Principal IAM Architect
National Digital Trust Company (In Organization) · Indiana, United States · Today
Art & CreativeFull-time
Job Overview
We are seeking a Principal Identity and Access Management (IAM) Architect to lead the strategy, design, and governance of our enterprise identity ecosystem. This is a senior technical leadership role responsible for defining the long-term IAM roadmap, architecting solutions across hybrid and multi-cloud environments, and ensuring identity is treated as a security perimeter across the organization.
The ideal candidate combines deep hands-on technical expertise with the ability to influence architecture decisions at the executive level.
Objectives
- Design and own the enterprise IAM architecture, including identity governance, authentication, authorization, privileged access management (PAM), and lifecycle management strategies
- Lead architecture for hybrid identity environments (on-prem AD, Entra ID/Azure AD, multi-tenant and cross-tenant federation scenarios)
- Define standards and reference architectures for SSO, MFA, conditional access, and Zero Trust access models
- Architect and oversee Identity Governance and Administration (IGA) programs, including access certifications, entitlement management, and joiner/mover/leaver processes
- Partner with security, compliance, and legal teams to ensure IAM architecture supports regulatory requirements (SOX, HIPAA, GDPR, etc.) and eDiscovery/audit needs
- Evaluate, select, and integrate IAM tooling into a cohesive architecture
- Provide technical leadership and mentorship to IAM engineers and administrators; review designs and code (PowerShell, Graph API, Terraform) for IAM automation
- Lead cross-tenant and M&A identity integration efforts, including federation, directory synchronization, and access harmonization across business units
- Develop and maintain IAM architecture documentation, standards, and governance frameworks
- Act as a subject matter expert in IAM-related incident response and access-related risk assessments
- Stay current on identity threat landscape (credential-based attacks, token theft, privilege escalation) and adjust architecture accordingly
Required Qualifications
- 10+ years in IT/security roles, with 5+ years focused specifically on IAM architecture
- Deep expertise with Microsoft identity platforms: Entra ID (Azure AD), Entra ID Governance, Conditional Access, and Cross-Tenant Synchronization
- Strong background in directory services, federation protocols (SAML, OAuth 2.0, OIDC, SCIM), and PKI
- Hands-on scripting/automation experience (PowerShell, Microsoft Graph API, or equivalent)
- Experience architecting solutions across multiple tenants/domains, including complex B2B and cross-tenant access scenarios
- Familiarity with privileged access management tools and least-privilege design principles
- Experience with compliance-driven identity controls (audit logging, access reviews, eDiscovery support via tools like Microsoft Purview)
- Excellent communication skills, with experience presenting architecture decisions to executive stakeholders
Preferred Qualifications
- Experience with cloud IAM; AWS IAM alongside Microsoft-centric environments
- Experience with Teams and SharePoint identity/admin tooling in cross-platform environments
- Relevant certifications: SC-300, CISSP, CISM, or equivalent
- Experience with IGA platforms such as SailPoint, Saviynt, or One Identity
- Background supporting complex organizational structures (multiple business domains/tenants under one enterprise)