Identity and Access Management Architect - Remote Opportunity
Identity and Access Management Architect - Remote Opportunity
Founded in 1898, Northeastern is a global research university and the recognized leader in experience-driven lifelong learning. Our world-renowned experiential approach empowers our students, faculty, alumni, and partners to create impact far beyond the confines of discipline, degree, and campus.
Our locations—in Boston; Charlotte, North Carolina; London; Portland, Maine; San Francisco; Seattle; Silicon Valley; Toronto; Vancouver; and the Massachusetts communities of Burlington and Nahant—are nodes in our growing global university system. Through this network, we expand opportunities for flexible, student-centered learning and collaborative, solutions-focused research.
Northeastern's comprehensive array of undergraduate and graduate programs— in a variety of on-campus and online formats—lead to degrees through the doctorate in nine colleges and schools. Among these, we offer more than 195 multi-discipline majors and degrees designed to prepare students for purposeful lives and careers.
About the Opportunity:
As an Identity and Access Management (IAM) Architect, you will report directly to the Manager of Identity and Access Management for the University. You will serve as strategic thought leader and technical expert to design & implement IAM services and solutions supporting the University. As a member of the IAM team, you will be responsible for next generation IAM initiatives, partnering with vendors and internal teams to design a comprehensive modern solution enabling Northeastern University to achieve its 2025 goals. Specifically, you will design and oversee the implementation of IAM solutions for the University as well as be responsible for safeguarding information assets by identifying and solving potential and actual problems, creating complex security structures and ensuring their success.
- Act as the technical expert for all IAM related architecture (IGA, SSO/MFA, PAM, directory services, identity master data, password management, credential management)
- Identify and evaluate complex business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
- Evaluate and support complex IAM and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement.
- Research, define, implement and maintain corporate security procedures, including role-, attribute, or policy-based authorization methodologies and protocols, authentication technologies, risk assessment procedures and security attack pathologies
- Collaborate with business and technical teams to research, plan, and design a robust, ‘best in class' Identity and Access Management (IAM) architecture that aligns and integrates with other Enterprise level IT efforts
- Regularly review existing IAM services to ensure those solutions are optimized for the highest level of service
- Provide architectural design, guidance and oversight on projects that require IAM services
- Work collaboratively to develop IAM and security requirements for enterprise level applications and networking
- Co-lead the IAM vendor selection process, including the evaluation of existing and emerging technologies and tools, as well as SI partners
- Develop standards and best practices for all aspects of enterprise Identity Management at the University as well as identifying and communicating risks associated with account provisioning and service integration from a services and security perspective.
- Perform IAM vulnerability, risk analyses and security assessments in coordination with the OIS Architect
- Review and in conjunction with other technical teams integrate firewall, IDS scanning technologies and servers, router, switch and VLAN security; wireless security; security concepts related to DNS, routing, authentication, VPN, proxy services and DDoS mitigation technologies
- Provide technical supervision and guidance to other members of the team in the areas of lifecycle management, access management, provisioning, entitlements/role management, attestations/certifications
- Participation on the IT/IAM governance board
Responsible for working directly with other IT architects to design and integrate IAM services across all University applications and systems. This includes the design of new solutions as well as enhancing existing solutions and services.
Responsible for the definition and design integration approaches and best practices that support and align with a cloud first service strategy in addition to distilling business requirements into engineering requirements and specifications.
Work in collaboration with the extended University IAM team during PMO project initiation, operational security and IAM reviews providing technical leadership and security and IAM design guidance.
Overall Identity and Access Management Qualifications
- Demonstrated experience in evaluating and architecting robust security and IAM solutions in mid to large enterprises across six major capability areas:
- Identity Lifecycle Management
- Identity Data Models
- Access Lifecycle Management
- Credential Management
- Identity Federation
- Proven experience overseeing engineering contributions to enterprise IAM deployments in an architect role with each of the following IAM solutions:
- Identity Governance and Administration (IGA) for aggregating application and system data for access certification.
- Identity Lifecycle Management and user provisioning/de-provisioning.
- Single Sign On (SSO) integration and session management for multiple web and cloud applications.
- Identity Federation (SAML) configuration and integration across multiple trusted third parties, applications, and systems.
- Directory (LDAP) service implementation and integration for identity data consumption by applications and systems.
- Single sign-on (SSO) and Multi Factor Authentication (MFA) integration with both on-premise and cloud based applications.
- API security and API integration with IAM systems for sharing identity contexts.
- Extensive experience collaborating with business and IT partners on the architectural design of IAM projects.
- Experience working on translating and organizing architectural design into specific work components for projects.
- Possesses advanced listening skills and advanced team dynamic problem solving, root cause analysis, and resolution.
- Proven and demonstrable performance in critical thinking and usage of innovative thinking for enhancing engineering team capabilities and providing solutions for new challenges, issues, and requirements.
- Has efficiently lead teams in a highly demanding environment.
Education and Technical Experience
- Bachelor or Master of Science in computer science
- 5-10 years' experience in evaluating and architecting robust security and IAM solutions in mid to large enterprises
- 10+ years of experience across a variety of technologies such as databases, *NIX/LDAP/AD directory services, application servers, network infrastructures, Unix/Linux operating systems, encryption, digital certificates, and web security architecture and an understanding of fundamental security and data flows within these components
- 10+ years of experience with IGA (identity governance and administration) products such as Saviynt or SailPoint
- 7+ years of experience with Access Management and Federation products such as Okta, Ping, or Microsoft
- 7+ years of experience with requirements, design, and overseeing the implementation for IAM component integration into on-premise and cloud-based applications
- Working knowledge of cloud risk assessment methodologies, advanced security protocols and standards
- Experience with security principles and practices across the enterprise (cloud, on premise, hybrid)
- Excellent communications skills, both written and oral, and ability to convey technical information to the business community
- Certifications in one or more of the following: CISSP, CISSP-ISSAP, CISM, CSSA, GSEC is highly preferred.
A criminal background check is required for this position.
This is a remote opportunity.
Northeastern University is an equal opportunity employer, seeking to recruit and support a broadly diverse community of faculty and staff. Northeastern values and celebrates diversity in all its forms and strives to foster an inclusive culture built on respect that affirms inter-group relations and builds cohesion.
All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.
To learn more about Northeastern University's commitment and support of diversity and inclusion, please see www.northeastern.edu/diversity.
To apply, visit https://careers.pageuppeople.com/879/cw/en-us/job/506798