The Identity and Access Management (IAM) Lead Architect aligns IAM technology and processes to institutional and IT business drivers and requirements.

This person is responsible for gathering institutional strategic objectives, IT business drivers, stakeholder requirements and aligning the IAM architecture and technology with the needs of the campus. They will participate in and lead IAM stakeholder requirements workshops and develop and maintain the overall IAM architecture as well as detailed technical and functional design documents including data mapping, workflows, and use cases and policies for identity lifecycle management. This position leads a team of people working closely with campus stakeholders, other IT leads (e.g., enterprise business applications, systems infrastructure, and the office of information security), IAM technical resources, and project management office to gather and document requirements, document and validate technical designs, develop deployment plans, and lead and participate in IAM solution development and deployment.

Reporting to the manager of Enterprise Core Services (ECS), the IAM Lead Architect position requires a skilled and experienced individual with a high business acumen and strong communication skills. The position requires extensive experience in developing and implementing scalable, high-performance IAM strategies, policies, and procedures that align with industry best practices and security frameworks (SSO, MFA, Federation, OAuth, SAML, LDAP, SCIM).

Application Deadline:

• This position will be posted until 11:59 PM MT on Friday, March 21, 2025.

Required application materials: (preferably in PDF Format)

• Resume

• Application Questionnaire (included in the application)

• Cover Letter - Please address how your skills and experience meet the needs of this position (for more information, please refer to the Key Responsibilities and Knowledge, Skills, and Abilities sections of this job posting).

Background Checks: Conducted for candidates selected for hire. Learn more.
Work Location: Regardless of flexible work arrangements, UCAR requires ALL positions to be performed within the U.S., excluding U.S. Territories. This position will have a Hybrid location, with 3 days/week minimum required on-site in Boulder, CO.

What You Will Do

Here is a brief summary of what one would expect to be generally responsible for in this role.

• Design, develop, and implement IAM strategies and solutions to secure critical systems, data, and assets across the organization.

• Lead and manage end-to-end IAM architecture projects with high assurance level, including integration of on-premise, commercial-off-the-shelf,  and cloud-based applications.

• Supports Fischer Identity integrations with Active Directory, Entra ID, and on-prem access and authorization infrastructure.

• Leads design requirements workshops with stakeholders to determine needs-based solutions for system access and authentication to develop a technical roadmap for seamless integration of  core enterprise IAM solutions.

• As a subject matter expert provides application teams with expertise in Single Sign-On (SSO), Multi-Factor Authentication (MFA), Federation, API security, and identity governance.

• Team lead for a group focused on implementation of Identity and Access Management (IAM) including providing project and task duration as well as status, milestone, and risk updates to stakeholders in business, IT, and security

• Accountable for the delivery and security of the IAM platform and related services.

• Develops process change control requirements.

• Assists in developing solutions to automate and orchestrate repeatable tasks for IAM using tools such as Ansible, APIs, or scripting.

• Participates in ongoing audits and assessments to identify vulnerabilities and ensure compliance with security standards and regulations.

   

Who We'd Love To Join Our Team

Successful candidates will ensure their application materials speak to the following criteria:
 

Education and Experience (Required/Desired):

REQUIRED:

• Bachelor’s Degree in computer related field and extensive and progressive

• experience with IAM technology architecture, design and development;
• experience with access management technologies, setup, configuration, and administration, which is typically gained by twelve or more years of experience; or equivalent combination of education and experience.

DESIRED, BUT NOT REQUIRED:

• Certified Identity and Access Manager (CIAM).
• Working in higher education information technology.
• Working knowledge and experience with SSO protocols such as OAuth2, SAML, OIDC, Kerberos,LDAP.
• Working knowledge and experience with multiple identity management/identity governance and administration solutions and platforms.
• Understanding of fundamental cloud computing concepts;
• Knowledge and experience with Information Assurance concepts and processes;
• Knowledge of and experience with security regulations, standards, and processes;
• Expertise in security architecture, vulnerability management program management, operational activities, and technical toolsets;
• Working knowledge of security governance, compliance frameworks, and technical hardening standards (e.g., PCI, HIPAA, CIS, NIST, etc.).

Knowledge, Skills, and Abilities

• Expert knowledge of IAM principles such as SSO, RBAC ABAC, PBAC , and Federation, 
• Advanced knowledge and support for complex enterprise class services such as Federated identity configurations and authentication solutions.
• Advanced knowledge of Active Directory, Entra ID, and LDAP.
• Experience in successful implementation and support of IAM solutions.
• Experience with directory platforms and authentication services including MFA.
• Experience with team leadership and working with development teams.
• Knowledge and experience with information security best practices and frameworks.
• Strong ability to analyze, present and explain complex technical topics, problems, alternative solutions to others.
• Ability to develop IAM metrics and KPIs to track progress and measure success.
• Customer and results focused. A high degree of creativity and the ability to actively listen to LCPO needs in crafting technical solutions is expected.
• Willingness to serve on and may lead institution-wide committees and help determine policies.