Identity Security Architect in Wantage

Crown Holdings, Inc. is a global leader in the design, manufacture, and sale of packaging products for consumer goods. At Crown, we are passionate about helping our customers build their brands and connect with consumers around the world. We do this by delivering innovative packaging that offers significant value for brand owners, retailers, and consumers alike. With operations in 47 countries employing over 33,000 people and net sales of over $11 billion, we are uniquely positioned to bring best practices in quality and manufacturing to our customers to drive their businesses locally and globally.

The Global Information Security Team’s mission is to protect Crown’s global information systems, data and employees from cyber-based security threats while ensuring the confidentiality, integrity and availability of information used by the Crown business units to produce world class sustainable packaging solutions to our customers.

Location: Yardley, PA (USA) or Wantage (UK). This is an office-based position, and individuals are expected to be in the office daily. Crown offers a flexible work hour schedule.

The Identity Security Architect will lead Crown’s global identity security strategy, architecture, and roadmap. They will work to continuously improve identity security across all of Crown by identifying issues and opportunities, assessing risk and defining solutions. Partnering with Regional IT teams and the rest of the Global Security Team, they will implement and maintain identity related solutions and changes, ensuring they meet current and future requirements and align with Crown standards.

• Strategy and Architecture Design (40%): Lead the strategy and movement towards modern and/or more secure authentication methods, such as passkeys, certificates, OAuth, OIDC, phish resistant MFA etc, reducing the usage of legacy authentication mechanisms and protocols. Oversee improvements to authentication security and standards beyond core directory services, covering other areas such as local PCs, network devices, applications, cloud services etc. Identify, assess and select identity security related solutions and changes that will improve Crown’s cyber security posture globally. Produce highly detailed designs and plans to ensure new identity security solutions and changes are robust, resilient and fit well in Crown’s enterprise IT environment while minimising operational impact.
• Implementation & Technical Leadership (40%): Serve as the lead technical subject matter expert (SME) throughout the implementation of new identity security solutions and changes, including defining standard processes and authoring detailed technical guides to allow smooth transition to an operational state. Function as a 3rd line subject matter expert (SME) for Crown’s global identity security solutions; ensure they are managed and maintained to Crown and industry standards and meet current and future requirements. Proactively identify identity security configuration issues across the enterprise and coordinate efficient remediation with minimal operational impact.
• Stakeholder Collaboration and Consulting (20%): Assist with other projects and activities to ensure any identity related components are configured securely and in-line with Crown security standards. Assist in defining Identity and Access Management (IAM) standards, processes and procedures.

Crown seeks an experienced, driven identity security architect to define strategy and engineer resilient, standards based solutions across our global manufacturing environment.

• 3+ years hands on experience implementing and managing industry leading Privileged Access Management (PAM), Identity Threat Detection & Response (ITDR) and/or Identity Security Posture Management (ISPM) solutions.
• Deep expertise of the full Microsoft Hybrid Identity stack (On-premises Active Directory, AD Connect and Entra ID) with a history of identifying and remediating associated security risks/misconfigurations.
• Detailed understanding of authentication protocols (such as Kerberos, LDAP, NTLM, OIDC, SAML, etc); including proven experience migrating from legacy authentication methods to modern passwordless alternatives (such as passkeys, OAuth, certificates etc).
• Strong technical knowledge of a Microsoft based enterprise IT infrastructure (previous experience managing a secure Microsoft based PKI would also be desirable).
• Experience as an architect or lead on large projects spanning multiple countries and cultures.
• Background of defining security standards and processes in large corporate IT environments.
• Working knowledge of Cyber Security frameworks/methodologies (such as NIST, ISO 27001, MITRE ATT&CK, Lockheed Martin Kill Chain etc).

• Strategic thinker to enable conversion of complex business needs into secure technical, actionable plans.
• Quality driven, detail oriented with advanced problem solving and troubleshooting skills.
• Strong organizational and prioritization skills; consistently meets project deadlines.
• Excellent communication skills, translating technical concepts for all audiences and influencing technical stakeholders with evidence based recommendations.
• Collaborative and inclusive; works effectively across diverse teams, countries, and cultures.

• Bachelor’s degree in Information Systems, Computer Science, or equivalent experience.
• Preferred security certifications: CISM, CISSP, CCNA, CCNP or other similar. TOGAF would also be desirable.