IAM Architect

Job Summary

The IAM Architect is a senior security resource that provides enterprise guidance on identity and access management, including architecture, design, implementation, governance, and standards. This role leads the design of RBAC frameworks, authentication strategies, and privileged access models across the enterprise. Serves as the IAM subject matter expert across project teams, ensuring alignment of identity controls to risk across individual business units. Accountable for securing enterprise information and systems by designing and documenting holistic IAM solutions, preparing IAM standards and policies, and driving implementation across core platforms including SailPoint, CyberArk, Microsoft Entra ID, and Radiant Logic.

Essential Functions of the Role

• Ability to perform complex and systemic risk assessment and help project efforts to attain timely and effective secure designs.
• Investigates and resolves problems, inefficiencies and enhances the enterprise risk mitigation stance. Possess deep technical knowledge and demonstrated the ability to apply security related knowledge for practical and timely outcomes.
• Must be able to effectively communicate the conceptual and straightforward design of holistic enterprise security solutions.
• Must be able to function as a technical change agent when appropriate so that enhancements to BSWH security can happen without introducing material un-planned impacts to projects (e.g. security, time, budget or scope.) This must often be done by creating new approaches when legacy standards and directives don’t cover the situation well or there are insurmountable and conflicting business requirements.
• Correlate data and reports from different sources, make reasoned inferences about that data, and be able to publish results. Ability to develop tools and scripts to aid in data processing or other aspects of log and or security research.
• Make / Implement recommendations for improvements in processes and procedures. Evaluate alerts and reports to assist in tuning security systems for accurate results.
• Participate and/or Run projects as requested.
• Assist to remediate compromised endpoints through established processes and procedures and with the current toolset.
• Review detailed log study. Provides / Review recommendations for remediation based on that review, correlation and log study. Prepare reports as requested.
• Configure IAM standards and controls
• Configuration of defined sustainability procedures related to Security Operations Management and IAM initiatives
• Providing workflow recommendations and completing provisioning configuration and entitlement management based on regulatory needs
• Implementing entitlement management solutions for role-based access controls and provisioning procedures for both external and internal application needs (understanding of multiple methods of role management)
• Supporting the implementation of IAM configuration for the joiner, mover, and leaver scenarios across in-scope platforms and applications (also includes complete user scenarios including recertification, password reset functionality, reporting, etc.)
• Analyzing and resolving complex authentication, integration, and automation issues

Key Success Factors

• Deep data-based skills with sound and straightforward problem-solving capabilities.
• Experience in writing enterprise-level architecture documentation and testing.
• Excellent critical thinking and rationale skills to resolve security challenges.
• Excellent written and verbal communication skills; Demonstrated ability to effectively explain complex concepts to others in less complex terms.
• Ability to work with others in teams and share testing and partner well on problems.
• Ability to work efficiently and accurately under pressure with tight deadlines.
• Self-motivated to identify and resolve issues in a large enterprise environment.
• Must be flexible in filling various roles in project management processes
  

Preferred Qualifications

• IAM Platforms: SailPoint IIQ, CyberArk Privilege Cloud / EPM / Identity, Microsoft Entra ID, Radiant Logic VDS/RadiantOne
• Authentication Protocols: SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), Kerberos, LDAP / LDAPS, SCIM
• Scripting & Development: PowerShell, Python, REST API integration, JSON/XML, SQL, CI/CD pipelines
• Security Frameworks: NIST 800-53, HIPAA access control requirements, Zero Trust architecture principles
• Tools: VSCode, AZ DevOps / Git, Postman, ServiceNow

Minimum Qualifications

• Bachelor's or 4 years of work experience above the minimum qualification
• 5 Years of Experience