Identity Architect (IAM)

Identity Architect

Role Overview

We are seeking a highly skilled Identity Architect to strengthen and accelerate delivery across

our ongoing Identity & Access Management (IAM) workstreams.

The successful candidate will be expected to contribute across the following disciplines:

• Human Identity

• Customer Identity

• Non-human Identity

• Privileged Access Management (PAM)

• Identity Governance & Administration (IGA)

• PKI (as a Service)

• Identity Resilience/Recoverability

This role requires deep technical identity expertise, strong architectural skills, and the ability to

work collaboratively across technology, security, cloud, endpoint, internal audit, and various

Line-of-Business teams.

Key Responsibilities

• 1. Architecture, Strategy & Roadmap Execution

• Translate organisational identity strategy into actionable architectural

deliverables.

• Shape, maintain, and evolve architectural patterns across human, non-human,

client, and application identity domains.

• Support delivery of enterprise identity roadmaps including Zero Trust, Identity

Governance, PAM, Machine Identity, PKI, Hybrid Identity, and Tenant Hardening.

• 2. Solution Design & Technical Leadership

• Produce high-quality architecture artefacts: HLDs, LLDs, reference

architectures, design patterns, standards, TIME models, technology radars, and

technical decision records.

• Oversee design and integration of IAM capabilities including:

▪ Entra ID modernisation

▪ PAM (role modelling, JIT, PIM, access packages, privileged workflows)

▪ IGA platforms and access certification

▪ PKIaaS and certificate lifecycle automation

▪ Machine Identity and tooling

▪ Identity recovery, resilience, and backup / restoration models

• Provide hands-on architectural guidance across complex, cross-tenant or

multi-environment identity challenges.

• 3. Governance, Compliance & Risk

• Embed identity governance and compliance controls, aligning with NIST,

ISO27001, SOC2, internal audit expectations, separation-of-duties, and JML

lifecycle standards.

• Review and enhance architecture approvals, risk assessments, 3rd-party

security assurances, and technology review processes.

• Provide SME guidance for internal audits, MAP closures, and risk remediation

programmes.

• 4. Engineering Alignment & Delivery Support

• Work closely with IAM engineering, cloud, and security operations teams to

ensure architectural patterns translate into practical, operable

implementations.

• Guide BAU and platform teams on adopting new identity technologies, patterns,

and runbooks.

• Support vendor engagement, RFP/RFS evaluations, and architecture scoring for

new products and services.

• Ensure delivered designs are testable, operable, and aligned to enterprise

architectural vision.

• 5. Stakeholder Engagement & Communication

• Work across multiple senior stakeholder groups including Enterprise

Architecture, Information Cybersecurity (ICS), Internal Audit, Line-of-Business

application teams, program delivery, and external vendors.

• Communicate complex identity concepts clearly to both technical and

non-technical audiences.

• Provide architectural leadership in steering committees, decision forums, and

cross-functional workshops.

Essential Skills & Experience

• Extensive experience as an Identity Architect or Senior IAM Engineer designing

enterprise-scale IAM solutions.

• Deep expertise in Microsoft Entra, Azure, hybrid identity, federation, authentication

and authorisation patterns.

• Strong background in:

o Privileged Access Management (PAM)

o Identity Governance (IGA)

o PKI and Certificate Lifecycle

o Machine Identity & Secrets Management

o Identity Resilience / Recovery Architecture

• Experience designing Zero Trust identity models and modern ZSP access processes.

• Proven ability to produce high-quality design documentation.

• Strong understanding of enterprise controls, audit requirements, compliance

frameworks, and risk management.

• Broad architectural grounding across cloud (Azure, AWS, OCI), infrastructure,

automation, and security frameworks.

Desirable Experience

• Exposure to large-scale Active Directory recovery, backup, and resilience solutions.

• Experience with CIEM, Conditional Access, and cross-tenant architecture.

• Familiarity with multi-tenant or environment isolation strategies to improve

recoverability.

• Previous background in security architecture, cloud security, or cryptography

beneficial.

• Experience supporting major programmes involving vendors such as Microsoft,

CyberArk, SailPoint, or Rubrik.