Identity and Access Management Architect

We are seeking a Senior Manager-level IAM Architect to partner with Senior IAM leadership team to define and drive the technical strategy and architecture for Identity and Access Management (IAM) across the organization. This role combines strategic leadership, hands-on solution design with product owners, and senior level stakeholder engagement, to secure identities, enable business objectives, and improve user experience across digital channels. This individual must have a pulse on the emerging identity technology trends and best practices to coordinate with Product Owners for integrated IAM architectures and roadmaps.

Core Responsibilities

Partner with Senior IAM leadership team to define and own the enterprise IAM architecture, strategy, reference patterns, and roadmaps across authentication, authorization, identity lifecycle, privileged access, and account protection.

Engage in executive level leadership conversations, translate business goals into IAM requirements, coordinate with IAM product owners on technical feasibility to ensure solutions scale and interoperate across on-premises, cloud, and hybrid environments.

Partner with IAM product technical leads to assist with technical design and implementation for authentication (e.g. MFA, SSO, etc), authorization models (e.g. RBAC, ABAC, etc), identity provisioning, lifecycle management, and privileged access controls.

Champion innovation with Identity and Access Management tools, evaluate and provide recommendations to product owners for consideration and integration with the existing platform, while balancing security, privacy, and usability.

Architect secure integrations between IAM platforms and applications, directories, cloud services, and CI/CD pipelines, set standards and reusable patterns for developers.

Partner with IAM Sr. Leadership team and IAM product technical leads to address IAM risk assessments, threat modeling, and remediation strategies, partner with security, risk, and compliance teams to implement controls and measure risk reduction.

Partner with IAM product technical leads to oversee incident response activities as they relate to identity compromise, and lead post-incident root-cause analysis and remediation.

Drive adoption: create technical guidance, architecture diagrams, and executive-level briefings, mentor architects and senior engineers on IAM best practices.

Collaborate with product, engineering, and business leaders to prioritize roadmap items, measure outcomes (security posture, access-related incidents, time-to-provision), and demonstrate business value.

Ensure compliance with relevant regulations and internal policies, support audits and attestations related to identity and access controls.

Do you have experience in Technical solutions implementation?, Do you possess the following?: 10+ years of IAM experience with progressive technical leadership, experience in a consulting or large enterprise environment preferred.

Proven track record designing, delivering, and operating enterprise-scale IAM solutions across cloud and on-prem environments.

Deep technical knowledge of authentication/authorization protocols and standards (OAuth2/OIDC, SAML, SCIM, LDAP) and modern IAM architectures.

Hands-on experience with at least two major IAM technologies (e.g., Entra ID/Azure AD, Microsoft AD, CyberArk, SailPoint, Ping Identity).

Strong stakeholder management and communication skills, able to present technical concepts to executive audiences and translate business needs into technical requirements.

Experience leading vendors, technical teams, and cross-functional workstreams to successful outcomes.

Advanced degree (MS) or certifications (e.g., CISSP, CISM, SABSA, TOGAF, vendor-specific IAM certs).

Experience with zero-trust identity models, identity governance, privileged access management, and modern authentication modalities (passwordless, biometrics, adaptive MFA).

Prior experience building IAM programs or working in high-regulation industries (finance, healthcare, government).

Balance strategic thinking with the ability to roll up sleeves and deliver technically where needed.

Identity Providers / Directories: Entra ID/Azure AD, Microsoft AD

Identity Governance and PAM: SailPoint, CyberArk

Authentication & Federation: Ping Identity, OAuth2/OIDC, SAML, SCIM

Cloud & DevOps integration: AWS/Azure/GCP identity services, CI/CD tooling

At Deloitte, we value our people and offer employees a broad range of benefits. Our Total Rewards program reflects our continued commitment to lead from the front in everything we do-that's why we take pride in offering a comprehensive variety of programs and resources to support your health and well-being.

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in what is but rather what can be to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived., At Deloitte Global people are valued and respected for who they are - with opportunities to bring their unique perspectives, talents and passions to business challenges. Our global workspace creates room for individuality and collaboration. Ours is an inclusive, supportive, connected culture with a focus on development, flexibility, and well-being. This culture makes Deloitte Global one of the most rewarding places to work, and to transform your career. Professional development From entry-level employees to senior leaders, we believe in investing in you, helping you identify and hone your unique strengths at every step of your career. We offer opportunities to build new skills, take on leadership opportunities, and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.