Identity and Access Management Architect - Remote
Founded in 1898, Northeastern is a global research university and
the recognized leader in experience-driven lifelong learning. Our
world-renowned experiential approach empowers our students,
faculty, alumni, and partners to create impact far beyond the
confines of discipline, degree, and campus.
Our locations—in Boston; Charlotte, North Carolina; London;
Portland, Maine; San Francisco; Seattle; Silicon Valley; Toronto;
Vancouver; and the Massachusetts communities of Burlington and
Nahant—are nodes in our growing global university system. Through
this network, we expand opportunities for flexible,
student-centered learning and collaborative, solutions-focused
Northeastern's comprehensive array of undergraduate and graduate
programs— in a variety of on-campus and online formats—lead to
degrees through the doctorate in nine colleges and schools. Among
these, we offer more than 195 multi-discipline majors and degrees
designed to prepare students for purposeful lives and
About the Opportunity:
As an Identity and Access Management (IAM) Architect, you will
report directly to the Manager of Identity and Access Management
for the University. You will serve as strategic thought leader and
technical expert to design & implement IAM services and
solutions supporting the University. As a member of the IAM team,
you will be responsible for next generation IAM initiatives,
partnering with vendors and internal teams to design a
comprehensive modern solution enabling Northeastern University to
achieve its 2025 goals. Specifically, you will design and oversee
the implementation of IAM solutions for the University as well as
be responsible for safeguarding information assets by identifying
and solving potential and actual problems, creating complex
security structures and ensuring their success.
- Act as the technical expert for all IAM related architecture
(IGA, SSO/MFA, PAM, directory services, identity master data,
password management, credential management)
- Identify and evaluate complex business and technology risks,
internal controls which mitigate risks, and related opportunities
for internal control improvement.
- Evaluate and support complex IAM and technology risks, internal
controls which mitigate risks, and related opportunities for
internal control improvement.
- Research, define, implement and maintain corporate security
procedures, including role-, attribute, or policy-based
authorization methodologies and protocols, authentication
technologies, risk assessment procedures and security attack
- Collaborate with business and technical teams to research,
plan, and design a robust, ‘best in class' Identity and Access
Management (IAM) architecture that aligns and integrates with other
Enterprise level IT efforts
- Regularly review existing IAM services to ensure those
solutions are optimized for the highest level of service
- Provide architectural design, guidance and oversight on
projects that require IAM services
- Work collaboratively to develop IAM and security requirements
for enterprise level applications and networking
- Co-lead the IAM vendor selection process, including the
evaluation of existing and emerging technologies and tools, as well
as SI partners
- Develop standards and best practices for all aspects of
enterprise Identity Management at the University as well as
identifying and communicating risks associated with account
provisioning and service integration from a services and security
- Perform IAM vulnerability, risk analyses and security
assessments in coordination with the OIS Architect
- Review and in conjunction with other technical teams integrate
firewall, IDS scanning technologies and servers, router, switch and
VLAN security; wireless security; security concepts related to DNS,
routing, authentication, VPN, proxy services and DDoS mitigation
- Provide technical supervision and guidance to other members of
the team in the areas of lifecycle management, access management,
provisioning, entitlements/role management,
- Participation on the IT/IAM governance board
Responsible for working directly with other IT architects to design
and integrate IAM services across all University applications and
systems. This includes the design of new solutions as well as
enhancing existing solutions and services.
Responsible for the definition and design integration approaches
and best practices that support and align with a cloud first
service strategy in addition to distilling business requirements
into engineering requirements and specifications.
Work in collaboration with the extended University IAM team during
PMO project initiation, operational security and IAM reviews
providing technical leadership and security and IAM design
Overall Identity and Access Management
Architectural knowledge in identity and access data
correlation, normalization and building of cohesive identity and
access data models for large enterprises.
Demonstrated experience with complex Identity and Access
Management integration and service delivery use cases and
Advanced understanding of Microservice architectures and
Advanced understanding of Docker and DevOps CI/CD tooling.
Expert knowledge in IT, service-oriented architectures,
software development life cycles, or information security platforms
- Demonstrated experience in evaluating and architecting robust
security and IAM solutions in mid to large enterprises across six
major capability areas:
- Identity Lifecycle Management
- Identity Data Models
- Access Lifecycle Management
- Credential Management
- Identity Federation
- Proven experience overseeing engineering contributions to
enterprise IAM deployments in an architect role with each of the
following IAM solutions:
- Identity Governance and Administration (IGA) for aggregating
application and system data for access certification.
- Identity Lifecycle Management and user
- Single Sign On (SSO) integration and session management for
multiple web and cloud applications.
- Identity Federation (SAML) configuration and integration across
multiple trusted third parties, applications, and systems.
- Directory (LDAP) service implementation and integration for
identity data consumption by applications and systems.
- Single sign-on (SSO) and Multi Factor Authentication (MFA)
integration with both on-premise and cloud based applications.
- API security and API integration with IAM systems for sharing
Education and Technical Experience
- Extensive experience collaborating with business and IT
partners on the architectural design of IAM projects.
- Experience working on translating and organizing architectural
design into specific work components for projects.
- Possesses advanced listening skills and advanced team dynamic
problem solving, root cause analysis, and resolution.
- Proven and demonstrable performance in critical thinking and
usage of innovative thinking for enhancing engineering team
capabilities and providing solutions for new challenges, issues,
- Has efficiently lead teams in a highly demanding
- Bachelor or Master of Science in computer science
- 5-10 years' experience in evaluating and architecting robust
security and IAM solutions in mid to large enterprises
- 10+ years of experience across a variety of technologies such
as databases, *NIX/LDAP/AD directory services, application servers,
network infrastructures, Unix/Linux operating systems, encryption,
digital certificates, and web security architecture and an
understanding of fundamental security and data flows within these
- 10+ years of experience with IGA (identity governance and
administration) products such as Saviynt or SailPoint
- 7+ years of experience with Access Management and Federation
products such as Okta, Ping, or Microsoft
- 7+ years of experience with requirements, design, and
overseeing the implementation for IAM component integration into
on-premise and cloud-based applications
- 2 plus years of work experience with the following programming
- Working knowledge of cloud risk assessment methodologies,
advanced security protocols and standards
- Experience with security principles and practices across the
enterprise (cloud, on premise, hybrid)
- Excellent communications skills, both written and oral, and
ability to convey technical information to the business
- Certifications in one or more of the following: CISSP,
CISSP-ISSAP, CISM, CSSA, GSEC is highly preferred.
A criminal background check is required for this position.
This is a remote opportunity.
Northeastern University is an equal opportunity employer, seeking
to recruit and support a broadly diverse community of faculty and
staff. Northeastern values and celebrates diversity in all its
forms and strives to foster an inclusive culture built on respect
that affirms inter-group relations and builds cohesion.
All qualified applicants are encouraged to apply and will receive
consideration for employment without regard to race, religion,
color, national origin, age, sex, sexual orientation, disability
status, or any other characteristic protected by applicable
To learn more about Northeastern University's commitment and
support of diversity and inclusion, please see
To apply, visit https://careers.pageuppeople.com/879/cw/en-us/job/506798