Identity \u0026amp; Access Management Senior Architect

Job Description

We have an exciting new opportunity for an Identity & Access Management Senior Architect to join the A&O Shearman London office.

The firm's ability to keep our clients' data secure is a bedrock for our reputation as a trustworthy professional services partner to many of the world's large and prestigious organisations. Information security is not an afterthought; it is core to all that we do, to protect not only our data but that of our clients, and has the unwavering support of the Board.

Led by our new CISO, the in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO
27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman's strategy to lead where global complexity creates opportunity.

In addition, you will have the opportunity to share and gain intel from the firm's cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients' cyber risk management and incident response programmes.

The Identity and Access Senior Architect will be part of the Digital Trust team, and will be responsible for maintaining the identity and access management (IAM) security of the firm's assets. This role is critical in translating the organisation's IAM vision into a workable, mature and optimized function and service. This role requires extensive experience across all IAM core disciples including identity management, identity governance and administration, privileged access, and conditional access.

This role will support the transformation of IAM into a modern, automated, predictable and customer-oriented function. The ideal candidate will excel at Microsoft Entra , Cyber Ark, machine identity management, and translation of identified requirements into practical identity architecture and design.

This will include:

• Design, implement and continuously improve the organisational IAM architecture for a modern security perimeter, leveraging extensive knowledge and experience across all IAM disciplines.
• Review functional and non-functional requirements, apply architectural acceptance criteria, and produce artefacts describing the logical and physical design of IT and security (IAM) solutions scaled for the enterprise needs, and assist in solution architecture.
• Influence and evaluate decisions on IAM components: directory, identity, privileged access, entitlements management.
• Configure and maintain technologies that support the IAM function such as Active Directory, Entra  Identity, Privileged Access, and Governance;
  Conditional Access Policies;
  Cyber Ark.
• Design and transition IAM service components into operation - operational manuals, support patterns, standard changes, request management.

• Work alongside Solution Architects to ensure solutions are designed securely from an access management perspective. Ensure adherence to the change management process when implementing IAM relevant changes to architecture.
• Perform detailed analysis of application architectures to provide IAM assurance.
• Understand threat modelling and participate in major incidents responses with IAM components.
• Review and approve the IAM components of solution designs.
• Collaborate with cloud infrastructure teams to implement IAM design patterns.
• Ensure IAM security controls are appropriately implemented in our environment and align with NIST and CIS benchmarks.
• Validate effectiveness of implemented IAM security controls through technical analysis.
• Perform residual IAM risk assessments and document acceptance/rejection rationale.
• Scope and manage IAM security testing including penetration tests and Red Teaming as well as remediation activities.
• Work closely with wider Information Security team to ensure compliance, assurance, risk management, monitoring, and other operational requirements related to IAM are met. Ensure the IAM service follows and complies with IT and Information Security policies and regulatory standards.
• Help configure and keep current the integration of IAM technologies with SIEM, SOAR, Service Desk and other tools.
• Work closely with relevant vendors to ensure optimised use of the supplied technologies and professional services.
• Serve as an escalation point for issues of non-compliance related to PAM, IAM and IGA policies and processes.

• Provide leadership and structured mentorship to a team of identity and access management staff, supporting their technical development, training & certifications, and career progression.
• Oversee the design and management of the on-call support structure, ensuring appropriate coverage, escalation paths, and minimal disruption…