Senior IT Architect Identity and Access Management
CenterPoint Energy, Inc., Houston, TX, United States
Senior IT Architect Identity and Access Management
We are seeking an experienced IAM Architect to lead the strategy, design, governance, and evolution of our enterprise identity ecosystem.
This role serves as the technical authority for identity architecture, ensuring secure, scalable, and compliant access across on-premises, cloud, and SaaS environments.
The IAM Architect partners closely with security leadership, engineering teams, application owners, and compliance stakeholders to deliver identity solutions that balance strong security controls, user experience, and business agility.
This role is pivotal in building a secure digital front door that protects enterprise assets while enabling employees, partners, and customers. The architect bridges high-level business requirements with deep technical execution, ensuring the IAM framework supports cloud transformation, Zero Trust principles, and regulatory obligations.
Essential Functions
Lead the architecture, design, and implementation of enterprise IAM capabilities, including Identity Governance and Administration (IGA), Privileged Access Management (PAM), and Customer IAM (CIAM)
Develop and implement IAM policies, standards, and reference architectures for hybrid and multi-cloud environments, including SSO, identity federation (SAML, OIDC, OAuth 2.0), API security, SCIM provisioning, and directory services
Drive adoption of modern authentication controls, including passwordless, passkeys, and phishing-resistant authentication
Design and implement controls for non-human and machine identities, including service principals, secrets management, and PKI-based authentication
Develop automated identity lifecycle management workflows, including joiner-mover-leaver (JML) processes, to reduce manual effort and improve security posture
Onboard new applications by defining identity, authentication, authorization, and access requirements including Secure SaaS integrations and design Conditional Access policies
Architect IAM controls to support SOX, NIST, and other regulatory frameworks, including segregation of duties (SoD), RBAC models, access certifications, privileged access controls, and audit logging
Ensure IAM architectures are audit-defensible and capable of producing required evidence for internal and external audits
Continuously monitor and improve identity security posture, detection capabilities, and response readiness
Lead identity architecture reviews and provide mentorship and technical guidance to junior IAM engineers and analysts
Produce high-quality documentation, including architecture diagrams, design decision records, standards, and implementation guidance
Communicate complex identity and security concepts effectively to engineering teams, business stakeholders, and senior leadership
Identify and implement automation to improve Identity Operations and Services
Education
Bachelor’s degree in Computer science, Information Security, or Engineering PREFERRED
Experience
10+ years in Cybersecurity, with at least 5 years specifically focused on IAM architecture, design and implementation
Experience with major IAM platforms and hands‑on experience with enterprise IAM technologies such IGA, SSO, PAM, Phish‑resistant MFA, CIAM
Strong knowledge of identity protocols such as SAML, OAuth2, OIDC, LDAP, Kerberos
Hands on experience in cloud identity and hybrid environments
Experience implementing Zero Trust or similar modern security models
Strong written and verbal communication and excellent problem‑solving and analytical skills
Self‑motivated and capable of working independently in a fast‑paced operational environment
CISSP or other relevant security certifications PREFERRED
Microsoft Identity or IAM Vendor Security certifications PREFERRED
Benefits
Competitive pay
Paid training
Benefits eligibility begins on your first day
Flexible work schedule, paid holidays and paid time off
Access to discounts at fitness clubs and an on‑site wellness center at our headquarters in Houston
Professional growth and development programs including tuition reimbursement
401(k) Savings Plan featuring a company match dollar‑for‑dollar up to 6% and a company contribution of 3% regardless of your contribution
Job Type:
Full Time
Posting Start Date:
04/23/2026
Posting End Date:
05/08/2026
This contractor and subcontractor shall abide by the requirements of 41 CFR §§ 60‑1.4(a), 60-300.5(a), and 60‑741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on race, color, religion, sex, sexual orientation, gender identity or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, protected veteran status or disability.
#J-18808-Ljbffr
We are seeking an experienced IAM Architect to lead the strategy, design, governance, and evolution of our enterprise identity ecosystem.
This role serves as the technical authority for identity architecture, ensuring secure, scalable, and compliant access across on-premises, cloud, and SaaS environments.
The IAM Architect partners closely with security leadership, engineering teams, application owners, and compliance stakeholders to deliver identity solutions that balance strong security controls, user experience, and business agility.
This role is pivotal in building a secure digital front door that protects enterprise assets while enabling employees, partners, and customers. The architect bridges high-level business requirements with deep technical execution, ensuring the IAM framework supports cloud transformation, Zero Trust principles, and regulatory obligations.
Essential Functions
Lead the architecture, design, and implementation of enterprise IAM capabilities, including Identity Governance and Administration (IGA), Privileged Access Management (PAM), and Customer IAM (CIAM)
Develop and implement IAM policies, standards, and reference architectures for hybrid and multi-cloud environments, including SSO, identity federation (SAML, OIDC, OAuth 2.0), API security, SCIM provisioning, and directory services
Drive adoption of modern authentication controls, including passwordless, passkeys, and phishing-resistant authentication
Design and implement controls for non-human and machine identities, including service principals, secrets management, and PKI-based authentication
Develop automated identity lifecycle management workflows, including joiner-mover-leaver (JML) processes, to reduce manual effort and improve security posture
Onboard new applications by defining identity, authentication, authorization, and access requirements including Secure SaaS integrations and design Conditional Access policies
Architect IAM controls to support SOX, NIST, and other regulatory frameworks, including segregation of duties (SoD), RBAC models, access certifications, privileged access controls, and audit logging
Ensure IAM architectures are audit-defensible and capable of producing required evidence for internal and external audits
Continuously monitor and improve identity security posture, detection capabilities, and response readiness
Lead identity architecture reviews and provide mentorship and technical guidance to junior IAM engineers and analysts
Produce high-quality documentation, including architecture diagrams, design decision records, standards, and implementation guidance
Communicate complex identity and security concepts effectively to engineering teams, business stakeholders, and senior leadership
Identify and implement automation to improve Identity Operations and Services
Education
Bachelor’s degree in Computer science, Information Security, or Engineering PREFERRED
Experience
10+ years in Cybersecurity, with at least 5 years specifically focused on IAM architecture, design and implementation
Experience with major IAM platforms and hands‑on experience with enterprise IAM technologies such IGA, SSO, PAM, Phish‑resistant MFA, CIAM
Strong knowledge of identity protocols such as SAML, OAuth2, OIDC, LDAP, Kerberos
Hands on experience in cloud identity and hybrid environments
Experience implementing Zero Trust or similar modern security models
Strong written and verbal communication and excellent problem‑solving and analytical skills
Self‑motivated and capable of working independently in a fast‑paced operational environment
CISSP or other relevant security certifications PREFERRED
Microsoft Identity or IAM Vendor Security certifications PREFERRED
Benefits
Competitive pay
Paid training
Benefits eligibility begins on your first day
Flexible work schedule, paid holidays and paid time off
Access to discounts at fitness clubs and an on‑site wellness center at our headquarters in Houston
Professional growth and development programs including tuition reimbursement
401(k) Savings Plan featuring a company match dollar‑for‑dollar up to 6% and a company contribution of 3% regardless of your contribution
Job Type:
Full Time
Posting Start Date:
04/23/2026
Posting End Date:
05/08/2026
This contractor and subcontractor shall abide by the requirements of 41 CFR §§ 60‑1.4(a), 60-300.5(a), and 60‑741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on race, color, religion, sex, sexual orientation, gender identity or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, protected veteran status or disability.
#J-18808-Ljbffr