IAM Architect

Must Have Technical/Functional Skills

 Highly skilled IAM Architect to lead a multi‑platform Identity Modernization Program involving the migration of legacy IBM identity systems to a modern cloud-first IAM platform. This role will architect, design, and oversee the migration of IBM ISVG to SailPoint, IBM ISAM to Okta Access Gateway, IBM LDAP to Okta Universal Directory, and the enhancement of Delinea (PAM) capabilities.

 The ideal candidate has significant experience in IAM transformations, strong Identity and governance architecture skills, and deep knowledge of SailPoint, Okta, Delinea, and legacy IBM identity technologies.

• 10+ years in Identity & Access Management architecture.

• Deep hands-on experience with: 

o SailPoint ISC

o Okta Identity Cloud, Okta Access Gateway

o Delinea Secret Server / Privilege Manager

o IBM Security Identity Governance (ISVG / IGI)

o IBM Security Access Manager (ISAM / WebSEAL)

o Active Directory, IBM LDAP, Azure AD

• Strong command of authentication & authorization standards (SAML, OIDC, OAuth2, SCIM).

• Experience with modern identity patterns: Zero Trust, JIT provisioning, identity federation, Identity Fabric models.

Roles & Responsibilities: Key Responsibilities

IAM Architecture & Strategy

• Develop and maintain the end-to-end IAM architecture roadmap aligned with business and security objectives.

• Define target-state IAM architecture leveraging SailPoint, Okta, and Delinea.

• Lead architectural design reviews and provide SME guidance on identity lifecycle, authentication, and authorization frameworks

IBM ISVG to SailPoint ISC Migration

• Lead design of migration strategy for entitlements, workflows, roles, connectors, approvals, and certifications.

• Map legacy data models, policies, roles, and provisioning logic to SailPoint.

• Oversee connector modernization and re engineering of joiner/mover/leaver processes.

• Ensure compliance-aligned access governance and SoD models.

IBM ISAM to Okta Access Gateway Migration

• Architect migration of authentication, federation, and WebSEAL policies to Okta.

• Redesign application authentication flows (OIDC, SAML, OAuth).

• Define risk-based adaptive MFA patterns and Zero Trust access.

• Integrate on-prem and cloud apps using Okta Access Gateway (OAG).

IBM LDAP to Okta Universal Directory 

• Design schema mapping and attribute transformation logic.

• Define identity consolidation, duplication, and authoritative source strategy.

• Architect group, entitlement, and policy transition into Okta UD.

PAM Architecture (Delinea)

• Enhance Delinea PAM policies, workflows, privileged session management, and least privilege models.

• Integrate PAM with SailPoint & Okta for holistic identity governance and federation.

• Expand credential vaulting, session recording, and privilege elevation use cases.

Program & Stakeholder Leadership

• Serve as the IAM technical lead for the entire migration program.

• Partner with Security, Infrastructure, Application teams, and business stakeholders.

• Oversee vendor engagement and t echnical governance.

• Create architecture documents, standards, guidelines, and playbooks.

Generic Managerial Skills, If any

• Oversee technical design, integration patterns, and build activities.

• Perform security assessments, gap analysis, and compliance validation.

• Provide L4 technical expertise for complex identity issues.

• Ensure alignment with Zero Trust, NIST, and corporate cybersecurity policies.

• Manage and reporting of Project status Daily, Weekly and Monthly status to Stakeholders.