Identity and Access Management (IAM) Architect

The IAM Architect is responsible for designing, governing, and evolving the enterprise Identity and Access Management architecture across workforce, customer, and non-human identities. This role ensures secure, compliant, and scalable identity services while enabling business agility, cloud adoption, and Zero Trust security principles. The IAM Architect acts as the technical authority and strategic advisor for IAM, bridging security, IT, and business stakeholders to translate requirements into sustainable identity solutions., IAM Strategy & Architecture Define and maintain the enterprise IAM architecture and roadmap Align IAM capabilities with business, security, compliance, and regulatory requirements Establish IAM architecture standards, patterns, and design principles Provide architectural oversight for identity initiatives, integrations, and transformations Identity Lifecycle & Access Governance Design end-to-end Joiner Mover Leaver (JML) processes for human identities Define governance models for non-human identities (service accounts, APIs, bots, workloads) Architect role-based (RBAC), attribute-based (ABAC), and policy-driven access models Ensure least privilege, segregation of duties (SoD), and audit readiness Authentication, Authorization & Zero Trust Design secure authentication solutions leveraging SSO, MFA, conditional access, and adaptive authentication Define authorization strategies across applications, APIs, and cloud platforms Enable IAM as a Zero Trust control plane integrating identity, device, and risk signals Privileged & Non-Human Identity Architecture Architect Privileged Access Management (PAM) integrations for admins and NHIs Define approaches for secrets management, credential rotation, and just-in-time access Integrate IAM controls into DevOps, CI/CD, and cloud-native workloads Technology Enablement Lead architecture across IAM platforms and integrations, such as: o IGA: SailPoint, Saviynt o CIAM: Entra ID, Ping, ForgeRock o PAM: CyberArk, BeyondTrust Evaluate tools, platforms, and enhancements through architecture reviews and PoCs Ensure secure and scalable integrations with HR, ITSM, SIEM, GRC, and cloud services Governance, Compliance & Risk Translate regulatory requirements (SOX, SOC, ISO, NERC, etc.) into IAM controls Support audits with clear architectural documentation and control mappings Identify identity-related risks and drive remediation strategies Leadership & Collaboration Serve as the IAM subject matter expert for architects, engineers, and program teams Provide architectural guidance to system integrators and vendors Communicate complex identity concepts to executive, technical, and non-technical audiences Mentor IAM engineers and contribute to capability maturity, Percentage of automated access decisions NHI coverage and credential rotation compliance Reporting & Interaction Typically reports to: CISO, Head of Security Architecture, or IAM Domain Leader Works closely with: o Security Operations o Enterprise Architecture o HR, IT, Compliance, and Risk o Cloud and Application teams

Technical Expertise 8+ years in IAM, cybersecurity, or enterprise security architecture Strong understanding of: o Identity lifecycle management o Access governance and certifications o Authentication and authorization protocols (SAML, OAuth, OIDC) o PAM and secrets management Experience designing IAM in hybrid, cloud (AWS/Azure/GCP), and SaaS environments Familiarity with identity analytics, risk-based access, and Zero Trust principles Architecture & Design Proven experience creating: o Target-state architectures o Reference architectures and patterns o Roadmaps and phased transformation plans Ability to balance security, usability, scalability, and cost Soft Skills Strong stakeholder management and communication skills Ability to influence without direct authority Comfortable operating in ambiguous, complex enterprise environments Executive-level presentation and documentation skills Preferred Qualifications Experience with large-scale IAM transformations or M&A integration Exposure to non-human identity governance at scale Security or architecture certifications (CISSP, SABSA, TOGAF, vendor certifications) Consulting or client-facing experience Success Metrics (KPIs) Reduction in orphaned accounts and standing privileged access Time to provision and deprovision access