Identity Access Management (IAM) Security Architect – Tampa, FL or Dallas, TX

Skills: API Gateway, IGA and Virtual Directory capabilities using Ping Identity, PlainID, SailPoint, Radiant Logic and Apigee etc., IAM security protocols & technologies, AuthN / AuthZ flow for CICS applications

Experience level: Associate

Experience required: 10 Years

Education level: Bachelor’s degree

Job function: Information Technology

Industry: Financial Services

Total position: 1

Relocation assistance: No

Business Unit Description

Mission – Drive efficient and effective security capabilities through innovative thought leadership with a security first mindset which advances the company’s mission to protect & shape the financial markets.

Vision – A strong adaptive cybersecurity environment that continuously secures & protects the company and its services to the financial industry.

Purpose – Cybersecurity Architecture is a core pillar of Architecture and Enterprise Services within the Information Technology (IT) business unit. The team is responsible for designing architecture solutions for information security functions and publish reusable security patterns.

Position Summary

The primary focus areas for this position are the following:

• Produce security architecture deliverables as part of customer identity and access management (CIAM) initiative.

• Partner with IT teams to design, test and deliver architectures to enable ID Federation/SSO.

• Proactively identify security gaps, propose solutions, and work with implementation team to deploy solutions.

MUST HAVE

3-5 years of related experience
Bachelor’s degree preferred
Strong cybersecurity experience is required in designing and implementing IAM solutions using products like PingIdentity, PlainID, SailPoint, RadiantLogic and Apigee etc.
Experience and in-dept understanding of IAM security protocols & technologies (Eg: SAML, OAuth, OIDC, RACF, LDAP, ID Federation, SSO, MFA, UEBA) is required.
Integration experience of Ping Identity or similar products with z/OS RACF, AD/AAD, LDAP and other IdPs for SSO with phishing-resistant MFA is required.
Strong understanding with some experience is required in designing / implementing fine-grained Policy Based Access Control & Dynamic Authorization using products like PlainID, PingAuthorize and/or Axiomatics.
Strong knowledge of Information Security frameworks (e.g., ISO 27001, CIS, MITRE ATT&K and NIST) & security architecture frameworks is required.
Knowledge of identity threat Analytics, Detection and Response is required.
Experience in OS security (Windows, Linux), Network security (Firewall, Proxy, WAF) and RDMS is preferred
Strong communication skills with the ability to present in front of large audience.