Principal IAM Architect

About The Position

Requirements

• 8+ years of experience in cybersecurity, with at least 6+ years focused on IAM architecture, engineering, or operations.
• Expert knowledge of identity standards and protocols, including SAML 2.0, OAuth 2.0, OpenID Connect, SCIM, LDAP, Kerberos, and PKI.
• Hands-on experience with major IAM platforms, such as Azure AD / Entra ID, Okta, SailPoint, CyberArk, etc.
• Strong understanding of Zero Trust principles, identity governance, privileged access, and modern access control models (RBAC, ABAC, PBAC, JIT).
• Proven ability to design enterprise‑scale IAM architectures across cloud (AWS/Azure/GCP), on‑prem, and hybrid environments.
• Deep knowledge of enterprise directory services, identity lifecycle automation, and group/role modeling.
• Experience integrating applications (SaaS, custom, legacy, APIs, microservices) into centralized identity systems.
• Solid understanding of regulatory frameworks such as SOX, HIPAA, PCI-DSS, ISO 27001, and NIST 800‑53, and how they apply to identity controls.
• Strong background in threat modeling, particularly around authentication, authorization, credential management, and session security.
• Proficiency in scripting or automation (PowerShell, Python, REST APIs) for identity lifecycle and governance operations.
• Experience implementing MFA, conditional access, password-less authentication, and identity threat detection.
• Excellent communication and leadership skills, with the ability to influence technical and non‑technical stakeholders.
• Bachelor’s in Computer Science, Cybersecurity, Information Systems, or related field, or equivalent experience.

Nice To Haves

• Master's and/or relevant certifications preferred (CISSP, CISM, CCSP, GIAC, Azure/AWS security, Okta or SailPoint certifications).

Responsibilities

• Define and maintain the enterprise IAM strategy, ensuring alignment with cyber security, zero-trust, and regulatory requirements.
• Design end-to-end identity architectures, including authentication, authorization, directory services, privileged access, and lifecycle management.
• Lead implementation of IAM technologies, such as SSO, MFA, PAM, IGA, federation, and identity governance platforms.
• Establish identity standards and reference architectures, covering protocols like SAML, OAuth, OpenID Connect, SCIM, LDAP, Kerberos.
• Ensure security integration of applications within cloud, on premise, and hybrid, int enterprise identity services
• Drive identity lifecycle processes, ensuring proper onboarding, role provisioning, separation of duties, and time de-provisioning.
• Conduct architecture reviews and threat modeling for identity-related risks, including account compromise, session hijacking, and privilege escalation.
• Partner with security engineering, cloud, and app teams to embed IAM security controls into development and deployment pipelines.
• Oversee identity governance and compliance, ensuring adherence to RGA policies, standards, and local laws, regulations, and adopted security frameworks.
• Evaluate and recommend IAM tools, vendors, and emerging technologies, ensuring they meet RGAs enterprise standards.
• Provide technical leadership and guidance to fellow architects and engineers.
• Monitor identity threat landscape and guide adoption of modern defenses such as conditional access, continuous authentication, and identity threat detection and response.

Benefits

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
• Join the bright and creative minds of RGA, and experience vast, endless career potential.