Workforce Identity Architect, VP
MUFG Bank, Ltd, Tampa, FL, United States
* Define and maintain global workforce identity architecture using Microsoft Entra ID in hybrid and cloud‐mastered environments.* Establish standard patterns for authentication, federation, Conditional Access, and MFA.* Design tenant‐level identity integration patterns that scale across applications and regions.* Architect and standardize Joiner / Mover / Leaver (JML) identity lifecycle patterns driven by authoritative HR sources.* Ensure consistent provisioning, modification, and deprovisioning of workforce identities.* Reduce orphaned, dormant, and over‐provisioned access through strong lifecycle **design.*** Define workforce identity governance standards, including access requests, access reviews, and separation of duties (SoD).* Architect privileged access models for workforce identities, including PIM and Just‐in‐Time access.* Ensure access models are auditable and aligned to regulatory and risk expectations.* Leverage analytics and AI‐assisted capabilities to improve role and entitlement design.* Reduce access certification noise by improving role quality, review scoping, and access rationalization.* Translate analytic insights into architectural improvements rather than one‐off reporting.* Define B2B and partner identity patterns using Entra ID that enable collaboration while maintaining centralized governance.* Ensure third‐party access aligns with global standards and workforce identity controls.* Partner with IAM Governance teams to define and consume workforce identity metrics, including access quality, review effectiveness, and lifecycle hygiene.* Use metrics to continuously improve identity architecture and reduce access risk.* A senior architecture and standards role* Focused on workforce identity at enterprise and global scale* A bridge between architecture, security, risk, and delivery team* An IAM operation or helpdesk role* A single‐tool administrator position* A regional‐only identity role* Consistent, scalable workforce identity standards adopted across regions* Reduced access risk and certification fatigue* Clear lifecycle ownership and audit‐ready access governance* Smooth regional progression toward cloud‐mastered identity* 8–10+ years of experience in identity, access management, or security architecture roles.* Deep expertise in Microsoft Entra ID architecture in hybrid environments.* Strong experience designing JML lifecycle, identity governance, and privileged access controls.* Ability to design auditable, regulator‐defensible access models.* Proven ability to influence across technical and non‐technical stakeholders.* Experience using analytics or AI‐assisted tools for access optimization and certification improvement.* Experience supporting global or federated IAM models with regional variation.* Familiarity with regulated industries (e.g., financial services).* Relevant identity or security certifications.* Identity Architecture & Lifecycle* Enterprise‐level experience designing workforce identity architecture at scale.* Deep understanding of Joiner / Mover / Leaver (JML) lifecycle patterns and HR‐driven identity provisioning.* Strong grounding in least privilege, access lifecycle management, and identity hygiene.* Microsoft Entra ID (Azure AD)* Hands‐on architectural experience with Microsoft Entra ID in hybrid environments.* Design and governance of:
+ Authentication and federation
+ Conditional Access and MFA
+ Tenant‐level architecture and integration patterns* Identity Governance & Access Controls* Proven experience designing identity governance solutions, including:
+ Access reviews / certifications
+ Separation of Duties (SoD)
+ Access request and approval workflows* Ability to design auditable, regulator‐defensible access models.* Privileged Access* Experience with privileged access for workforce identities, including:
+ Privileged Identity Management (PIM)
+ Just‐in‐Time (JIT) access concepts* Stakeholder & Architecture Skills* Strong ability to collaborate across architecture, engineering, security, risk, and audit teams.* Comfortable influencing outcomes without direct authority.* Ability to translate complex identity concepts into clear architectural standards.- **Suggested Skills (Strongly Preferred)**
* AI‐Assisted Identity Analytics
* Experience using analytics or AI‐assisted tools to improve:
+ Role and entitlement rationalization
+ Role / bundle design
+ Reduction of access certification noise and over‐reviewing
* Ability to translate analytic insights into architectural improvements, not just reports.
* B2B & External Identity
* Experience designing B2B / partner identity patterns using Entra ID.
* Understanding of secure external collaboration models that preserve centralized governance.
* Hybrid & Global Environments
* Experience operating in global or federated IAM models, supporting regions at varying maturity levels.
* Familiarity with phased migrations from on‐prem AD‐centric to cloud‐mastered identity.
* Metrics & Continuous Improvement
* Experience defining or consuming IAM metrics, such as:
+ Access review effectiveness
+ Orphaned or dormant access
+ Role reuse vs. sprawl
* Ability to use metrics to drive continuous improvement in identity design.* Advanced Identity Concepts* Familiarity with continuous access evaluation and signal‐driven identity models.* Exposure to workforce identity data platforms or identity fabric concepts.* Cloud & Platform Awareness* Understanding of how workforce identity integrates with cloud platforms (e.g., AWS IAM Identity Center) without owning cloud IAM design.* Relevant certifications (e.g., Microsoft Identity, CISSP, CCSP, IAM‐focused certifications).* Experience in financial services or other highly regulated industries.
#J-18808-Ljbffr
+ Authentication and federation
+ Conditional Access and MFA
+ Tenant‐level architecture and integration patterns* Identity Governance & Access Controls* Proven experience designing identity governance solutions, including:
+ Access reviews / certifications
+ Separation of Duties (SoD)
+ Access request and approval workflows* Ability to design auditable, regulator‐defensible access models.* Privileged Access* Experience with privileged access for workforce identities, including:
+ Privileged Identity Management (PIM)
+ Just‐in‐Time (JIT) access concepts* Stakeholder & Architecture Skills* Strong ability to collaborate across architecture, engineering, security, risk, and audit teams.* Comfortable influencing outcomes without direct authority.* Ability to translate complex identity concepts into clear architectural standards.- **Suggested Skills (Strongly Preferred)**
* AI‐Assisted Identity Analytics
* Experience using analytics or AI‐assisted tools to improve:
+ Role and entitlement rationalization
+ Role / bundle design
+ Reduction of access certification noise and over‐reviewing
* Ability to translate analytic insights into architectural improvements, not just reports.
* B2B & External Identity
* Experience designing B2B / partner identity patterns using Entra ID.
* Understanding of secure external collaboration models that preserve centralized governance.
* Hybrid & Global Environments
* Experience operating in global or federated IAM models, supporting regions at varying maturity levels.
* Familiarity with phased migrations from on‐prem AD‐centric to cloud‐mastered identity.
* Metrics & Continuous Improvement
* Experience defining or consuming IAM metrics, such as:
+ Access review effectiveness
+ Orphaned or dormant access
+ Role reuse vs. sprawl
* Ability to use metrics to drive continuous improvement in identity design.* Advanced Identity Concepts* Familiarity with continuous access evaluation and signal‐driven identity models.* Exposure to workforce identity data platforms or identity fabric concepts.* Cloud & Platform Awareness* Understanding of how workforce identity integrates with cloud platforms (e.g., AWS IAM Identity Center) without owning cloud IAM design.* Relevant certifications (e.g., Microsoft Identity, CISSP, CCSP, IAM‐focused certifications).* Experience in financial services or other highly regulated industries.
#J-18808-Ljbffr