SECURITY ARCHITECT L1(CONTRACT) in Coventry

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients' most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses.

Location: Coventry - Hybrid

The Senior IDAM Architect is the end to end technical authority for all Identity Pillar scope under Lot 1, accountable for Initiate, Discovery, Design, and Implementation across Identity Governance & Administration (IGA), Active Directory/Entra ID, RBAC/ABAC, PKI, Conditional Access, Identity Lifecycle, CIEM, and identity threat protection capabilities. This role acts as the single technical point of contact for all identity related decisions, integrations, designs, and technical escalations, ensuring adherence to Zero Trust principles, Client Delivery & Cyber frameworks, and the architectural governance process.

• Programme-Level Identity Architecture Leadership: Serve as the lead architect for all identity capabilities: IGA, directories (AD/OT AD/Entra ID), RBAC/ABAC, Conditional Access, PKI, CIEM, machine identity, identity lifecycle automation. Own the architectural strategy and roadmap for the Identity Pillar across Year 1 (I&D) and influence Year 2 planning. Act as the single technical authority across all identity workstreams, ensuring coherence, interoperability, and alignment with Zero Trust Identity outcomes. Lead technical governance engagement: Information Security TAG, PESA approvals, Design Authority reviews, and cross pillar integration sessions.
• Initiate & Discovery Responsibilities (Identity Specific): Lead comprehensive DAAS discovery for identity components: identity stores and directories; AD forests/domains and OT AD footprint; application identity models; entitlements, access patterns, privileged roles; IGA process and connector readiness; non human / service identities. Conduct identity specific discovery across: JML processes, access request flows, attestation cycles; directory security posture (CIS benchmarks, Microsoft best practices); account discovery (human, service, machine) across IT, OT, cloud, SaaS, air gapped systems. Evaluate and document: identity risks; excessive privileges; identity lifecycle issues; unmanaged accounts; access policy gaps. Produce: discovery logs; dependency registers; technical constraints; discovery outputs traceable to future designs.
• Identity Architecture Design Responsibilities: Produce HL/ML/LLD for the IGA platform (SailPoint/Saviynt/etc.). Define architecture for lifecycle automation (Joiner/Mover/Leaver); access request & approval workflows; entitlements management; attestation & certification; role mining & identity analytics. Define integration patterns with HR (authoritative source); AD/OT AD/Entra ID; ServiceNow; SIEM for identity related detections; PAM/PIM for privileged identities. Produce architecture for AD, Entra ID, and OT AD identity capabilities: secure configuration baselines; naming conventions, OU design, GPO strategy; trust boundaries, domain/forest design; identity lifecycle & sync patterns; directory-tiering strategy (Tier 0). Define enterprise RBAC/ABAC models: business roles, application roles, segregation of duties, governance and lifecycle of roles; ensure alignment with HR data models and IGA role mining outputs. Architect conditional access policies (CA rules, sign in risk, device trust, session controls); Define MFA strategy: Authenticator App, FIDO2, passwordless, biometrics; Define Zero Trust authentication patterns for privileged identities, third parties, mobile/remote users, OT identities where applicable. Produce architecture for PKI, certificate issuance, renewal, and lifecycle governance; Define trust anchors and certificate policies for user identities, device identities, service principals, OT and cloud workloads. Define cloud identity entitlement patterns (Azure/AWS); Establish least privilege, JIT/JEA patterns for cloud workloads.
• Implementation Responsibilities (Identity-Focused): Provide hands on architectural oversight to ensure implementations follow approved designs. Oversee rollout and validation of: IGA connectors, workflows, lifecycle processes; AD/Entra ID configuration updates and hardening; Conditional access/MFA/policy rollout; RBAC role deployment and attestation setup; PKI enhancements, CA templates, certificate workflows; CIEM configuration and governance. Guide identity engineers and application onboarding teams through technical sequencing, integration steps, and issue resolution. Validate end to end identity flows (authentication, provisioning, deprovisioning, attestation).
• Identity Governance, Compliance & Risk: Ensure all identity designs align with Zero Trust Identity requirements; CAF/eCAF outcomes; regulatory and compliance frameworks (GDPR, NIS R, PCI DSS). Define governance processes for privileged identity control; identity data quality; access attestation; policy exceptions. Support the audit and compliance teams with identity reporting, evidence, and control design.
• Stakeholder & Technical Leadership: Act as the single point of contact for all identity related technical matters across the programme. Lead communication with Cyber Architecture, HR, IT Ops, Security Operations, Application teams, OT Identity & OT Engineering teams. Conduct design walkthroughs, knowledge handovers, and training sessions for BAU teams. Resolve identity related escalations, engineering blockers, and architecture decision disputes.

• Technical Expertise: 12+ years in Identity & Access Management architecture. Deep expertise in: IGA (SailPoint/Saviynt), RBAC/ABAC; AD/Entra ID/OT AD; Authentication/Federation (SAML, OAuth2, OIDC); Conditional Access & MFA; PKI & Certificate Lifecycle; CIEM, cloud identity & Zero Trust identity patterns. Extensive experience designing and integrating identity capabilities across hybrid (IT/OT) landscapes.
• Delivery & Architecture: Proven experience delivering large-scale IAM transformations end to end. Strong architectural documentation and governance skills. Ability to lead multi vendor and multi platform identity delivery teams.
• Behavioural: Executive-level communication and architectural leadership. Operates confidently across strategic, detailed technical, and operational domains. Structured, methodical, collaborative, and outcome driven.

• Identity DAAS Discovery Reports
• Requirements (Functional & Non Functional)
• High/Mid/Low-Level Identity Designs
• IGA Architecture, Connector Designs & Workflow Specifications
• Directory Services Architecture Pack
• RBAC/ABAC Role Taxonomy & Governance Framework
• Conditional Access & MFA Design Pack
• PKI Architecture & Lifecycle Model
• Identity Implementation Playbooks
• Governance, Controls & Attestation Designs
• Technical submissions for TAG/PESA/Design Authority

We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry.