IAM/Active Directory Architect - Careers at Robert Half
Robert Half
IAM/Active Directory Architect - Careers at Robert Half
Job Description
About the IAM/Active Directory Architect Role at Robert Half
Join Robert Half as a Senior IAM Engineer and IAM/Active Directory Architect in the heart of Tempe, Arizona. This pivotal full-time position is designed for a technical leader with deep expertise in Identity and Access Management (IAM), particularly in SailPoint and Active Directory environments. You will play a critical role in assessing current-state IAM infrastructures, architecting target-state solutions, and implementing mature Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models at an enterprise scale. As the SailPoint technical expert, you will engineer policies, integrations, and governance processes tailored to meet stringent financial-services compliance standards. Collaborating with enterprise architects, risk and compliance teams, platform engineers, and application owners, you will operationalize identity as a core control across SaaS platforms, on-premises systems, and multi-cloud environments. This role offers a unique opportunity to shape identity governance in a dynamic financial services organization, ensuring robust security while enabling business agility. With a salary context starting at $130,000, this position is ideal for seasoned professionals seeking impactful leadership in cybersecurity and identity management.
Key Responsibilities
- Define comprehensive RBAC and ABAC standards, pattern libraries, and guardrails while authoring detailed Architecture Decision Records (ADRs) to guide enterprise-wide implementations.
- Lead role engineering initiatives, including role discovery, consolidation, birthright access provisioning, and Segregation of Duties (SoD) matrices; design ABAC policies encompassing attribute inventories and enforcement integrations.
- Maintain and evolve the Identity Governance and Administration (IGA) reference architecture, integrating SailPoint, Okta, Active Directory (AD)/LDAP directories, HR/ERP systems, and major cloud providers like Azure and AWS.
- Collaborate with Application Security (AppSec) and platform teams to externalize authorization mechanisms using standardized federation protocols such as SAML 2.0, OpenID Connect (OIDC), OAuth 2.0, and SCIM for provisioning.
- Hands-on configuration of SailPoint components including sources/authorities, connectors, aggregation and correlation rules, identity profiles, entitlement catalogs, lifecycle policies, workflows, access requests, and certification campaigns; implement advanced Okta connector patterns.
- Develop robust monitoring solutions, health checks, key performance indicators (KPIs), metrics, and dashboards for access governance; automate evidence collection to streamline compliance reporting.
- Establish enterprise policies and standards for access control, attribute data quality, identity proofing, certification cadences, and exception handling processes, aligning with the organization's risk appetite.
- Provide expert support during audits and regulatory examinations, delivering defensible evidence such as certification results, SoD analyses, and comprehensive access recertification trails.
- Mentor junior engineers and analysts; partner with business and application owners to onboard applications at scale under governance frameworks; create repeatable app-onboarding playbooks incorporating federation, provisioning, and role modeling.
Required Qualifications for IAM/Active Directory Architect
To excel in this role, candidates must bring proven enterprise-scale experience in IAM architecture. Essential qualifications include SailPoint certifications (IdentityIQ Engineer/Architect or Identity Security Cloud) and/or Okta certifications, with hands-on experience integrating SailPoint with Okta using connectors and APIs. Deep knowledge of cloud IAM concepts, such as Azure AD/Entra ID and AWS IAM, is required, including mapping ABAC policies to cloud entitlements and metadata. Financial-services background with familiarity in audit and regulatory expectations—such as access certification cadences, evidence retention, and SoD rigor—is non-negotiable. Strong skills in Active Directory administration, RBAC/ABAC implementation, and protocol expertise (SAML, OIDC, OAuth, SCIM) are critical. The ideal candidate thrives in cross-functional partnerships and possesses excellent communication skills for mentoring and stakeholder engagement.
Why Join Us at Robert Half in Tempe, AZ?
Robert Half offers more than just a job—it's a career-launching platform in the competitive Tempe, Arizona job market. Enjoy a competitive salary package from $130,000 to $160,000 annually, comprehensive benefits including health insurance, 401(k) matching, generous PTO, and professional development support. Work in a collaborative environment with hybrid flexibility, cutting-edge tools, and opportunities to advance in IAM and cybersecurity. Tempe's vibrant tech scene and proximity to Phoenix provide an ideal backdrop for professional growth. Apply now to elevate your career with Robert Half's renowned expertise in placing top talent in high-demand roles like this IAM/Active Directory Architect position. Keywords: SailPoint jobs Tempe AZ, IAM Architect careers, Okta engineer Arizona, RBAC ABAC specialist financial services.
Locations
- Tempe, Arizona, United States
Salary
130,000 - 160,000 USD / yearly
130,000 - 160,000 USD / yearly
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- SailPoint IdentityIQ/Identity Security Cloudintermediate
- Okta Identity Managementintermediate
- RBAC (Role-Based Access Control)intermediate
- ABAC (Attribute-Based Access Control)intermediate
- Active Directory (AD)/LDAPintermediate
- SAML 2.0, OIDC, OAuth 2.0, SCIMintermediate
- Cloud IAM (Azure AD/Entra ID, AWS IAM)intermediate
- Identity Governance and Administration (IGA)intermediate
- SoD (Segregation of Duties) Matricesintermediate
- Access Certification and Auditingintermediate
Required Qualifications
- Deep experience assessing current state and designing target-state IAM architectures at enterprise scale (experience)
- SailPoint (IdentityIQ Engineer/Architect or Identity Security Cloud) and/or Okta certifications (experience)
- Proven expertise integrating SailPoint with Okta via connectors/APIs (experience)
- Strong knowledge of cloud IAM concepts including Azure AD/Entra ID and AWS IAM (experience)
- Financial-services experience with audit/regulatory expectations (e.g., access certification, SoD rigor) (experience)
- Experience with role engineering, ABAC policy design, and entitlement catalogs (experience)
- Ability to author architecture decision records (ADRs) and define standards/guardrails (experience)
- Mentoring experience with engineers and analysts (experience)
Responsibilities
- Define RBAC/ABAC standards, pattern libraries, and guardrails; author architecture decision records (ADRs)
- Drive role engineering (role discovery, consolidation, birthright access, SoD matrices) and ABAC policy design
- Maintain IGA reference architecture spanning SailPoint, Okta, directories (AD/LDAP), HR/ERP, and cloud providers
- Partner with AppSec and platform teams to externalize authorization using SAML 2.0, OIDC, OAuth 2.0, and SCIM
- Configure SailPoint sources, connectors, aggregation rules, identity profiles, lifecycle policies, and certification campaigns
- Build monitoring, health checks, metrics, and dashboards for access governance KPIs; automate evidence collection
- Define policies for access control, attribute quality, identity proofing, certification cadence, and exception handling
- Support audits and regulatory examinations with certification results, SoD analyses, and access recertification trails
- Mentor engineers and analysts; partner with business owners to onboard apps using repeatable playbooks
Benefits
- general: Competitive salary ranging from $130,000 to $160,000 annually based on experience
- general: Comprehensive health, dental, and vision insurance plans
- general: 401(k) retirement savings plan with company matching
- general: Generous paid time off (PTO) and flexible holiday schedule
- general: Professional development opportunities including certifications and training
- general: Remote and hybrid work options available
- general: Employee assistance programs and wellness initiatives
- general: Performance-based bonuses and career advancement paths
Tags & Categories
Answer 10 quick questions to check your fit for IAM/Active Directory Architect - Careers at Robert Half @ Robert Half.
Related Books and Jobs
IAM/Active Directory Architect - Careers at Robert Half
Robert Half
IAM/Active Directory Architect - Careers at Robert Half
Job Description
About the IAM/Active Directory Architect Role at Robert Half
Join Robert Half as a Senior IAM Engineer and IAM/Active Directory Architect in the heart of Tempe, Arizona. This pivotal full-time position is designed for a technical leader with deep expertise in Identity and Access Management (IAM), particularly in SailPoint and Active Directory environments. You will play a critical role in assessing current-state IAM infrastructures, architecting target-state solutions, and implementing mature Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models at an enterprise scale. As the SailPoint technical expert, you will engineer policies, integrations, and governance processes tailored to meet stringent financial-services compliance standards. Collaborating with enterprise architects, risk and compliance teams, platform engineers, and application owners, you will operationalize identity as a core control across SaaS platforms, on-premises systems, and multi-cloud environments. This role offers a unique opportunity to shape identity governance in a dynamic financial services organization, ensuring robust security while enabling business agility. With a salary context starting at $130,000, this position is ideal for seasoned professionals seeking impactful leadership in cybersecurity and identity management.
Key Responsibilities
- Define comprehensive RBAC and ABAC standards, pattern libraries, and guardrails while authoring detailed Architecture Decision Records (ADRs) to guide enterprise-wide implementations.
- Lead role engineering initiatives, including role discovery, consolidation, birthright access provisioning, and Segregation of Duties (SoD) matrices; design ABAC policies encompassing attribute inventories and enforcement integrations.
- Maintain and evolve the Identity Governance and Administration (IGA) reference architecture, integrating SailPoint, Okta, Active Directory (AD)/LDAP directories, HR/ERP systems, and major cloud providers like Azure and AWS.
- Collaborate with Application Security (AppSec) and platform teams to externalize authorization mechanisms using standardized federation protocols such as SAML 2.0, OpenID Connect (OIDC), OAuth 2.0, and SCIM for provisioning.
- Hands-on configuration of SailPoint components including sources/authorities, connectors, aggregation and correlation rules, identity profiles, entitlement catalogs, lifecycle policies, workflows, access requests, and certification campaigns; implement advanced Okta connector patterns.
- Develop robust monitoring solutions, health checks, key performance indicators (KPIs), metrics, and dashboards for access governance; automate evidence collection to streamline compliance reporting.
- Establish enterprise policies and standards for access control, attribute data quality, identity proofing, certification cadences, and exception handling processes, aligning with the organization's risk appetite.
- Provide expert support during audits and regulatory examinations, delivering defensible evidence such as certification results, SoD analyses, and comprehensive access recertification trails.
- Mentor junior engineers and analysts; partner with business and application owners to onboard applications at scale under governance frameworks; create repeatable app-onboarding playbooks incorporating federation, provisioning, and role modeling.
Required Qualifications for IAM/Active Directory Architect
To excel in this role, candidates must bring proven enterprise-scale experience in IAM architecture. Essential qualifications include SailPoint certifications (IdentityIQ Engineer/Architect or Identity Security Cloud) and/or Okta certifications, with hands-on experience integrating SailPoint with Okta using connectors and APIs. Deep knowledge of cloud IAM concepts, such as Azure AD/Entra ID and AWS IAM, is required, including mapping ABAC policies to cloud entitlements and metadata. Financial-services background with familiarity in audit and regulatory expectations—such as access certification cadences, evidence retention, and SoD rigor—is non-negotiable. Strong skills in Active Directory administration, RBAC/ABAC implementation, and protocol expertise (SAML, OIDC, OAuth, SCIM) are critical. The ideal candidate thrives in cross-functional partnerships and possesses excellent communication skills for mentoring and stakeholder engagement.
Why Join Us at Robert Half in Tempe, AZ?
Robert Half offers more than just a job—it's a career-launching platform in the competitive Tempe, Arizona job market. Enjoy a competitive salary package from $130,000 to $160,000 annually, comprehensive benefits including health insurance, 401(k) matching, generous PTO, and professional development support. Work in a collaborative environment with hybrid flexibility, cutting-edge tools, and opportunities to advance in IAM and cybersecurity. Tempe's vibrant tech scene and proximity to Phoenix provide an ideal backdrop for professional growth. Apply now to elevate your career with Robert Half's renowned expertise in placing top talent in high-demand roles like this IAM/Active Directory Architect position. Keywords: SailPoint jobs Tempe AZ, IAM Architect careers, Okta engineer Arizona, RBAC ABAC specialist financial services.
Locations
- Tempe, Arizona, United States
Salary
130,000 - 160,000 USD / yearly
130,000 - 160,000 USD / yearly
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- SailPoint IdentityIQ/Identity Security Cloudintermediate
- Okta Identity Managementintermediate
- RBAC (Role-Based Access Control)intermediate
- ABAC (Attribute-Based Access Control)intermediate
- Active Directory (AD)/LDAPintermediate
- SAML 2.0, OIDC, OAuth 2.0, SCIMintermediate
- Cloud IAM (Azure AD/Entra ID, AWS IAM)intermediate
- Identity Governance and Administration (IGA)intermediate
- SoD (Segregation of Duties) Matricesintermediate
- Access Certification and Auditingintermediate
Required Qualifications
- Deep experience assessing current state and designing target-state IAM architectures at enterprise scale (experience)
- SailPoint (IdentityIQ Engineer/Architect or Identity Security Cloud) and/or Okta certifications (experience)
- Proven expertise integrating SailPoint with Okta via connectors/APIs (experience)
- Strong knowledge of cloud IAM concepts including Azure AD/Entra ID and AWS IAM (experience)
- Financial-services experience with audit/regulatory expectations (e.g., access certification, SoD rigor) (experience)
- Experience with role engineering, ABAC policy design, and entitlement catalogs (experience)
- Ability to author architecture decision records (ADRs) and define standards/guardrails (experience)
- Mentoring experience with engineers and analysts (experience)
Responsibilities
- Define RBAC/ABAC standards, pattern libraries, and guardrails; author architecture decision records (ADRs)
- Drive role engineering (role discovery, consolidation, birthright access, SoD matrices) and ABAC policy design
- Maintain IGA reference architecture spanning SailPoint, Okta, directories (AD/LDAP), HR/ERP, and cloud providers
- Partner with AppSec and platform teams to externalize authorization using SAML 2.0, OIDC, OAuth 2.0, and SCIM
- Configure SailPoint sources, connectors, aggregation rules, identity profiles, lifecycle policies, and certification campaigns
- Build monitoring, health checks, metrics, and dashboards for access governance KPIs; automate evidence collection
- Define policies for access control, attribute quality, identity proofing, certification cadence, and exception handling
- Support audits and regulatory examinations with certification results, SoD analyses, and access recertification trails
- Mentor engineers and analysts; partner with business owners to onboard apps using repeatable playbooks
Benefits
- general: Competitive salary ranging from $130,000 to $160,000 annually based on experience
- general: Comprehensive health, dental, and vision insurance plans
- general: 401(k) retirement savings plan with company matching
- general: Generous paid time off (PTO) and flexible holiday schedule
- general: Professional development opportunities including certifications and training
- general: Remote and hybrid work options available
- general: Employee assistance programs and wellness initiatives
- general: Performance-based bonuses and career advancement paths
Tags & Categories
Answer 10 quick questions to check your fit for IAM/Active Directory Architect - Careers at Robert Half @ Robert Half.
Related Books and Jobs