Description
Work Where You Matter: At Dollar General, our mission is Serving Others! We value each and every one of our employees. Whether you are looking to launch a new career in one of our many convenient Store locations, Distribution Centers, Store Support Center or with our Private Fleet Team, we are proud to provide a wide range of career opportunities. We are not just a retail company; we are a company that values the unique strengths and perspectives that each individual brings. Your difference truly makes a difference at Dollar General. How would you like to Serve? Join the Dollar General Journey and see how your career can thrive. Company Overview:
Dollar General Corporation has been delivering value to shoppers for more than 80 years. Dollar General helps shoppers Save time. Save money. Every day.® by offering products that are frequently used and replenished, such as food, snacks, health and beauty aids, cleaning supplies, basic apparel, housewares and seasonal items at everyday low prices in convenient neighborhood locations. Learn more about Dollar General at www.dollargeneral.com/about-us.html.
Job Details:General Summary:
The Senior Information Security Manager, Identity & Access Management (Sr. Manager, IAM) leads the Information Security department's IAM program, including engineering, operations, and governance of identity and access for employees, contingent workers, business partners, and customers across the company's systems and data. This role informs and supports the roadmap for modernizing IAM capabilities (e.g., identity governance, privileged access, cloud identity, etc.) and partners closely with Information Security, IT, and business leaders to keep policy, process, and controls effective and audit ready. Reporting through the CISO organization, the Sr. Manager, IAM identifies program risk, drives remediation, and builds a high-performing team capable of scaling IAM services across a complex, high-transaction retail environment.
Duties & Responsibilities: What major responsibilities does this position have and what percentage of time is spent on completing them?
- Champion security best practices through visible, pragmatic leadership of the IAM program — modeling compliance, proactive risk awareness, and the company's operating principles. 5%
- Own IAM program standards, procedures, and roadmap; lead, coach, and develop the IAM team; manage vendor relationships, budget, and spend; apply sound project management to lead or support multiple concurrent initiatives. 20%
- Direct the design, performance, and continuous improvement of core IAM processes — including joiner/mover/leaver lifecycle, access provisioning, and system/application onboarding — partnering with IT and business leaders to promote and drive compliant, well-controlled execution. 40%
- Lead periodic IAM risk and compliance reviews of program processes and access to company systems and data; produce clear, actionable reporting for audiences ranging from the CISO and senior IT leadership to business unit leaders and technical SMEs; drive pragmatic risk-mitigation strategies to closure. 20%
- Embed appropriate authentication and authorization controls into the systems development lifecycle through hands-on consultation with engineering and product teams. 5%
- Maintain a high state of internal and external audit readiness for the IAM program; provide timely, complete responses to audit requests; partner with Information Security leadership on risk remediation plans. 5%
- Stay current on emerging IAM technologies, threats, and regulatory developments (and maintain working familiarity with adjacent security domains), applying what's relevant to the company's environment. Other duties as assigned.
Other duties as required. 5%
Knowledge, Skills and Abilities (KSAs): What KSAs are required to perform this job?
- Strong, current knowledge of identity and access management technologies, architectures, and trends — including identity governance & administration (IGA), privileged access management (PAM), cloud identity (e.g., Azure/Entra ID, AWS IAM, GCP IAM), etc.
- Working understanding of least-privilege access principles and modern authentication/authorization standards (e.g., SSO, MFA, SAML, OAuth2/OIDC, password-less).
- Strong written, oral, and interpersonal communication skills; ability to translate technical risk into business terms across technical and non-technical audiences and organizational levels.
- Proven people-leadership skills — hiring, coaching, and developing team members through leadership by example, with strong time management, prioritization, and organizational skills.
- Negotiation skills applicable to security recommendations, vendor management, and cross-functional influence.
- Solid grounding in access control strategy, access risk and compliance management, and the regulatory frameworks that apply to a publicly traded retail company (e.g., PCI DSS, SOX).
- Proficiency in SQL and/or a scripting language (e.g., PowerShell, Python) for data analysis and process automation.
- Intellectual curiosity and adaptability — comfortable learning new tools and adjusting approach as business, security, and risk needs evolve.
- Ability to appropriately influence and motivate stakeholders without direct authority.
- Availability for occasional non-standard shifts, on-call support, and travel (up to 5%).
Work Experience &/or Education: What are the minimum education and/or experience requirements necessary to perform this job?
- Bachelor's degree in information security, computer science, or a related field, or equivalent professional experience.
- 8+ years of information security experience, including 6+ years focused on identity and access management, with at least 3 years in a formal people-leadership or team-lead capacity.
- Role-relevant certification preferred (e.g., CISSP, CISM, CIAM, or a leading IGA/PAM vendor certification).
- Hands-on experience with identity and access technologies across a mixed enterprise environment —including Active Directory/Entra ID, LDAP-based directories, IBM AS/400, IBM AIX, Linux, web access management, ServiceNow, SIEM, and one or more modern IGA, PAM, or cloud IAM platforms.
- Track record managing risk associated with segregation of duties and stale, unused, excessive, or unnecessary accounts/access, including remediation at scale.
Apply on company website