Enterprise Identity Security Architect

Our client is seeking an experienced Enterprise Identity Security Architect to lead the strategy, architecture, and implementation of enterprise identity and access management (IAM) solutions. This role focuses on advancing Zero Trust principles, strengthening identity security posture, and enabling scalable, AI-secure identity platforms across the enterprise., The clients' global headquarters is located in Phoenix, Arizona. This position follows a hybrid work model, combining virtual collaboration with in-person meetings at their Phoenix Collaboration Hub or site locations as required by the role and department.

The Collaboration Hub is a modern, flexible workspace featuring meeting rooms with advanced collaboration technology, phone booths, and a working cafe. In-person attendance requirements may vary., * Lead enterprise identity architecture across domains including Microsoft Entra, Identity Governance & Administration (IGA), Identity Threat Detection & Response (ITDR), non-human identities, and agentic AI security.

• Define and maintain identity reference architectures for directories (AD/Entra), authentication and authorization, federation (SAML, OIDC, OAuth), Conditional Access, and identity lifecycle management.
• Develop and maintain a 1-3 year Identity Security Roadmap, including AD/Entra modernization, RBAC and role engineering, access reviews, workload and machine identity strategy, and ITDR automation.
• Translate business and security requirements into end-to-end solution designs; produce high-level and low-level designs, data flow diagrams, trust boundaries, and control mappings.
• Establish identity control objectives, metrics, and testing procedures, supporting joiner/mover/leaver processes, privileged access management, access certifications, and passwordless adoption.
• Partner with Infrastructure, Cloud, Security Operations, Application teams, HRIS, Enterprise Architecture, Internal Audit, and Compliance to ensure alignment with Zero Trust, SOX, and NIST CSF.
• Lead architecture reviews and design workshops; clearly communicate architecture decisions to technical and executive stakeholders.
• Monitor emerging identity threats and platform advancements to drive continuous improvement across the identity ecosystem.
• Perform additional duties as assigned.

• Associate's degree with 10+ years of experience in security systems technologies and a relevant security certification (e.g., ISACA, SANS, ISC, CEH), or
• Bachelor's degree with 6-8 years of experience in security systems technologies (certification required at 6 years), or
• Master's degree with 5-6 years of experience in security systems technologies (certification required at 5 years).

Hands-on experience with:

• Active Directory and Microsoft Entra (users, groups, policies, access management)
• Identity Governance & Administration (IGA) platforms

Strong knowledge of Zero Trust architectures, least-privilege access, and compliance frameworks (e.g., SOX, NIST CSF).

Expertise in identity lifecycle management, federation (SAML/OIDC/OAuth), Conditional Access, MFA/passwordless authentication, and access reviews.

Understanding of workload and machine identity governance (managed identities, service accounts, certificates, secrets).

Ability to create architecture documentation (HLD/LLD), threat models, and control mappings.

Strong communication skills with the ability to influence across technical and business teams.

Preferred

• Experience with passkeys/passwordless authentication, external identities, workload Conditional Access policies, and identity automation.
• Exposure to SAP or HRIS integrations and joiner/mover/leaver orchestration.
• Certifications such as Microsoft Identity/Entra, CISSP, CISM, or IGA/ITDR-related credentials.
• Knowledge of agentic AI and AI-related security controls.

• Medical, dental, and vision insurance
• Company-paid life and disability insurance
• 401(k) with employer contribution/match
• Paid time off, sick time, holidays, and parental leave
• Tuition assistance
• Employee Assistance Program (EAP)
• Discounted auto, home, and pet insurance
• Internal career progression opportunities

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.