Cristen Futch

• Served as SME leading IAM operations for 40,000+ identities, overseeing lifecycle management, access governance, authentication/authorization, directory services, and compliance while providing oversight for IAM specialists.
• Oversaw end to end user lifecycle management (onboarding, offboarding, access updates, JML workflows) aligned with SOX, HIPAA, NIST, Zero Trust, least privilege, and RBAC standards.
• Managed IAM across Active Directory, Microsoft Entra ID, LDAP directory services, and MIM, performing root cause analysis and ensuring compliant, policy aligned RBAC-driven access.
• Led privileged access integration and application onboarding across Windows, Linux, network devices, and databases in Delinea/Thycotic, partnering with application owners to define access models, validate controls, and implement automated rotation, reconciliation, session recording, and secure JEP/JIT break‑glass access.
• Executed quarterly SOX access certifications across multiple business units, validating approvals, producing audit evidence, and generating governance metrics and reporting to support compliance and leadership visibility.
• Served as the lead IAM SME for a major mainframe upgrade, directing access control analysis, validating and testing RACF security configurations, and coordinating cross functional UAT/user acceptance testing with 15 teams to ensure a seamless cutover.
• Administered Vanguard/RACF mainframe access, handling JML lifecycle tasks and group connects, enforcing least privilege, completing SOX audits, and resolving RACF security incidents.
• Onboarded all development servers into Delinea Secret Server, enabling centralized vaulting, automated rotation, and JIT access to eliminate persistent admin rights.
• Redesigned 1,000+ distribution lists during an organization wide realignment, collaborating cross functionally with business units to validate structures, execute bulk CSV updates for a smooth go live, and document new SOPs.
• Created IAM procedures and documentation using AI powered tools, accelerating training and enabling faster onboarding of 5 new specialists in a fast paced environment.
• Removed 1,200+ inactive AD accounts, reducing risks, improving compliance posture, and minimizing orphaned identities.
• Acted as the IAM/M365 SME and primary escalation point, directing Exchange access administration (DLs, shared mailboxes, GAL/contact updates) and leading Purview eDiscovery/legal holds and litigation preservation.
• Led IAM response efforts for phishing incidents by leveraging Proofpoint TAP/TRAP and coordinating remediation actions with Security Operations.

• Handled onboarding, offboarding, access updates, and JML workflows in alignment with SOX, HIPAA, NIST, Zero Trust, and least privilege standards, driving process improvements that streamlined intake and reduced turnaround times.
• Performed IAM operations across AD, Entra ID, LDAP, and MIM by troubleshooting identity issues, conducting root cause analysis, and maintaining compliant, policy aligned RBAC driven access.
• Executed quarterly SOX access reviews, validating approvals and preparing audit evidence — directly aligned with SailPoint Access Certification and IGA governance workflows.
• Managed RSA SecurID/ MS MFA for 1,500 users, ensuring reliable SSO and remote access authentication.
• Integrated privileged accounts and onboarded applications across Windows, Linux servers, network devices, and databases into Delinea/Thycotic, collaborating with application owners to enable automated rotation, reconciliation, session recording, and secure JEP/JIT break glass access.
• Delivered Vanguard/RACF mainframe access by processing JML tasks, group connects, SOX access reviews, and assisting with RACF security incident remediation.
• Processed Exchange access requests—including DLs, shared mailboxes, and GAL/contact updates—and supported Purview eDiscovery, legal holds, and data preservation for litigation.
• Maintained PKI services through certificate lifecycle management, chain of trust validation, and renewal workflows for 600+ internal and 200+ external certificates.
• Supported phishing triage using Proofpoint TAP/TRAP by performing IAM response actions such as password resets and coordinating with Security Operations.