×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Identity and Access Management Architect

Job in Southfield, Oakland County, Michigan, 48076, USA
Listing for: Deal Exchange, LLC
Full Time position
Listed on 2026-06-21
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 125000 - 150000 USD Yearly USD 125000.00 150000.00 YEAR
Job Description & How to Apply Below

Identity and Access Management Architect

Open Dealer Exchange (ODE), is seeking an Identity and Access Management (IAM) Architect to support its workforce in Southfield, MI. As an IAM Architect, you will own and mature our identity security posture across a complex, multi-platform environment, serving as the primary driver of a structured role-based access control (RBAC) program and a trusted technical advisor across infrastructure, IT, and development teams.

The ideal candidate will have deep experience with Entra , Active Directory, identity lifecycle automation, and governing access in regulated enterprise environments. Open Dealer Exchange is a dynamic, exciting place to work. Open Dealer Exchange offers a hybrid work model as well as an excellent compensation/benefit package.

Responsibilities
  • Design and implement enterprise RBAC:
    Build a cohesive role-based access control model across Entra , Active Directory, and Entra External , replacing ad hoc access grants with governed, role-aligned entitlements.
  • Lead identity lifecycle automation:
    Integrate the HR system with Entra  automate provisioning and deprovisioning, ensuring access changes are event-driven and auditable at the point of hire, transfer, and termination.
  • Govern directory structure and access hygiene:
    Define and enforce naming conventions, group structures, and access review cadences across all directory platforms.
  • Manage non-human identities:
    Govern service accounts, including managed identities, service principals, and app registrations, enforcing least privilege and credential hygiene across all environments.
  • Advise development teams on identity security:
    Provide architectural guidance on token handling, session management, and federation patterns for teams building or maintaining identity adjacent systems.
  • Drive Conditional Access and PIM:
    Lead Conditional Access policy design and own Privileged Identity Management configuration and the privileged access model for admin roles across Azure and M365.
  • Support Entra External :
    Advise teams on External t configuration, custom policy, user flows, and external identity federation.
  • Produce compliance-ready documentation:
    Maintain IAM documentation including access control matrices, provisioning runbooks, and audit-ready entitlement inventories supporting FCRA and FTC Safeguards Rule obligations.
  • Collaborate across the security program:
    Align IAM initiatives with the broader security roadmap and participate in change management and architecture review processes alongside security engineers and the Cybersecurity Manager.
Required Skills & Experience
  • 5+ years of hands‑on IAM engineering experience, with at least 3 years focused on Entra  (Azure AD) in enterprise environments.
  • Deep working knowledge of Active Directory, including group policy, OU design, domain trust models, and hybrid identity patterns.
  • Demonstrated experience designing and implementing RBAC models at scale in complex or legacy environments.
  • Hands‑on experience with Entra , including access reviews, entitlement management, lifecycle workflows, and Privileged Identity Management (PIM).
  • Strong working knowledge of OAuth 2.0, OIDC, and SAML, sufficient to review developer implementations and identify security risk.
  • Practical experience automating identity lifecycle events using Logic Apps, Azure Functions, Power Shell, or the Microsoft Graph API.
  • Ability to communicate risk clearly to non-technical stakeholders and produce compliance-ready documentation.
  • Will accept any suitable combination of education, training, or experience.
Preferred Skills & Experience
  • Experience in regulated industries such as financial services, fintech, or automotive with access control obligations.
  • Familiarity with FTC Safeguards Rule requirements or equivalent data security regulatory frameworks.
  • Prior experience integrating an HRIS platform (Workday, BambooHR, UKG, or similar) with Entra  SCIM or custom connector.
  • Exposure to IGA platforms such as SailPoint, Saviynt, or Omada.
  • Experience advising development teams on token validation, scope design, role claims, and secure session management.
  • Bachelor's degree in Computer Science, Information Systems, or a related field, or equivalent professional experience.
  • Relevant certifications: SC-300 (Microsoft Identity and Access Administrator), AZ-500 (Microsoft Azure Security Technologies), or equivalent
#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search