Responsibilities
- Stay current with emerging IAM technologies such as passwordless authentication, decentralized identity frameworks, and adaptive access controls.
- Collaborate with the Senior Architect Information Security and lead the implementation of identity governance automation, leveraging machine learning for anomaly detection and remediation.
- Ensure seamless integration of multi factor authentication (MFA) with biometric and mobile device capabilities to improve both security and user experience.
- Champion the adoption of identity threat detection and response (ITDR) solutions to proactively identify and mitigate identity based attacks.
- Develop and maintain the firm's IAM architecture, including identity lifecycle, access governance, and privileged access controls.
- Design secure authentication and authorization patterns (OpenID Connect, SAML, OAuth, Kerberos, LDAP) and in conjunction with the Platform Engineering team, Conditional Access policies aligned with Microsoft best practices.
- Embed zero trust and least privilege principles across all privileged roles and enterprise applications.
- Responsible for global firewall design and architecture.
- Architect and enhance privileged access management (PAM) capabilities, including approval workflows and continuous monitoring.
- Collaborate with Security to design Azure Policies and guardrails, supporting audit readiness and remediation (e.g., ISO 27001, ISO 22301).
- Integrate IAM with HR, IT, and engineering systems to ensure policy driven access throughout the user lifecycle.
- Oversee Conditional Access deployment, risk based authentication, and device/state signals.
- Guide the operation and hardening of multi site Active Directory domains/forests and cloud identity components (Entra/Azure AD).
- Align IAM with Firewall, Micro Segmentation, NDR, Remote Access, and Certificate Management strategies.
- Assess IAM related vulnerabilities and design timely mitigations.
- Establish and maintain reference architectures, design standards, runbooks, and documentation.
- Participate in vendor governance, roadmap reviews, and security notifications.
- Communicate architecture decisions to senior business and IT leaders; foster cross regional collaboration.
- Track industry trends and recommend innovations to improve security and reduce complexity.
- Perform other duties as assigned or required to meet Firm goals and objectives.
Qualifications
- Bachelor's degree in Computer Science, Information Technology, or related field; equivalent experience considered.
- Approx. 7-10 years in IAM/identity engineering/architecture within large or enterprise environments; 3+ years leading complex IAM design initiatives.
- Prior global/large scale enterprise experience preferred.
- Relevant industry certifications such as CISSP.
- Microsoft Certified: Identity and Access Administrator Associate required.
- Azure Cybersecurity Expert preferred.
- Certified Identity and Access Manager (CIAM) highly desirable.
Technical Skills
- Deep expertise in Microsoft identity and security across SaaS/PaaS, IAM, and Privileged Access domains; advanced Entra ID/Azure AD and on prem AD.
- Strong command of SSO and authentication protocols: OpenID Connect, SAML, OAuth, Kerberos, LDAP.
- Hands on RBAC design, entitlement management, and automated provisioning/de provisioning pipelines.
- Proficiency with PowerShell and RESTful integrations for identity automation and compliance checks.
- Familiarity with NDR and Micro Segmentation patterns; understanding of network topologies and their interplay with IAM.
- Experience hardening infrastructure and monitoring for malware/unauthorized access in hybrid environments.
- Exposure to Azure Policy and landing zone guardrails; Conditional Access at scale.
Performance Traits
- Excellent written and verbal communication; able to explain complex identity concepts to diverse audiences.
- Strong customer focus, initiative, and ability to operate under pressure with shifting priorities.
- Collaborative across business analysts, developers, data teams, and security; resilient, agile mindset; commitment to process improvement and structured operational practices.
- High discretion in handling sensitive information; willingness to challenge the status quo constructively.
- Willingness to challenge the status quo.
We are happy to discuss any reasonable adjustments that individuals may require throughout the recruitment process and once they have joined the Firm.