IAM Architect

The IAM Architect is responsible for defining, designing, and governing the enterprise Identity & Access Management architecture. This role ensures IAM solutions are secure, scalable, and aligned with business, security, and regulatory requirements. The IAM Architect provides technical leadership across IAM domains—identity lifecycle, access governance, authentication, authorisation, privileged access, and directory services—and acts as the design authority for IAM platforms and integrations.

Key Responsibilities

• Define the end‑to‑end IAM architecture covering identity lifecycle, access governance, authentication, authorisation, and privileged access.
• Produce high‑quality architectural artefacts including HLDs, LLDs, integration patterns, data flows, and security models.
• Ensure IAM designs align with enterprise architecture principles, Zero Trust, and security standards.
• Lead solution design for IAM platforms such as SailPoint, Azure AD, or CyberArk.
• Act as the technical authority for IAM across multiple projects and workstreams.
• Provide guidance to engineers, developers, and project teams on IAM patterns, standards, and best practices.
• Review and approve solution designs, configuration approaches, and integration methods.
• Ensure IAM solutions are resilient, scalable, and support operational requirements.
• Contribute to the development of the IAM strategy and multi-year roadmap.
• Identify capability gaps and recommend improvements or new technologies.
• Support maturity assessments and define target‑state IAM capabilities.
• Design integrations between IAM platforms and enterprise applications, directories, HR systems, and cloud services.
• Define identity data models, attribute mappings, and provisioning/de‑provisioning logic.
• Support role mining, access modelling, and governance design activities.
• Ensure secure API, SSO, and federation patterns (SAML, OAuth, OIDC).

Security, Compliance & Risk

• Ensure IAM architecture meets regulatory, audit, and internal security policy requirements.
• Define and validate IAM controls (e.g., least privilege, MFA, privileged access).
• Support threat modelling and security assessments for IAM solutions.
• Identify risks and propose mitigation strategies.
• Work closely with security, architecture, HR, IT operations, and application teams.
• Engage with IAM vendors and implementation partners to ensure alignment with architectural standards.
• Provide technical input into SOWs, RFPs, and vendor evaluations.

Documentation & Governance

• Maintain architectural standards, patterns, and reference models for IAM.
• Ensure documentation is complete, accurate, and aligned with enterprise governance.
• Participate in architecture review boards and design assurance processes.

Qualifications

• Strong experience as an IAM Architect or senior IAM engineer in complex enterprise environments.
• Deep understanding of IAM domains: Identity lifecycle management, Privileged Access Management.
• Hands‑on experience with major IAM platforms particularly SailPoint and Azure AD, Okta, CyberArk, or similar.
• Strong knowledge of authentication and authorisation standards (SAML, OAuth2, OIDC, SCIM).
• Strong understanding of security frameworks (Zero Trust, CAF, eCAF, NIST, ISO 27001).
• Ability to produce high-quality architectural documentation.
• Experience working with HR systems and identity data flows.
• Experience in regulated or critical infrastructure sectors.
• Knowledge of microservices, API security, and modern application architectures.
• Experience with role mining, access modelling, and identity governance maturity assessments.
• Familiarity with DevOps, automation, and CI/CD pipelines for IAM deployments.
• Experience supporting large-scale IAM transformations or cloud migrations.

Mandatory Skills: Application Security (application security framework/ threat modelling/ Secure SDLC/ DevSecOps/Application Security Architecture Review)