IAM/Active Directory Architect

Description

We are seeking a Sr. IAM Engineer with deep experience assessing current state, designing target-state architectures, and implementing/maturing Role-Based (RBAC) and Attribute-Based (ABAC) access models at enterprise scale. This leader will serve as the SailPoint technical expert, engineering policy, integration, and governance processes that meet financial-services compliance expectations. The role partners with enterprise architects, risk/compliance, platform teams, and app owners to operationalize identity as a control across SaaS, on-prem, and cloud.

What you'll Do:

• Define RBAC/ABAC standards, pattern libraries, and guardrails; author architecture decision records (ADRs).
• Drive role engineering (role discovery, consolidation, birthright access, SoD matrices) and ABAC policy design (attribute inventory, policy enforcement integration).
• Maintain the IGA reference architecture spanning SailPoint, Okta, directories (AD/LDAP), HR/ERP, and cloud providers.
• Partner with AppSec and platform teams to externalize authorization using federation and standardized protocols (SAML 2.0, OIDC, OAuth 2.0; SCIM for provisioning).
• Configure sources/authorities, connectors, aggregation & correlation rules, identity profiles, entitlement catalogs, lifecycle policies, workflows, access request, and certification campaigns in SailPoint; implement Okta connector patterns.
• Build monitoring/health checks, metrics, and dashboards for access governance KPIs; automate evidence collection.
• Define policies/standards for access control, attribute quality, identity proofing, certification cadence, and exception handling; ensure alignment with enterprise risk appetite.
• Support audits and regulatory examinations with defensible evidence, including certification results, SoD analyses, and access recertification trails.
• Mentor engineers and analysts; partner with business/application owners to onboard apps at scale under governance; establish repeatable app-onboarding playbooks (federation + provisioning + role modeling).
• SailPoint (IdentityIQ Engineer/Architect or Identity Security Cloud) and/or Okta certifications; experience integrating SailPoint with Okta via connectors/APIs.
• Cloud IAM concepts (Azure AD/Entra ID, AWS IAM), and experience mapping ABAC to cloud entitlements/metadata.
• Financial-services experience with audit/regulatory expectations (e.g., access certification cadence, evidence, SoD rigor).

Requirements

What You Bring:

• 8+ years in IAM with 5+ years leading RBAC/ABAC design and enterprise deployment; demonstrable delivery of role mining/engineering and attribute-driven authorization.
• Hands-on SailPointexpertise(IdentityIQor Identity Security Cloud/IdentityNow) across connectors, lifecycle automation, certifications,SoD, policy, and analytics; Okta SSO/MFA and federation patterns.
• Strong command of federated identity protocols and provisioning standards (SAML 2.0, OIDC, OAuth 2.0, SCIM).
• Working knowledge of directory services (AD/LDAP), identity data modeling, and integration architectures; familiarity with crypto & tokenization fundamentals for identity.
• Experienceestablishingaccess governance processes (access reviews, recertifications,SoD, exception management) consistent with industry best practices.
• Proficiencyin at least one scripting language (e.g.,Beanshell/Java for IIQ, Python/PowerShell for automation), and SQL for identity analytics.

Technology Doesn't Change the World, People Do.

Robert Half is the world's first and largest specialized talent solutions firm that connects highly qualified job seekers to opportunities at great companies. We offer contract, temporary and permanent placement solutions for finance and accounting, technology, marketing and creative, legal, and administrative and customer support roles.

Robert Half works to put you in the best position to succeed. We provide access to top jobs, competitive compensation and benefits, and free online training. Stay on top of every opportunity - whenever you choose - even on the go. Download the Robert Half app and get 1-tap apply, notifications of AI-matched jobs, and much more.

All applicants applying for U.S. job openings must be legally authorized to work in the United States. Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance. Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan. Visit roberthalf.gobenefits.net for more information.

2025 Robert Half. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking "Apply Now," you're agreeing to Robert Half's Terms of Use and Privacy Notice.