Sr. Manager, Identity & Access Management

Gong is looking for a strategic, hands-on IAM leader to build and scale a modern identity program that keeps us secure and out of our users’ way. You’ll own the vision, architecture, and operations of IAM so that every Gongster has the right access, at the right time, with the least friction. You’ll lead and grow a team, partner closely with Security, IT, and GRC, and turn identity into a business enabler, not just a control point.

RESPONSIBILITIES

• Lead and develop the IAM team
• Hire, mentor, and grow a high-performing team of IAM engineers and admins.
• Provide technical leadership, coaching, and clear performance expectations.
• Foster a culture of ownership, continuous improvement, and automation.
• Own the IAM strategy and roadmap
• Define and execute the IAM roadmap aligned with the company's security, compliance, and productivity goals.
• Establish a long-term architecture for identity, authentication, and authorization across the workforce and SaaS applications.
• Drive standardization around role-based access controls (RBAC) and least-privilege models.
• Own our central identity platform (Okta) including SSO, MFA, passwordless, and device-based factors.
• Ensure high availability, reliability, and performance of IAM services globally.
• Implement and enforce modern authentication protocols and standards.
• Identity lifecycle and access automation
• Design and operate end-to-end identity lifecycle (joiner/mover/leaver) integrated with HRIS, ATS, and downstream systems.
• Automate provisioning, deprovisioning, and access changes across key SaaS and internal systems.
• Build and maintain workflows, rules, and policies that reduce manual work and errors while improving user experience.
• Access governance and compliance
• Implement and manage identity governance and administration (IGA) capabilities including access reviews, certifications, and separation of duties controls.
• Partner with Security, Compliance, and Internal Audit to support SOC 2, ISO 27001, SOX, and customer audit requirements.
• Maintain accurate, auditable records of access, approvals, and exceptions.
• Privileged access management (PAM)
• Define and run a privileged access management program for administrative and high-risk accounts.
• Implement controls such as just-in-time access, session recording, and strong approval workflows.
• Continuously reduce standing privileges and risky access patterns.
• Zero Trust and security-by-design
• Contribute to the company’s Zero Trust strategy through strong identity-centric controls and policies.
• Embed IAM best practices into new system designs, M&A integrations, and major IT/security initiatives.
• Collaborate with Security Engineering on policy-as-code, conditional access, and risk-based authentication.
• Service quality, metrics, and sta