Identity and Access Management Architect

About The Position

Requirements

• Strong knowledge of Zero Trust security principles and frameworks.
• Familiarity with IAM technologies (e.g., Identity Governance, Single Sign-On, Multi-Factor Authentication, PAM, etc.).
• In-depth knowledge of protocols like SAML, OAuth 2.0, OIDC, LDAP, and SCIM.
• Proficient in scripting languages such as PowerShell, Python, or Bash for automation tasks.
• Strong analytical skills for proactive problem solving with minimal oversight or direction.
• Excellent communication skills, with the ability to articulate complex security concepts to both technical and non-technical stakeholders.
• 7+ years of hands-on experience in Identity and Access Management with 3+ years in a senior architecture role.
• Experience with compliance standards such as NYDFS, SOX, HIPAA, and NIST.
• Experience in designing and implementing cloud IAM services (e.g., AWS IAM, Azure AD).
• Relevant certifications such as CISSP, CISM, or vendor-specific IAM certs (e.g., SailPoint Certified IdentityNow Engineer, CyberArk Defender).
• Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership.

Responsibilities

• Design, implement, and support IAM solutions with a focus on Identity Governance and Administration (IGA).
• Support PAM program to administer, control, and monitor privileged access.
• Ownership of defining and maintaining the enterprise-wide IAM architecture and roadmap, ensuring alignment with Zero Trust and broader security strategy.
• Responsibility for leading IAM governance and policy development, including access standards, SoD enforcement, and role design frameworks.
• Configure, implement, and support IGA platforms (e.g., Veza, SailPoint, Saviynt) for lifecycle management, access reviews, and role-based access controls.
• Develop/evaluate/optimize scripts (e.g., PowerShell, Python, Bash, Rest API, MS Graph, Docker CLI) to automate user provisioning, de-provisioning, job mover, reporting tasks, and other identity related activities.
• Experience designing advanced authentication and access models (passwordless, adaptive access, FIDO2/WebAuthn).
• Mentor and guide IAM engineers and project teams, providing architectural oversight and technical leadership.
• Define IAM metrics, reporting, and KPIs to measure access risk, compliance, and operational performance.
• Integrate IAM systems with HR, ITSM, directory services (e.g., Active Directory, LDAP), and cloud platforms (e.g., AWS, Azure AD).
• Collaborate with security, compliance, and application teams to align IAM strategies with business needs.
• Maintain documentation, runbooks, and system diagrams for IAM processes and tools.
• Stay current with IAM trends, tools, and security threats.

Benefits

• Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.
• Generous paid time off and holidays; Employee Assistance Program (EAP); and a complimentary Calm app subscription.
• Immediate vesting in a 401(k) plan; Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.
• Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.