Job Description

🧭 Job Summary + Role Specification

This position is with a leading industry organization, offered under direct payroll.

We are seeking a highly experienced IAM Architect to lead the design and implementation of enterprise Identity & Access Management (IAM) architecture, governance frameworks, and identity security strategy. This role is responsible for defining Zero Trust identity models, access governance, and scalable IAM platforms across hybrid (on-prem + cloud) environments.

The ideal candidate will bring deep expertise in identity lifecycle management, federation, privileged access integration, and cloud IAM, along with strong experience in multi-vendor IAM ecosystems (SailPoint, Okta, ForgeRock, Microsoft Entra ID, Ping Identity).

📄 Job Description

• Define and implement enterprise IAM architecture and roadmap aligned with business and security strategy 
• Design and deploy Zero Trust identity frameworks (least privilege, adaptive access, continuous verification) 
• Lead IAM transformation programs including migration, consolidation, and modernization 
• Architect Identity Governance & Administration (IGA) solutions (access certification, SoD, lifecycle automation) 
• Implement federation and authentication protocols (SAML, OAuth 2.0, OpenID Connect, Kerberos) 
• Design and integrate IAM with cloud platforms (AWS, Azure, GCP) and enterprise applications 
• Oversee integration of IAM with PAM solutions (CyberArk, BeyondTrust) and security tools 
• Establish identity lifecycle workflows (joiner–mover–leaver processes) 
• Define role-based (RBAC) and attribute-based (ABAC) access models 
• Ensure compliance with ISO 27001, NIST, SOX, GDPR, and Zero Trust frameworks 
• Drive API security, identity federation, and secure access to microservices architectures 
• Provide technical leadership for IAM platform scalability, performance, and high availability 

🎯 Roles & Responsibilities (Day-to-Day Activities)

• Design and review IAM architecture diagrams and solution blueprints 
• Lead integration of IAM systems with applications (ERP, CRM, SaaS, custom apps) 
• Define and enforce access governance policies and compliance controls 
• Oversee access certification campaigns and audit readiness 
• Collaborate with security, cloud, and DevOps teams for secure identity integration 
• Conduct architecture reviews, risk assessments, and security design validations 
• Evaluate and onboard IAM tools/vendors based on enterprise requirements 
• Troubleshoot complex IAM issues across authentication, federation, and provisioning layers 
• Mentor IAM engineers and guide best practices in identity security 
• Drive adoption of Zero Trust and identity-first security strategies 

🧠 Skills & Technologies (ATS Optimized)

🔐 IAM Architecture & Governance

• IAM Architecture Design 
• Identity Governance & Administration (IGA) 
• RBAC, ABAC, Policy-Based Access Control 
• Zero Trust Architecture (ZTA) 
• Identity Lifecycle Management (JML) 
• Access Certification & Segregation of Duties (SoD) 

🛠️ IAM Tools & Platforms (Multi-Vendor)

• SailPoint IdentityIQ / IdentityNow 
• Okta (SSO, MFA, Lifecycle Management) 
• ForgeRock Identity Platform 
• Microsoft Entra ID (Azure AD) 
• Ping Identity (PingFederate, PingOne) 
• IBM Security Verify 

🔑 Authentication & Federation

• SAML 2.0, OAuth 2.0, OpenID Connect (OIDC) 
• Kerberos, LDAP, Active Directory 
• Single Sign-On (SSO), Multi-Factor Authentication (MFA), Adaptive Authentication 

☁️ Cloud & Infrastructure Security

• AWS IAM, AWS Organizations, IAM Roles/Policies 
• Azure AD / Entra ID, Conditional Access 
• GCP IAM 
• Cloud Identity, SaaS Security Integration 
• Kubernetes Identity, Secrets Management 

🔐 PAM & Security Integration

• CyberArk, BeyondTrust, Delinea 
• Secrets Management (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) 
• Integration with SIEM (Splunk, Sentinel, QRadar) 

🌐 Networking & Systems

• TCP/IP, DNS, SSL/TLS 
• Active Directory, LDAP 
• Windows/Linux Identity Integration 

⚙️ Automation & DevSecOps

• REST APIs, SCIM 
• Python, PowerShell 
• CI/CD Integration (Jenkins, GitHub Actions) 
• Infrastructure as Code (Terraform) 

📊 Frameworks & Compliance

• ISO 27001, NIST, CIS Controls 
• SOX, GDPR, HIPAA 
• Zero Trust Security Model 
• MITRE ATT&CK (Identity Threat Mapping) 

✅ Eligibility Criteria

• 10+ years of hands-on experience in IAM architecture, design, and implementation 
• Proven experience with multi-vendor IAM platforms (SailPoint, Okta, ForgeRock, Azure AD, Ping) 
• Strong exposure to enterprise infrastructure (Active Directory, Linux), networking, and cloud environments (AWS, Azure, GCP) 
• Deep understanding of identity protocols, access governance, and Zero Trust security models 
• Bachelor’s or Master’s degree in Computer Science, IT, Cybersecurity, or related field 

Certifications (Preferred / Advantage):

• CISSP, CISM 
• Certified Identity and Access Manager (CIAM) 
• Microsoft Certified: Identity & Access Administrator 
• Okta / SailPoint Certifications