Infrastructure & Access Management Architect

Overview

Mayer Brown is an international law firm positioned to represent the world’s major corporations, funds, and financial institutions in their most important and complex transactions and disputes. We are recognised by our clients as strategic partners with deep commercial instincts and a commitment to creatively anticipating their needs and delivering excellence in everything we do. We are a collegial and collaborative firm where highly motivated individuals with an unwavering commitment to excellence receive the opportunity, support, and development they need to grow, thrive, and realise their greatest potential all while supporting the Firm’s client service principles of excellence, strategic partnership, commercial instinct, integrated strengths, innovation, and collaboration across our international firm.

If you enjoy working with team members whose defining characteristics are exceptional client service, initiative, professionalism, responsiveness, and adaptability, you may be the person we are seeking to join our IT department in our London office as an Architect: Infrastructure & Access Management.

Responsibilities

• Stay current with emerging IAM technologies such as passwordless authentication, decentralised identity frameworks, and adaptive access controls.
• Collaborate with the Senior Architect Information Security and lead the implementation of identity governance automation, leveraging machine learning for anomaly detection and remediation.
• Ensure seamless integration of multi-factor authentication (MFA) with biometric and mobile device capabilities to improve both security and user experience.
• Champion the adoption of identity threat detection and response (ITDR) solutions to proactively identify and mitigate identity-based attacks.
• Develop and maintain the firm’s IAM architecture, including identity lifecycle, access governance, and privileged access controls.
• Design secure authentication and authorisation patterns (OpenID Connect, SAML, OAuth, Kerberos, LDAP) and in conjunction with the Platform Engineering team, Conditional Access policies aligned with Microsoft best practices.
• Embed zero trust and least privilege principles across all privileged roles and enterprise applications.
• Responsible for global firewall design and architecture.
• Architect and enhance privileged access management (PAM) capabilities, including approval workflows and continuous monitoring.
• Collaborate with Security to design Azure Policies and guardrails, supporting audit readiness and remediation (e.g., ISO 27001, ISO 22301).
• Integrate IAM with HR, IT, and engineering systems to ensure policy-driven access throughout the user lifecycle.
• Oversee Conditional Access deployment, risk-based authentication, and device/state signals.
• Guide the operation and hardening of multi-site Active Directory domains/forests and cloud identity components (Entra/Azure AD).
• Align IAM with Firewall, Micro-Segmentation, NDR, Remote Access, and Certificate Management strategies.
• Assess IAM-related vulnerabilities and design timely mitigations.
• Establish and maintain reference architectures, design standards, runbooks, and documentation.
• Participate in vendor governance, roadmap reviews, and security notifications.
• Communicate architecture decisions to senior business and IT leaders; foster cross-regional collaboration.
• Track industry trends and recommend innovations to improve security and reduce complexity.
• Perform other duties as assigned or required to meet Firm goals and objectives.

The Firm may modify and amend this job description at any time at its sole discretion. Nothing herein creates a contract of employment.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, or related field; equivalent experience considered.
• Approx. 7–10 years in IAM/identity engineering/architecture within large or enterprise environments; 3+ years leading complex IAM design initiatives.
• Prior global/large-scale enterprise experience preferred.
• Relevant industry certifications such as CISSP, Microsoft Certified: Identity and Access Administrator Associate required; Azure Cybersecurity Expert preferred; Certified Identity and Access Manager (CIAM) are highly desirable.

Technical Skills:

• Deep expertise in Microsoft identity and security across SaaS/PaaS, IAM, and Privileged Access domains; advanced Entra ID/Azure AD and on-prem AD.
• Strong command of SSO and authentication protocols: OpenID Connect, SAML, OAuth, Kerberos, LDAP.
• Hands-on RBAC design, entitlement management, and automated provisioning/de-provisioning pipelines.
• Proficiency with PowerShell and RESTful integrations for identity automation and compliance checks.
• Familiarity with NDR and Micro-Segmentation patterns; understanding of network topologies and their interplay with IAM.
• Experience hardening infrastructure and monitoring for malware/unauthorised access in hybrid environments.
• Exposure to Azure Policy and landing zone guardrails; Conditional Access at scale.

Performance Traits:

• Excellent written and verbal communication; able to explain complex identity concepts to diverse audiences.
• Strong customer focus, initiative, and ability to operate under pressure with shifting priorities.
• Collaborative across business analysts, developers, data teams, and security; resilient, agile mindset; commitment to process improvement and structured operational practices.
• High discretion in handling sensitive information; willingness to challenge the status quo constructively.

At Mayer Brown, we are committed to creating an inclusive work environment that offers our people the opportunity and support they need to succeed. Our culture promotes mutual respect, acceptance, cooperation and productivity among people from all backgrounds and values different perspectives and ideas. One of our core values at Mayer Brown is to promote inclusion at all levels within the business which is actively supported by our Employee Resource Groups - LGBTQI+, Fusion (Race & Ethnicity), Multi-faith, Women, Enable (Disability), Social Inclusion and Opportunities Network and Work and Me (Family). We are happy to discuss any reasonable adjustments that individuals may require throughout the recruitment process and once they have joined the Firm.