and alerting for identity infrastructure anomalies, suspicious authentication activity, and potential directory compromise scenarios.
Respond to and lead investigations involving identity compromise, privilege escalation, and misconfiguration.
Automation, Platform Resilience & DevSecOps
Drive automation initiatives across directory services, identity infrastructure, and certificate lifecycle management platforms.
Implement Infrastructure as Code (IaC), scripting frameworks, and API-driven automation for identity infrastructure provisioning and management.
Lead the adoption of DevSecOps practices to improve operational efficiency and platform security.
Improve platform resilience through proactive monitoring, reliability engineering, and disaster recovery planning.
Cross-Functional IAM Collaboration
Partner with enterprise architecture, cybersecurity, infrastructure, and cloud engineering teams to align identity services with enterprise technology strategy.
Support integration of directory and certificate services with enterprise IAM platforms and identity governance solutions.
Provide subject matter expertise to application teams on identity infrastructure, certificate management, and secure authentication integrations.
Represent directory services and machine identity platforms in enterprise security reviews, architecture boards, and transformation initiatives.
Required Qualifications
Education & Experience
Bachelor’s degree in Computer Science, Cybersecurity, or a related field
15+ years of experience in Identity and Access Management, Directory Services, Identity Infrastructure
10+ years of experience leading engineering teams or platform ownership roles in IAM or identity infrastructure domains.
Proven experience operating and modernizing large-scale Active Directory environments, including multi-domain and multi-forest architectures.
Experience managing hybrid identity platforms integrating Active Directory and Microsoft Entra ID.
Hands-on experience implementing Certificate Lifecycle Management (CLM) or PKI platforms, such as Venafi or equivalent solutions.
Experience supporting identity platforms in global enterprise environments.
Leadership & Product Experience
Experience operating within a product operating model, including ownership of platform roadmaps and delivery outcomes.
Ability to lead engineering teams while collaborating effectively with security, infrastructure, and application engineering stakeholders.
Ability to communicate effectively with both technical teams and senior leadership.
Ability to drive complex identity transformations in large enterprise environments.
Passionate about automation, security, and operational excellence.
Self-driven, organized, and comfortable operating in a hybrid, fast-paced environment.
Certifications (Preferred)
Microsoft Identity and Azure certifications
CISSP, CISM, CCSP, or equivalent security certifications
PKI or certificate management related certifications (Venafi preferred)
Travel: Periodic travel (up to 10%) may be necessary for key meetings, conferences, or team collaboration
The United States is the largest market in the Mondelēz International family with a significant employee and manufacturing footprint. Here, we produce our well-loved household favorites to provide our consumers with the right snack, at the right moment, made the right way. We have corporate offices, sales, manufacturing and distribution locations throughout the U.S. to ensure our iconic brands—including Oreo and Chips Ahoy! cookies, Ritz, Wheat Thins and Triscuit crackers, and Swedish Fish and Sour Patch Kids confectionery products —are close at hand for our consumers across the country.
Mondelēz Global LLC is an Equal Opportunity Employer/Protected Veterans/Persons with Disabilities. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected Veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Applicants who require accommodation to participate in the job application process may contact 847-943-5460 for assistance.
For more information about your Federal rights, please see eeopost.pdf; EEO is the Law Poster Supplement; Pay Transparency Nondiscrimination Provision; Know Your Rights: Workplace Discrimination is Illegal