iAM Architect

Key Responsibilities & What The Day Will Look Like :

As an IAM Architect, your day will involve a blend of strategic planning, technical design,implementation oversight, and collaboration with various teams.

Key responsibilities include :

- IAM Strategy & Roadmap: Define and evolve Aon's enterprise IAM strategy and roadmap, aligning it with business objectives, cybersecurity requirements, and industry best practices (e.g., Zero Trust principles).

- Architecture Design: Lead the design and architecture of complex IAM solutions, including Authentication, Authorization, Single Sign-On (SSO), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), Identity Governance & Administration (IGA), and Directory Services.

- Solution Implementation & Integration: Provide architectural guidance and oversight for the implementation and integration of IAM solutions with various enterprise applications, cloud platforms, and infrastructure components.

- Security & Compliance: Ensure IAM solutions meet stringent security standards, regulatory compliance requirements (e.g., GDPR, CCPA, SOX), and internal policies. Conduct security reviews and risk assessments related to identity.

- Technical Leadership: Act as a subject matter expert for IAM, providing technical leadership, mentorship, and guidance to engineering teams, project managers, and other stakeholders.

- Vendor Management: Evaluate and recommend IAM products and vendors, staying abreast of emerging technologies and trends in the identity space.

- Troubleshooting & Optimization: Diagnose and resolve complex IAM-related issues, optimize existing IAM infrastructure for performance, scalability, and reliability.

- Documentation: Develop and maintain comprehensive architectural documentation, design specifications, and operational procedures for IAM solutions.

- Cross-functional Collaboration: Partner closely with cybersecurity operations, application development, infrastructure, and audit teams to ensure seamless integration and effective management of identity services.

Required Technical Skills

The ideal candidate will possess deep expertise across a broad spectrum of IAM technologies and concepts, including:

Core IAM Concepts:

- Strong understanding of Authentication (AuthN), Authorization (AuthZ), Federation, Single Sign-On (SSO), and Multi-Factor Authentication (MFA).

- In-depth knowledge of Privileged Access Management (PAM) principles and solutions.

- Expertise in Identity Governance and Administration (IGA), including access request, certification, and segregation of duties.

- Understanding of directory services (LDAP, Active Directory) and their integration with IAM solutions.

IAM Platforms & Technologies (Hands-on experience with several):

- Identity as a Service (IDaaS): Okta, Azure Active Directory (Azure AD), Ping Identity, Auth0, OneLogin.

- Identity Governance & Administration (IGA): SailPoint IdentityIQ/IdentityNow, Saviynt, Micro Focus NetIQ.

- Privileged Access Management (PAM): CyberArk, BeyondTrust, Delinea (Thycotic + Centrify).

- On-Premise IAM Suites: ForgeRock, Oracle Identity Management, IBM Security Verify.

- Directory Services: Microsoft Active Directory, Azure AD Connect, LDAP directories.

Protocols & Standards:

- Expertise in industry-standard authentication and authorization protocols: SAML, OAuth 2.0, OpenID Connect (OIDC), SCIM.

- Knowledge of Kerberos, NTLM, and other legacy authentication mechanisms.

Cloud IAM:

- Strong understanding of IAM capabilities within major cloud providers: AWS IAM, Azure AD, Google Cloud IAM.

- Experience securing cloud-native applications and infrastructure.

Scripting & Automation:

- Proficiency in scripting languages such as PowerShell, Python, or Bash for automation of IAM processes, integrations, and data manipulation.

- Experience with Infrastructure as Code (IaC) tools (e.g., Terraform, Ansible) for deploying and managing IAM components.

Security Principles:

- Deep understanding and practical application of Zero Trust architecture principles.

- Strong grasp of Least Privilege, Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC).

Networking & Infrastructure:

- Familiarity with network security concepts (firewalls, proxies, load balancers) relevant to IAM deployments.

- Understanding of server operating systems (Windows Server, Linux) and virtualization technologies.

APIs & Integrations:

- Experience designing and implementing RESTful APIs for IAM integrations.

- Knowledge of web services (SOAP) and API security best practices.

Database Knowledge:

- Familiarity with SQL and NoSQL databases for identity store management and auditing.

Qualifications & Professional Attributes :

- Bachelor's degree in Computer Science, Information Security, or a related technical field. Master's degree preferred.

- Relevant industry certifications such as CISSP, CISM, CCSP, or vendor-specific IAM certifications (e.g., Okta Certified Architect, SailPoint Certified IdentityIQ Engineer) are highly desirable.

- Exceptional analytical and problem-solving skills with the ability to translate complex technical concepts into clear, actionable designs.

- Strong communication skills, both written and verbal, with the ability to articulate complex technical information to diverse audiences, including senior leadership.

- Proven ability to lead, mentor, and collaborate effectively with cross-functional teams in a fast-paced, dynamic environment.

- Demonstrated ability to manage multiple priorities, work independently, and drive projects to successful completion.

- A proactive and adaptable mindset, continuously seeking to learn and apply new technologies and methodologies.