Identity & Access Management Architect III

Freeport-McMoRan•Phoenix, AZ

1d•Hybrid

About The Position

At Freeport-McMoRan, we are committed to providing an employment package that recognizes excellence, encourages safe production and a culture supported by our core values. Here, you’ll find a collaborative environment where safety is a top priority, all opinions are valued, and people are empowered to grow in their career. Apply Today! Where You Will Work Our global headquarters is in Phoenix, Arizona. Several hundred employees support global operations in finance, human resources, information technology, planning and more from the main office, satellite offices or online. As a Hybrid employee, you’ll engage in virtual collaboration as well as attend in-person meetings at our Collaboration Hub in Phoenix or at one of our site locations. The Collaboration Hub provides an open, flexible workspace for individuals and teams to come together for various business needs. Amenities at the Hub include a working café, phone booths and meeting rooms with technology tools for virtual and in-person collaboration. In-person attendance may vary based on the position and department requirements. Phoenix is the capital of the Grand Canyon State and enjoys mostly bright skies throughout the year. It is the perfect place if you enjoy the outdoors, love sports, concerts and other big city amenities or technology. There are great neighborhoods around Phoenix, with easy access to a major city, nature, the arts and many more amenities. What You Will Do Lead the strategy and implementation of enterprise identity architecture across key domains, including Enterprise Identity Fabric, Microsoft Entra, Identity Governance & Administration, Agentic AI Security, Non‑Human Identity Management, and Identity Threat Detection & Response (ITDR). Collaborate with teams across Infrastructure, Enterprise Architecture, Security Operations, Applications, HRIS, and Compliance to develop AI‑secure, scalable patterns, standards, and multi‑year roadmaps that advance Zero Trust principles and support evolving business needs. Lead enterprise identity reference architecture across directories (AD/Entra), authentication and authorization, Conditional Access, federation (SAML/OIDC/OAuth), identity lifecycle management, and IGA. Develop and publish architecture principles, security patterns, and guardrails while ensuring alignment with Zero Trust and enterprise standards. Develop and maintain a 1–3 year Identity Security roadmap, including AD/Entra modernization, role engineering/RBAC, access reviews, workload and machine identity strategy, and ITDR automation. Prioritize initiatives and monitor KPIs to drive risk reduction and audit readiness. Translate business and security requirements into end‑to-end solution designs spanning AD/Entra, IGA, and ITDR. Produce HLD/LLD documentation, data flow diagrams, trust boundaries, and control mappings. Provide design oversight through build, testing, and deployment, ensuring operational runbooks and SLAs are established. Define identity control objectives, metrics, and testing procedures, including joiner/mover/leaver processes, privileged access boundaries, access certification cycles, and passwordless adoption. Partner with Internal Audit and Compliance to ensure alignment with SOX and NIST CSF and support evidence collection. Facilitate architecture reviews and lead design workshops with Infrastructure, Cloud, Application, SOC, OT, and HRIS teams. Communicate architectural decisions clearly to both technical and executive audiences and advocate for modern identity practices (e.g., passkeys, B2B/external identities). Monitor identity threat landscapes and platform advancements to recommend continuous improvements, deprecations, and optimizations across the enterprise identity ecosystem. Perform additional responsibilities as assigned.

Requirements

Associates Degree and ten (10) years of experience in security systems technologies and ISACA, SANS, ISC (2), or CEH Certification or related security certification OR
Bachelor’s Degree in Information Systems or related field and eight (8) years of experience in security systems technologies OR
Bachelor’s Degree in Information Systems or related field and six (6) years of experience in security systems technologies and ISACA, SANS, ISC (2), or CEH Certification or related security certification OR
Master’s degree in Information Systems or related field and six (6) years of experience in security systems technologies OR
Master’s Degree in Information Systems or related field and five (5) years of experience in security systems technologies and ISACA, SANS, ISC (2), or CEH Certification or related security certification
Hands-on experience in areas: Active Directory; Entra Users, Groups, Policy & Access Management; IGA platform etc.
Knowledge of CyberSecurity Zero Trust, least privilege access, and compliance frameworks. (e.g., SOX, NIST CSF).
Expertise in identity lifecycle, federation (SAML/OIDC/OAuth), Conditional Access, MFA/passwordless, and access reviews.
Understanding of Agentic AI and AI related Security Controls.
Understanding of workload/machine identity governance (managed identities, service accounts, certificates/secrets).
Ability to create HLD/LLD, threat models, and control mappings; strong documentation and standards writing.
Ability to influence architecture decisions across distributed teams and communicate clearly to technical and non-technical stakeholders.
Partners with Enterprise Architecture, Infrastructure, Cloud, SOC, Application Owners, Business Solutions Architects, HRIS, Internal Audit, and Compliance; provides architectural guidance to engineering teams and consults with business stakeholders.

Nice To Haves

Experience with passkeys/passwordless, Verified ID/external identity, workload CA policies, and identity automation.
Exposure to SAP/HRIS authoritative data integrations and JML orchestration.
Certifications: Microsoft Identity/Entra, CISSP, CISM, or relevant IGA/ITDR certifications.

Responsibilities

Lead the strategy and implementation of enterprise identity architecture across key domains, including Enterprise Identity Fabric, Microsoft Entra, Identity Governance & Administration, Agentic AI Security, Non‑Human Identity Management, and Identity Threat Detection & Response (ITDR).
Collaborate with teams across Infrastructure, Enterprise Architecture, Security Operations, Applications, HRIS, and Compliance to develop AI‑secure, scalable patterns, standards, and multi‑year roadmaps that advance Zero Trust principles and support evolving business needs.
Lead enterprise identity reference architecture across directories (AD/Entra), authentication and authorization, Conditional Access, federation (SAML/OIDC/OAuth), identity lifecycle management, and IGA.
Develop and publish architecture principles, security patterns, and guardrails while ensuring alignment with Zero Trust and enterprise standards.
Develop and maintain a 1–3 year Identity Security roadmap, including AD/Entra modernization, role engineering/RBAC, access reviews, workload and machine identity strategy, and ITDR automation.
Prioritize initiatives and monitor KPIs to drive risk reduction and audit readiness.
Translate business and security requirements into end‑to-end solution designs spanning AD/Entra, IGA, and ITDR.
Produce HLD/LLD documentation, data flow diagrams, trust boundaries, and control mappings.
Provide design oversight through build, testing, and deployment, ensuring operational runbooks and SLAs are established.
Define identity control objectives, metrics, and testing procedures, including joiner/mover/leaver processes, privileged access boundaries, access certification cycles, and passwordless adoption.
Partner with Internal Audit and Compliance to ensure alignment with SOX and NIST CSF and support evidence collection.
Facilitate architecture reviews and lead design workshops with Infrastructure, Cloud, Application, SOC, OT, and HRIS teams.
Communicate architectural decisions clearly to both technical and executive audiences and advocate for modern identity practices (e.g., passkeys, B2B/external identities).
Monitor identity threat landscapes and platform advancements to recommend continuous improvements, deprecations, and optimizations across the enterprise identity ecosystem.
Perform additional responsibilities as assigned.