Cloud IAM Architect, VP

MUFG•Jersey City, NJ

3d•Hybrid

About The Position

Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details. Job Summary: The Cloud IAM Architect is a senior architecture role responsible for defining authorization and access patterns for cloud platforms, with a primary focus on AWS and multi‑account environments. This role ensures cloud platforms conform to global IAM standards while enabling secure, scalable, and auditable access across multiple accounts, environments, and regions. The Cloud IAM Architect translates global IAM strategy into cloud‑native authorization models, preventing identity and permission sprawl while supporting modern delivery models such as DevSecOps, platform engineering, and infrastructure as code. This role focuses on architecture, standards, and reusable patterns, not day‑to‑day access administration.

Requirements

Cloud IAM & Authorization Deep experience designing AWS IAM authorization models in multi-account environments.
Strong hands‑on architectural knowledge of AWS IAM Identity Center and permission sets.
Expertise in RBAC design, with working knowledge of ABAC / PBAC concepts.
AWS Organizations & Governance Experience with AWS Organizations, SCPs, and permission boundaries.
Understanding of Control Tower landing zone governance and inheritance models.
Infrastructure as Code Experience designing IAM solutions using Terraform or equivalent IaC tools.
Ability to standardize and template IAM controls for repeatable use.
Architecture & Communication Strong ability to define reusable patterns and influence adoption across teams.
Experience collaborating with cloud engineering, platform, security, and audit stakeholders.
Bachelor's degree in Computer Science or a closely-related discipline, or an equivalent combination of formal education and experience

Nice To Haves

Experience operating IAM in regulated or highly controlled environments.
Familiarity with environment‑specific role design (dev vs. sandbox vs. prod).
Experience integrating workforce identity (e.g., Entra ID) with cloud authorization.
Experience defining or consuming IAM metrics to drive continuous improvement.
Exposure to multi-cloud IAM concepts beyond AWS.
Familiarity with DevSecOps or platform engineering operating models.
Relevant cloud or security certifications (e.g., AWS, security architecture).

Responsibilities

Cloud Authorization Architecture Define and govern AWS IAM Identity Center architecture and permission‑set standards.
Establish global role design patterns (e.g., reader, operator, administrator) aligned to least privilege.
Drive evolution of authorization models from RBAC toward ABAC / PBAC where appropriate.
Multi‑Account & Multi‑Region Access Architect secure cross‑account access strategies in AWS Organizations and Control Tower environments.
Ensure permission models respect Service Control Policies (SCPs) and organizational guardrails.
Design environments-specific access patterns (sandbox, development, staging, production).
Infrastructure‑as‑Code & Platform Enablement Define Terraform‑based IAM patterns for permission sets, role assignments, and policy enforcement.
Integrate IAM standards into AWS Control Tower and account‑vending workflows.
Partner with platform and DevSecOps teams to embed IAM by design.
Governance, Metrics & Risk Alignment Partners with IAM Governance teams to define and consume cloud IAM metrics, including role reuse, exception volume, and privilege concentration.
Ensure cloud authorization models are auditable, regulator‑defensible, and consistent across regions.
Provide architectural guidance and review for cloud onboarding initiatives.