Active Directory and cloud security Team Leader

ArcelorMittal operates one of the most complex and globally distributed Active Directory (AD) infrastructures in the industrial sector, encompassing over 80 AD domains across Europe and globally. This includes on-prem ADs, Azure AD, and hybrid configurations managed via AAD Connect Sync. The infrastructure supports SSO (Single Sign-On) for critical business applications, many of which fall under SOX/ITGC compliance scope.

This role leads first the 24x7 operations and second the design, governance, and security of ArcelorMittal's AD and Azure AD environments, ensuring operational excellence, cyber resilience, and regulatory compliance. The successful candidate will manage a team of specialists and collaborate with cybersecurity, infrastructure, and compliance teams across the enterprise.

Complexity & Strategic Importance

· Footprint: 20-30 ADs in Europe alone - the priority for this service - supporting over 126,000 declared user accounts.

· Hybrid Identity Model: Azure AD integrated with local ADs using suffix-based routing (e.g., @arcelormittal.lu → LU1 domain).

· SOX Exposure: ADs are critical for authentication in SOX-relevant applications, requiring strict tiering and segregation.

· Tiering Model: On different ADs, Tier0 implemented; Tier1 and Tier2 in progress. The new team needs to bring consistency and improvement.

· Security Audits: Regular internal audits and PingCastle assessments highlight the need for robust controls.

Security & Compliance Responsibilities

· Implement and maintain tier-based administration and air-gapped domain controllers where applicable.

· Ensure SOX/ITGC compliance across AD and Azure AD environments, including password policies, user exemptions, and leaver processes.

· Collaborate with internal audit and assurance teams to remediate findings and align with global cybersecurity frameworks.

Key Responsibilities:

Leadership & Team Management

· Operational management of the AD & Cloud Security team; Lead and mentor a team of AD and cloud security experts.

· Define team objectives, monitor performance, and support professional development.

Active Directory Infrastructure

· Oversee configuration, maintenance, and optimization of AD services across European and global sites.

· Move AD management, one by one, from local to GCC management

· Manage AAD Connect Sync and suffix-based routing for hybrid identity.

· drive AD transformations & consolidations programs for ADs in scope

· monitor performance, incidents and changes

Azure AD & Cloud Security Oversight

· Govern Azure AD configurations, including role-based access, conditional access, and password policies.

· Implement controls for Azure tenant-level governance, Defender for Cloud, and multi-cloud environments.

SSO Strategy & Identity Management

· Work with the applications teams to drive the SSO strategy for user experience improvement while ensuring compliance with SOX constraints.

· Whitelist compliant ADs for SSO authentication in SOX-scope applications.

Governance & Risk Management

· Establish and enforce global policies for AD and Azure AD security.

· Participate in the Global Cloud Security & Compliance Steering Committee.

Collaboration & Stakeholder Engagement

· Work closely with segment CIOs, cybersecurity teams, and infrastructure leads.

· Act as the point of contact for audits, risk assessments, and compliance reviews.

Qualifications:

Education

· Bachelor's degree in Information Technology, Computer Science, or a related field.

· Master's degree or relevant certifications (e.g., CISSP, Azure Security Engineer, AWS Security Specialty) are a plus.

Experience

· 10+ years in enterprise identity and access management, preferably in a global industrial setting.

· Deep expertise in Active Directory, Azure AD, AAD Connect, and tiering models.

· Strong understanding of SOX/ITGC compliance and cybersecurity frameworks.

· Proven leadership in managing distributed teams and complex infrastructure.

Languages

· Fluency in English is required; knowledge of other European languages is optional.