Identity & Access Management Lead in Leeds

We are seeking an Identity & Access Management Lead with deep expertise in Microsoft Entra and modern authentication technologies to lead the strategy, design, and execution of enterprise identity capabilities across our digital platforms and services. You will play a key role in delivering secure, scalable, and seamless identity solutions that support employees, partners, customers, and external users across our environments.

In this role, you will oversee the management and evolution of our Microsoft Entra identity platforms, enabling secure authentication, application integration, privileged access controls, and identity governance aligned to security and compliance requirements. Experience with Customer Identity and Access Management (CIAM), including Azure AD B2C / Entra External ID, is beneficial.

You will work closely with infrastructure, security, engineering, product, and business teams to ensure identity services remain resilient, compliant, and aligned with enterprise architecture and Zero Trust principles. Please be advised that this position requires attendance at Asda House in Leeds for a minimum of three days per week.

• Define and execute the enterprise Identity & Access Management (IAM) strategy leveraging Microsoft Entra technologies.
• Act as the subject matter expert for authentication, authorisation, federation, and identity governance services.
• Establish and enforce identity governance standards including lifecycle management, access reviews, privileged access controls, and role‑based access models.
• Drive alignment with Zero Trust security principles and enterprise security architecture standards.
• Configure and manage Microsoft Entra ID environments including Identity Protection, authentication methods, federation services, and enterprise applications.
• Manage and support authentication services including MFA, passwordless authentication, Single Sign‑On (SSO), self‑service password reset, and hybrid identity integrations.
• Administer enterprise application registrations, service principals, secrets, certificates, token lifecycles, and key rotation processes.
• Oversee certificate‑based authentication, secure secret storage, and integrations with Azure Key Vault and related security tooling.
• Support integrations across cloud platforms, SaaS applications, APIs, internal systems, and third‑party services.
• Support identity governance and administration processes, ideally leveraging SailPoint solutions for joiner/mover/leaver workflows, access certifications, and role management.
• Implement and support modern authentication and federation standards including OAuth 2.0, OpenID Connect (OIDC), SAML, and SCIM.
• Partner with security teams to strengthen identity protection, privileged access management, and threat detection capabilities.
• Ensure compliance with regulatory and security requirements including GDPR, PCI‑DSS and internal governance standards.
• Monitor and respond to identity‑related risks including authentication anomalies, certificate expirations, secret rotations, and privileged access concerns.
• Support audit readiness, compliance reporting, and access certification activities.
• Partner with engineering, infrastructure, architecture, security, compliance, and business stakeholders to deliver identity‑related initiatives and platform improvements.
• Act as the primary escalation point for identity platform incidents, operational support, and authentication issues.
• Lead and mentor a small team of identity engineers.
• Contribute to roadmap planning, platform modernization, and continuous improvement of IAM capabilities.

• Strong hands‑on experience with Microsoft Entra ID including Identity Protection, federation, and hybrid identity solutions.
• Experience managing certificates, secrets, application registrations, and secure authentication integrations.
• Strong understanding of OAuth 2.0, OpenID Connect, SAML, SCIM, JWTs, and modern identity architecture patterns.
• Familiarity with Azure Key Vault, Privileged Identity Management (PIM), and Zero Trust security models.
• Experience with identity governance and administration (IGA) platforms, preferably SailPoint ISC.
• Experience integrating identity services across cloud‑native applications, APIs, infrastructure platforms, and SaaS technologies.
• Exposure to Customer Identity platforms such as Azure AD B2C / Entra External ID is desirable.
• Excellent stakeholder management and cross‑functional leadership skills.

• Discretionary company bonus
• Company pension up to 7% matched
• Company Car allowance of £5,700
• 15% employee discount in store and online
• Free access to wellbeing services such as Stream, 24/7 virtual GP, counselling, health and dental cash plans, and 24/7 employee assistance helpline, along with discounts across a range of services and activities
• Asda Allies Inclusion Networks – fostering inclusion and celebrating differences
• Excellent parental leave policies, including maternity & adoption leave, paternity leave, shared parental leave, neonatal care leave, and support for fertility treatments
• Hybrid working model: minimum 3 days per week in office