IAM Architect

Job Title: IAM Architect

Location: Bury

Job Type: Full-Time

Job Description:

We are seeking an experienced and strategic IAM Architect to lead best-in-class design, development and governance of Identity & Access Management solutions in a large-scale, fast-paced retail environment.

You will be joining the Identity & Access Management (IAM) team reporting to the Head of IAM, all of which is part of our growing Information Security function.

This role will focus heavily on the integration and optimisation of SailPoint, CyberArk and enterprise directory services to support both workforce and third-party needs across a dynamic business landscape.

You’ll work with business, security and infrastructure teams to ensure that IAM architecture (including standards and patterns) is secure, scalable and enables agility across all platforms.

Key Responsibilities:

• Own the IAM architecture roadmap with a strong focus on SailPoint Identity Security Cloud, CyberArk Privileged Cloud, authoritative data sources, and core directory services (Active Directory, Entra ID)
• Design and govern identity lifecycle and access governance solutions for employees, contractors, vendors and service accounts
• Architect and oversee implementations between IAM platforms and enterprise systems including POS, ERP, e-commerce platforms and cloud workloads
• Define and implement robust RBAC/ABAC models, automated provisioning/deprovisioning and identity workflows within SailPoint
• Design and support the deployment of CyberArk to secure privileged accounts across critical infrastructure and cloud environments
• Provide guidance and architectural support for directory service modernisation ensuring security and role modelling across hybrid IT estates
• Lead the secure integration of Authentication & Authorisation mechanisms (e.g. SAML, OIDC, OAuth2) for internal and customer facing applications
• Work closely with IAM Engineering colleagues, DevOps, and secure teams to integrate IAM into CI/CD pipelines and Infrastructure-as-Code (IaC) practices
• Support audit and compliance initiatives including PCI-DSS, GDP and internal policy enforcement
• Evaluate new IAM technologies, tools and capabilities to maintain a forward-looking, strategic identity architecture

Skills & Experience:

• Proven experience within IAM and within a role as lead architect or design role
• Proven experience delivering IAM solutions in distributed or consumer environments
• Expert-level knowledge and hands-on experience with modern converged IGA platforms (SailPoint, Saviynt or equivalent) including identity lifecycle management, access certifications, policy creation and custom connector development
• Strong expertise in CyberArk PAM including vaulting, session monitoring, credential rotation, and application onboarding
• Deep understanding of Active Directory, Entra ID schema design, federation services and group management strategies.
• Familiarity with IAM protocols and standards: SAML, OIDC, OAuth2, SCIM, Kerberos, etc
• Experience integrating IAM with cloud platforms (Azure, AWS, GCP), SaaS applications and enterprise infrastructure
• Excellent stakeholder management, with the ability to translate security requirements into practical, business-aligned solutions
• Strong understanding of Zero Trust architecture and modern security frameworks
• Familiarity with DevSecOps practices and CI/CD integration
• Detail-oriented with a strong security mindset and ability to think proactively.
• Strong written and verbal communication and collaboration skills

Preferred Qualifications:

• Bachelor’s degree in computer science, Information Security or related field.
• Certifications such as CISSP, CISM or vendor-specific IAM certifications
• Experience in the retail industry or other high-volume, customer-facing environments
• Knowledge of CIAM (Customer identity & Access Management) and Identity Governance

#JD