IAM Architect

Summary

The IAM Architect is responsible for defining and leading the enterprise-wide Identity and Access Management strategy, architecture, and roadmap to ensure secure, compliant, and seamless access to systems and data across on‑premises and cloud environments. This role combines strategic architecture, solution design, and technical leadership, working closely with security, infrastructure, application, and business teams.

• 10+ years of experience in Information Security
• 5+ years of hands‑on experience in IAM architecture, design, and solution delivery in enterprise environments

• Define and own the enterprise IAM architecture, standards, and reference patterns across authentication, authorization, identity lifecycle, and privileged access.
• Develop and maintain the IAM roadmap aligned with security strategy, business objectives, and regulatory requirements.
• Design end‑to‑end IAM solutions including Identity Governance & Administration (IGA), Single Sign‑On (SSO), Multi‑Factor Authentication (MFA), and Privileged Access Management (PAM).
• Lead solution design for key IAM capabilities: user provisioning and de‑provisioning, access request workflows, role‑based and attribute‑based access control (RBAC/ABAC), and access certification.
• Architect integrations between IAM platforms and enterprise applications, directories, cloud services, APIs, and CI/CD pipelines.
• Define patterns for integrating applications with SSO/MFA, directory services (AD/LDAP), and identity federation (SAML, OAuth2/OIDC).
• Partner with Security, Risk, and Compliance teams to ensure IAM controls support audit, regulatory, and policy requirements (e.g., SoD, least privilege, logging and monitoring).
• Conduct IAM risk assessments and threat modeling for new and existing solutions; recommend and drive remediation.
• Provide technical leadership to IAM engineers and project teams, guiding implementation, configuration, and migration activities.
• Establish and promote Dev Ops and automation practices for IAM (e.g., configuration as code, CI/CD for IAM changes, automated testing).
• Create and maintain architectural documentation, solution designs, standards, and guidelines for IAM.
• Act as a primary IAM subject matter expert for stakeholders, supporting design reviews, RFPs, and vendor/product evaluations

• Bachelor’s degree in computer science, Information Security, Engineering, or related field, or equivalent experience.
• Deep knowledge of IAM concepts: identity lifecycle, authentication and authorization, RBAC/ABAC, least privilege, SoD, and Zero Trust principles.
• Strong hands‑on experience with at least two major IAM platforms, such as:
• Identity Governance:
  SailPoint, Saviynt, etc.
• Privileged Access:
  Cyber Ark, Beyond Trust, or similar.
• Solid understanding of directories and identity stores (AD/LDAP), group strategy, OU design, and delegation models.
• Strong knowledge of IAM standards and protocols: SAML, OAuth2, OpenID Connect, SCIM, LDAP, Kerberos.
• Experience designing IAM solutions for hybrid environments (on‑prem, cloud, and SaaS) on platforms such as Azure, AWS, or GCP.
• Demonstrated experience leading complex IAM projects or programs, collaborating with cross‑functional technology and business stakeholders.
• Strong communication skills, with ability to explain technical concepts to both technical and non‑technical audiences and influence senior stakeholders.

• Experience implementing or architecting IGA solutions with SailPoint, Entra , Okta, Ping or equivalent (e.g., lifecycle manager, certifications, SoD, connector design).
• Experience integrating IAM with PAM tools and aligning privileged access with IGA policies.