Identity and Access Architect

Responsibilities

Own the Identity Strategy

• Define and drive the target-state identity architecture across IAM, PAM, and machine identity
• Establish token-based authentication and just-in-time access as core design principles
• Act as the final voice on identity architecture decisions - clear, opinionated, and grounded in experience
• Translate strategy into reference architectures, patterns, and execution frameworks

Modernize IAM

• Lead the evolution of identity governance and administration (IGA) platforms (e.g., SailPoint)
• Design a centralized authentication model to replace fragmented systems
• Improve end-user experience by eliminating redundant authentication friction
• Enable scalable onboarding via cloud-native identity platform integration patterns (SDKs/APIs) Transform Privileged Access
• Move the organization from standing privilege to just-in-time, token-based access
• Architect enterprise PAM solutions (CyberArk or equivalent)
• Define secrets management strategy and controls
• Reduce risk through identity-based segmentation and least-privilege design

Lead Non-Human & Cloud Identity

• Build frameworks for machine identity, workload identity, and service-to-service auth
• Establish identity controls across cloud platforms, Kubernetes, and CI/CD pipelines
• Define identity patterns for emerging AI and autonomous systems Drive Governance & Capability
• Embed governance into architecture to support audit, compliance, and risk reduction
• Define standards, guardrails, and reusable patterns
• Mentor engineers and elevate capability across distributed teams
• Bridge the gap between tooling capabilities and architectural intent What You BringCore Experience
• 10+ years in Identity & Access Management architecture and engineering
• Deep expertise across:
  • IAM (Identity & Access Management)
  • PAM (Privileged Access Management)
  • Identity Governance (IGA)
• Strong hands-on experience with:
  • Microsoft Entra ID (Azure AD)
  • CyberArk (or equivalent PAM platforms)
  • SailPoint (IdentityNow/IdentityIQ) Technical Depth
• Proven experience with:
  • OAuth 2.0, OIDC, token-based auth models
  • Just-in-time (JIT) access/zero standing privilege
  • Cloud-native identity architectures
  • Kubernetes/workload identity/CI-CD security
• Strong understanding of:
  • Secrets management (Vault or equivalent)
  • Identity in distributed and hybrid cloud environments

Execution & Leadership

• Track record of delivering enterprise-scale identity transformations
• Ability to influence senior stakeholders and align business + engineering
• Experience leading or mentoring distributed/global teams
• Comfortable operating as a player-coach. Strategic and hands-on

Bonus Points

• Experience with Zero Trust architecture
• Background in regulated environments (financial services, healthcare, etc.)
• Large-scale migration or “factory model” delivery experience
• Exposure to AI/agent identity models

Who You Are

• You don’t just design architecture - you drive it into production
• You connect dots across IAM, PAM, cloud, and machine identity without forcing it
• You bring strong opinions backed by real-world delivery
• You’re as comfortable in an exec room as you are in a design review
• You elevate the people around you - not just the technology