IAM Business Security Architect

Cloud Security Services is currently looking for an experienced external Identity and Access Management (xIAM / CIAM) architect with background in global, complex, and diverse xIAM environments to assist with the development of a program that will design, develop, and deploy xIAM solutions. Experience with business architecture is a plus as the right candidate will be enabling change management activities to identify areas where process controls could be made more efficient and help reduce cycle times for onboarding of new resources onto the team through training, education and mentoring activities. This is a 6-month remote opportunity with the possibility of going full-time.

Key Responsibilities:

Provide Business Architecture for Security support to meet primary goals for:

• Maturing Business Architecture for Security
  • Operating Model
  • Staffing Plan
• Clarifying Roles & Responsibilities
  • RACI
  • Role-Based Curricula Development
• Onboarding Process Improvement
  • Reduce Ramp-up Time for New Hires
• xIAM Architecture Advisory
  • Analysis
  • Reference Architecture
  • Solution Architecture

This is in order to (1) Advance client’s target state xIAM platforms / services with key capabilities around BYOID (Bring Your Own ID), common identity, modern authentication, core profile data management, consent & privacy management, etc. and (2) Meet the xIAM needs of specific applications by leveraging target state xIAM platforms / services where available, or by delivering interim solutions when requisite target state xIAM platforms / services are not yet finalized.

Responsibilities:

• xIAM program architecture support
• Support to advance product roadmap milestones, as needed
• Align target skill sets with business objectives and deliverables
• Develop RACI or related framework that outlines the resource roles and responsibilities in alignment with client objectives
• Facilitate and develop new hire (resource) onboarding processes
• Facilitate and develop new hire (resource) training content and processes
• Facilitate playbook creation and maintenance protocol
• Develop method to assess efficiency and effectiveness of onboarding processes
• Define and document continuous improvement recommendations

• 7-10 years’ experience working in the Identity and Access management (IAM) information security space in an architecture and engineering capacity.
• 5-7 years’ experience with the following:
  • Global Workforce IAM
  • Global Consumer IAM (CIAM)
  • Federation and single sign-on (B2B and B2C)
  • National Institute of Standards and Technology (NIST) 800-53
  • NIST 800-63
  • NIST Cybersecurity Framework (CSF)
  • Experience creating high and low level IAM architecture patterns
  • Experience developing and implementing IAM strategies and roadmaps
  • Experience with major IAM platforms including:
    • Microsoft Active Directory
    • One Identity Manager
    • Ping Federate
• Experience building roles and responsibilities (e.g., RACI matrices)
• Experience with process control design
• Ability to work as liaison between business and information security/information technology
• Ability to clearly explain IAM & xIAM concepts to audiences of various levels.
• Broad and deep understanding of xIAM- and IAM-related capabilities, patterns, protocols, technologies, and solutions.
• Intimately familiar with xIAM- and IAM-related protocols such as OAuth, OIDC, SAML, LDAP,

SPML, XACML, SCIM, Kerberos, PKI (certs, CA’s, sigs, etc).

• Strong experience with directories, SSO, federation, MFA, RBA, delegated administration, API gateways, SOA services.

• Experience with App Gateways, App Proxies, Live Chat, Chat Bots, Contact Centers, IVRs and Web Portals for CIAM
• Good understanding of MFA, PAM and Risk Based Authentication
• Deep technical experience with two or more xIAM technologies including Okta, Janrain / Akamai, Forgerock, Microsoft Azure B2C, Amazon AWS Cognito.
• Strong familiarity with adjacent technologies such as PingFederate/PingOne, IGA (e.g.: OneIM, Sailpoint), virtual directory (e.g.: Radiant), API management (e.g.: Apigee, Mulesoft).
• Understanding of industry and leading practices including industry standards such as the National Institute for Standards and Technology (NIST) Special Publication (SP) 800-63; Digital Authentication, NIST Cybersecurity Framework (CSF) and NIST SP 800-53; Security and Privacy Controls.
• Business process engineering experience