Enterprise IAM Architect, Global

About The Position

Requirements

• In depth experience in cybersecurity and/or identity architecture (IAM/CIAM), including enterprise-scale transformation
• Proven experience defining enterprise IAM/CIAM strategy, target-state architecture, and roadmaps
• Demonstrable experience shaping initiatives and developing project/program charters for portfolio governance and funding
• Experience working effectively with PMO/program governance functions
• Experience working with system integrators and consultancies, including architectural oversight and design authority engagement
• Strong knowledge of workforce and/or customer identity platforms and controls—examples include Entra ID, hybrid AD, Intune, Windows Hello for Business, Okta, SailPoint IIQ, HYPR (or equivalent)
• Knowledge of industry frameworks (NIST, ISO/IEC) and control-driven design in regulated environments
• Strong stakeholder management and executive communication skills (risk/value trade-offs, decision support, influencing without direct authority)
• Mastery level knowledge of workforce IAM and customer IAM
• Experience of defining defendable / resilient security architectures
• Risk- and controls-driven architecture with measurable outcomes
• Technology-agnostic judgement; capability-first design
• ROSI-led decision making and value realization thinking
• Governance and design authority leadership
• Cross-functional influence without direct delivery ownership
• Executive communication and facilitation of decisions and trade-offs

Responsibilities

• Defining and maintaining the workforce IAM and customer IAM (CIAM) strategy and target-state architecture
• Developing and governing multi-year roadmaps, including transition states and sequencing
• Working with other domain leads and architects to define IAM-related projects and transformation initiatives
• Translating capability gaps and risk exposure into structured, fundable initiatives aligned to enterprise priorities
• Establishing outcome measures and architectural guardrails to ensure initiatives deliver measurable risk and control improvements
• Providing architectural governance and approval for identity-related initiatives, including standards, patterns, design reviews, and exception management
• Ensuring alignment with wider enterprise security architecture direction, risk appetite, and regulatory obligations
• In collaboration with other domain leads, architects, delivery stakeholders, operations, engineering and the ISO PMO, you own the development of identity-related project and program charters, including: Strategic rationale and business justification, Risk reduction objectives and control outcomes, Scope boundaries, assumptions, and architectural intent, Success metrics and measurable value realization, Dependencies, sequencing, and transition planning, Alignment to enterprise portfolio/funding governance processes
• Define the workforce IAM and CIAM target state architectures, controls, standards, principles, and design patterns
• Develop identity response strategies for emerging technologies, including IAM implications for Agentic AI and autonomous systems (e.g. non-human identities)
• Define and steer phishing-resistant and passwordless strategy (e.g., FIDO2/WebAuthn, device-bound authentication, platform authenticators)
• Define endpoint-integrated trust models in partnership with endpoint/EUC teams (e.g., Intune device posture, compliant device enforcement, conditional access integration)
• Continuously evaluate and re-evaluate identity technologies and investments to maximise Return on Security Investment (ROSI), drive cost efficiency, identify optimisation opportunities, and ensure spend is aligned to measurable risk and control outcomes
• Ensure business cases and charters quantify expected value (risk reduction, incident reduction, operational efficiencies, productivity improvements, audit outcomes)
• Play an active role in defining and shaping the IAM sourcing approach and operating model
• Define architecture-led evaluation criteria and control outcomes to support build/buy/partner decisions
• Define and validate service boundaries, accountabilities (RACI), and governance forums
• Shape system integrator and managed service engagement models (where applicable) to ensure quality, control effectiveness, auditability, and sustainable run-state operations
• Provide architectural oversight of system integration partners and consultancies, validating deliverables and ensuring alignment to enterprise standards and target-state intent
• Ensure alignment to enterprise security architecture frameworks (e.g., SABSA, TOGAF) and industry frameworks (e.g., NIST, ISO/IEC), producing audit-defensible designs

Benefits

• Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial security—as well as your professional development
• Volunteer Time Off and Matching Grants Programs