Identity and Access Management (IAM) Solution Architect
Cloud Security Services is looking for an experienced Identity and Access Management (IAM) Solution Architect to assist Client with a multi-year IAM transformation initiative. Candidate must have a strong background in designing IAM architecture for large, complex environments. This is a 6-month remote project.
Responsibilities
· Support of omni-channel (Digital, Voice, Paper) standard patterns based on the target state IAM solution architecture and eco-system for client workforce members.
· Drive workforce IAM solution architecture and scoping of engineering design and scoping to support the transformation initiative.
· Create engineering diagrams to support the overall solution architecture.
· Maintain and update the overall solution architecture.
· Solution Architecture and Engineering Diagrams for technical discovery and integration with other systems (e.g., CMDB and ITSM).
· Support the development of basic use cases / role models for Day 1 (Birthright) access.
· Create engineering diagrams for implementation into IDMS.
· Support the implementation of target state digital identity records for employees, contractors, and robots.
· Provide access management architecture and engineering services.
· Support the architecture and engineering for IDMS compliance across business sectors.
· Support architecture and engineering for enhancing access recertifications for better end user experience.
· Support AD / AAD architecture and engineering requirements.
Covers the following pattern categories for IAM;
oRegistration / Onboarding
oAuthentication § Authorization
oThird-party Service/API Access & Authorization
oInvitation-Based User Registration
oUser Access Delegation
oUser De-provisioning
oHelpdesk Processes
oOmnichannel Services "Overlay"
oDirectory abstraction
oMulti-factor authentication
· Evaluation of current processes against the defined industry and leading practices including industry standards such as the National Institute for Standards and Technology (NIST) Special Publication (SP) 800-63; Digital Authentication, NIST Cybersecurity Framework (CSF) and NIST SP 800-53; Security and Privacy Controls.
Required Skills
· 7-10 years’ experience working in the Identity and Access management (IAM) information security space in an architecture capacity.
· 5-7 years’ experience with the following:
o Workforce IAM
o Consumer IAM (CIAM)
o Federation and single sign-on (B2B and B2C)
o National Institute of Standards and Technology (NIST) 800-53
o NIST 800-63
o NIST Cybersecurity Framework (CSF)
· Experience creating high and low level IAM architecture patterns.
· Experience developing and implementing IAM strategies and roadmaps.
· Experience with major IAM platforms including:
o Microsoft Active Directory
o Microsoft Azure Active Directory
o Oracle Identity Manager
o F5 Access Policy Manager (APM)
o Optimal IDM
· A solid understanding of access control patterns including role-based access control (RBAC) and attribute-based access control (ABAC).
· Experience consulting on all phases of a full IAM lifecycle including:
o Book of record (BoR) to identity management system (IDMS) identity feeds.
o IDMS to directory and application identity provisioning.
o Application consumption of identity
· Strong written and verbal communication skills.
· Supporting communication of IAM efforts to all levels of an organization including C-Level.
· Experience with IAM governance including:
o Information security policies and procedures
o User lifecycle management (provisioning, de-provisioning, and maintenance)
o User and access recertification
· Understanding of major authentication and authorization protocols including:
o OAuth
o OpenID Connect
o SAML 2.0
o Kerberos NTLM Authentication
o Unix/Linux authentication and authorization
· Business outcomes mindset
· Directory services design experience such as AD and AAD
· Excellent interpersonal communication skills with strong spoken and written English.
· Scripting experience
· Implementation experience
· Collaborative team worker