Security Architect - Identity and Access Management (IAM/ PAM)

We are seeking an experienced IAM Architect to design, implement, and evolve enterprise-wide identity and access management capabilities across a global environment. This role will drive modern authentication, governance, and privileged access strategies aligned with Zero Trust principles.

What you'll do:

  • Lead the design and evolution of IAM architecture, including identity lifecycle, access governance, and privileged access management (PAM).
  • Implement modern authentication solutions (SSO, MFA, passwordless, biometrics) to enhance security and user experience.
  • Design secure authentication and authorization frameworks (OIDC, SAML, OAuth, Kerberos, LDAP).
  • Embed Zero Trust and least privilege principles across enterprise systems and privileged roles.
  • Develop and automate identity governance processes, leveraging AI/ML for anomaly detection and remediation.
  • Oversee Conditional Access, risk-based authentication, and device/state-based access controls.
  • Integrate IAM with HR, IT, and engineering platforms for policy-driven lifecycle management.
  • Architect and maintain Active Directory (on-prem) and cloud identity platforms (Entra ID/Azure AD).
  • Collaborate with security teams to define Azure policies, guardrails, and compliance controls (e.g., ISO 27001, ISO 22301).
  • Align IAM strategy with broader security architecture (firewalls, micro-segmentation, NDR, remote access).
  • Identify and mitigate IAM-related vulnerabilities and security risks.
  • Maintain architecture standards, documentation, and runbooks.
  • Engage with vendors and stakeholders; communicate strategy and roadmap to senior leadership.

What you'll bring:

  • Bachelor's degree in Computer Science, IT, or related field (or equivalent experience).
  • 7-10 years of IAM/identity engineering experience; 3+ years in architecture roles.
  • Experience in large-scale, global enterprise environments.
  • Strong expertise in Microsoft identity stack (Entra ID/Azure AD, Active Directory).
  • Deep understanding of authentication protocols (OIDC, SAML, OAuth, Kerberos, LDAP).
  • Experience with RBAC, entitlement management, and automated provisioning.
  • Knowledge of Conditional Access, Azure Policy, and cloud security guardrails.
  • Familiarity with network security concepts (NDR, micro-segmentation).
  • Experience securing hybrid infrastructure environments.
  • Certified in CISSP/ CIAM /Azure Cybersecurity Expert
  • Scripting and automation (PowerShell, REST APIs).

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates

Apply Now
Apply Now

Job Details

Company
Robert Walters
Location
London, South East, England, United Kingdom
Employment Type
Full-Time
Salary
Salary negotiable
Posted