CITDE (Data & Engineering) is looking for a Cloud Architect to perform, but not limited to, the following detailed scope of work.
· Architect and design enterprise access management and data privacy solutions.
· Develop and maintain architectural documentation, reference diagrams, process models, and runbooks.
· Design and implement Policy-Based Access Control frameworks such as PBAC, ABAC and RBAC using technologies like PlainID and Entra ID.
· Ensure alignment with enterprise standards and security posture frameworks.
· Implement and manage access control policies across cloud platforms.
· Integrate Entra ID Identity Governance & Administration (IGA) for:
· Identity Lifecycle
· Entitlement Management
· Delegated User Administration
· Unified Access Governance Automation
· Access Authorization
· Architect and implement unified application onboarding workflows using SailPoint.
· Design and enforce role-based access control (RBAC), PBAC, and lifecycle management.
· Design, develop, and manage authorization policies using natural language and PBAC frameworks.
· Integrate Microsoft Purview for unified data governance and privacy compliance.
· Design secure cloud architectures using Azure services, adhering to CIS, NIST, and ISO 27001 standards.
· Implement data protection strategies including encryption (at rest/in transit), secure storage, and backup/recovery.
· Ensure compliance with privacy regulations using governance and auditing tools.
· Utilize Azure-native tools for data classification, labeling, and policy enforcement.
· Implement CI/CD pipelines using Azure DevOps.
· Automate deployment, configuration, and testing using Infrastructure as Code (IaC) tools like Terraform.
· Integrate access management into DevOps pipelines for seamless CI/CD operations.
· Plan and execute policy deployments across environments using ADF Pipelines.
· Maintain developer handbooks and runbooks for authorization management.
· Collaborate with developers, QA, project managers, and stakeholders to ensure cohesive delivery.
· Use Agile/Scrum methodologies for iterative development and rapid delivery.
· Maintain documentation in collaboration tools and provide weekly status updates.
· Develop and enhance access management reporting frameworks.
· Present solutions, architecture, and progress to senior management and stakeholders.
· Provide clear, concise, and impactful presentations and documentation.
Skills Required :
· Expertise in designing end-to-end solutions that align with business needs and enterprise standards.
· Ability to create reference architecture diagrams using tools like iGrafx or Visio.
· Strong understanding of enterprise architecture frameworks such as TOGAF, Zachman, or similar frameworks.
· Deep hands-on experience in architecture and development of .Net and APIs.
· Strong hands-on experience and knowledge of IAM and Authorization technologies, such as: Entra ID, PlainID, SailPoint etc.
· Architecture and design knowledge of implementing data authorization in Salesforce.
· Proven experience in architecting and development of PBAC, ABAC and RBAC authorization Policy solutions.
· Experience with SailPoint for unified application onboarding and IGA workflows.
· Expertise in identity lifecycle management, entitlement management, and delegated administration.
· Experience with integrating SailPoint with cloud platforms and enterprise systems.
· Expertise in Microsoft Azure; experience with AWS, Google Cloud, Oracle Cloud is a plus.
· Proficiency in cloud-native security tools, network security, and threat detection.
· Experience with data protection, encryption, and compliance tools (e.g., Microsoft Purview).
· Experience with data encryption, data loss prevention policies, and secure data storage solutions across cloud platforms.
· Experience with data classification and labeling data for compliance.
· Integration of automation pipelines with access management solutions.
· Proficiency in C#, JavaScript, Python, Git.
· Experience with API integration, OAuth/JWT, and documentation tools like Swagger/OpenAPI.
· Experience with designing secure network architectures using virtual networks, firewalls, and security groups.
· Experience using cloud-native security tools for threat detection and continuous security monitoring.
· Knowledge and experience with Database security and administration (Oracle, Postgres, MSSQL, Cosmos DB).
· Exceptional presentation and communication skills.
· Ability to engage with senior management and cross-functional teams.
· Strong problem-solving and troubleshooting capabilities.
· 8+ years in IAM architecture, design, and development.
· Bachelor’s degree or higher in Computer Science or related field.
· Relevant certifications such as Microsoft Certified: Azure Fundamentals, Azure Solutions Architect Expert, Azure Security Engineer Associate, Security, Compliance, and Identity Fundamentals, AWS Certified Solutions Architect, Google Cloud Professional Architect, CISSP, or similar are highly desirable.