IAM Architect

KTek Resourcing • Dallas, TX, US • 1d ago

Summary:

The IAM Architect is responsible for defining and leading the enterprise-wide Identity and Access Management strategy, architecture, and roadmap to ensure secure, compliant, and seamless access to systems and data across on-premises and cloud environments. This role combines strategic architecture, solution design, and technical leadership, working closely with security, infrastructure, application, and business teams.

Experience Requirements:

10+ years of experience in Information Security
5+ years of hands-on experience in IAM architecture, design, and solution delivery in enterprise environments

Key Responsibilities:

Define and own the enterprise IAM architecture, standards, and reference patterns across authentication, authorization, identity lifecycle, and privileged access.
Develop and maintain the IAM roadmap aligned with security strategy, business objectives, and regulatory requirements.
Design end-to-end IAM solutions including Identity Governance & Administration (IGA), Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Privileged Access Management (PAM).
Lead solution design for key IAM capabilities: user provisioning and de-provisioning, access request workflows, role-based and attribute-based access control (RBAC/ABAC), and access certification.
Architect integrations between IAM platforms and enterprise applications, directories, cloud services, APIs, and CI/CD pipelines.
Define patterns for integrating applications with SSO/MFA, directory services (AD/LDAP), and identity federation (SAML, OAuth2/OIDC).
Partner with Security, Risk, and Compliance teams to ensure IAM controls support audit, regulatory, and policy requirements (e.g., SoD, least privilege, logging and monitoring).
Conduct IAM risk assessments and threat modeling for new and existing solutions; recommend and drive remediation.
Provide technical leadership to IAM engineers and project teams, guiding implementation, configuration, and migration activities.
Establish and promote DevOps and automation practices for IAM (e.g., configuration as code, CI/CD for IAM changes, automated testing).
Create and maintain architectural documentation, solution designs, standards, and guidelines for IAM.
Act as a primary IAM subject matter expert for stakeholders, supporting design reviews, RFPs, and vendor/product evaluations

Required Qualifications:

Bachelor's degree in computer science, Information Security, Engineering, or related field, or equivalent experience.
Deep knowledge of IAM concepts: identity lifecycle, authentication and authorization, RBAC/ABAC, least privilege, SoD, and Zero Trust principles.
Strong hands-on experience with at least two major IAM platforms, such as:
Identity Governance: SailPoint, Saviynt, etc.
Workforce/Customer IAM & SSO: Microsoft Entra ID/Azure AD, Okta, Ping, etc.
Privileged Access: CyberArk, BeyondTrust, or similar.
Solid understanding of directories and identity stores (AD/LDAP), group strategy, OU design, and delegation models.
Strong knowledge of IAM standards and protocols: SAML, OAuth2, OpenID Connect, SCIM, LDAP, Kerberos.
Experience designing IAM solutions for hybrid environments (on-prem, cloud, and SaaS) on platforms such as Azure, AWS, or GCP.
Demonstrated experience leading complex IAM projects or programs, collaborating with cross-functional technology and business stakeholders.
Strong communication skills, with ability to explain technical concepts to both technical and non-technical audiences and influence senior stakeholders.

Preferred Qualifications:

Experience implementing or architecting IGA solutions with SailPoint, Entra ID, Okta, Ping or equivalent (e.g., lifecycle manager, certifications, SoD, connector design).
Experience integrating IAM with PAM tools and aligning privileged access with IGA policies.
Background in security architecture or enterprise architecture with a focus on IAM.
Familiarity with DevOps tooling and practices (e.g., Git, CI/CD pipelines) for IAM change management.
Knowledge of regulatory and compliance frameworks (e.g., SOX, GDPR, HIPAA, ISO 27001) and their implications for IAM controls.
Relevant certifications such as CISSP, CCSP, CISM, GIAC (e.g., GIAC GMOB/GCIA), or vendor certifications in IAM platforms (e.g., SailPoint, Okta, Microsoft).

Key Competencies:

Strategic and analytical thinking with ability to translate business needs into IAM solutions.
Strong problem-solving skills and ability to handle complex integration and design challenges.
Leadership and mentoring skills for guiding engineering teams and influencing architectural decisions.
High degree of accountability, ownership, and drive to improve security posture and user experience.

Process Skills: