What are the responsibilities and job description for the Lead Security Architect - IAM position at SECU?
If you are motivated and believe in the credit union philosophy of "People Helping People," join our team!
The Lead Security Architect - IAM is responsible for designing, implementing, and optimizing Identity and Access Management (IAM) solutions to ensure security, compliance, and operational efficiency across the enterprise. This role requires deep expertise in authentication, authorization, governance, and identity lifecycle management, with a strong focus on cloud and hybrid IAM environments.
The Lead Architect will lead strategic IAM initiatives, collaborate with other architects and actively participate in the Architecture Review board to advocate for secure-by design principles. Additionally, they will work with cross-functional teams, provide technical and professional mentorship, drive automation and integration efforts, and ensure IAM solutions align with industry best practices and regulatory standards. They also assist in troubleshooting IAM-related issues, evaluating security risks, and supporting IAM governance frameworks.
Responsibilities:
Disclaimer
State Employees' Credit Union reserves the right to fill this role at a higher/lower level based on business need.
The Lead Security Architect - IAM is responsible for designing, implementing, and optimizing Identity and Access Management (IAM) solutions to ensure security, compliance, and operational efficiency across the enterprise. This role requires deep expertise in authentication, authorization, governance, and identity lifecycle management, with a strong focus on cloud and hybrid IAM environments.
The Lead Architect will lead strategic IAM initiatives, collaborate with other architects and actively participate in the Architecture Review board to advocate for secure-by design principles. Additionally, they will work with cross-functional teams, provide technical and professional mentorship, drive automation and integration efforts, and ensure IAM solutions align with industry best practices and regulatory standards. They also assist in troubleshooting IAM-related issues, evaluating security risks, and supporting IAM governance frameworks.
Responsibilities:
- (20%) Architect modern, automated IAM solutions in collaboration with vendors and internal teams, continuously reviewing and optimizing existing IAM services for peak performance.
- (20%) Partner with IT engineering, InfoSec, Risk, Compliance, and LOB leadership to align IAM solutions with business needs, security policies, and enterprise IT standards. Responsibilities will include participation in special assignments and cross-functional initiatives as required.
- (20%) Evaluate internal and external threats, ensuring IAM solutions comply with security policies, mitigate risks, and align with security best practices.
- (20%) Develop and maintain architecture documentation, security roadmaps, reference patterns, and operational support documentation while assisting in security standards and procedures.
- (10%) Provide expertise and recommendations to engineering, development, and architectural review teams, advocating for security-by-design principles and technology improvements.
- (10%) Mentor junior team members and stay updated on emerging IAM trends and risks through professional development and education.
- Candidate must live in North Carolina or contiguous state.
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related field.
- Additional 7 years of relevant experience can be considered in lieu of degree.
- Minimum 7 year of experience in related field.
- Technical Expertise
- Proven experience with infrastructure technologies including Cloud, LDAP, SAML, MFA, and SSO in highly regulated and secure environments.
- Mastery of IAM solutions such as PAM, SSO, Directory Services, IGA, CIAM, and MFA, with expertise in designing and implementing advanced integrations.
- Strong knowledge of authentication and authorization protocols, including OAuth2.0, OIDC, SAML, LDAP, Kerberos, and XACML.
- Experience with hybrid IAM environments and cloud-to-cloud identity integration, leveraging cloud directories such as Entra ID, AWS Directory Service, and Google Cloud Identity.
- Advanced experience with APIs and their role in integrating IAM systems with enterprise applications.
- Proficiency in IAM governance and compliance, aligning with frameworks such as NIST, ISO 27001, SOX, and GDPR, including audit and compliance reporting.
- Security & Risk Management
- Deep understanding of IAM’s role in security frameworks and risk management, including threat modeling and risk assessments related to identity and access.
- Experience evaluating internal and external threats, maintaining and updating security tools, and supporting incident response and forensic investigations.
- Ability to support identity-based security incidents, forensic analysis, and risk mitigation planning.
- User Lifecycle Management
- Expertise in designing and implementing provisioning and de-provisioning processes, including Joiner-Mover-Leaver (JML) workflows.
- Experience designing and automating user lifecycle management using scripting tools such as PowerShell, Python, and IAM orchestration tools.
- Strong knowledge of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).
- Architecture & Solution Design
- Ability to define and document security solutions, reference patterns, and operational support documentation.
- Provide security solution expertise and architectural guidance to analysts, engineers, and application teams.
- Make recommendations for improving IAM solution architecture and aligning security strategies with business needs.
- Collaborate with engineering teams and architectural review boards to advocate for secure-by-design principles.
- Develop security roadmaps for IAM domains and ensure alignment with organizational goals.
- Automation & Infrastructure as Code (IaC)
- Strong scripting capabilities using Python, PowerShell, or Bash for automating IAM tasks.
- Knowledge of Infrastructure as Code (IaC) tools such as Ansible, Azure Resource Manager, and Terraform for IAM automation.
- Leadership & Collaboration
- Ability to communicate effectively at senior leadership levels, advocating for the value of IAM solutions.
- Strong ability to influence and drive organizational change to enhance security postures.
- Experience in mentoring, training, and knowledge-sharing to improve team effectiveness.
- Demonstrated ability to collaborate with cross-functional teams, including security, IT operations, development, and business stakeholders.
- Problem-Solving & Critical Thinking
- Advanced troubleshooting and investigative skills to resolve complex IAM issues.
- Strong analytical skills for identifying patterns and improving IAM processes.
- Ability to assess and recommend improvements to security infrastructure, IAM architecture, and security standards.
- Commitment to Continuous Learning
- Pursue ongoing professional development to stay ahead of evolving threats, technologies, and industry best practices.
- Bachelors degree in Computer Science, Information Technology, Cyber Security, or related field.
- Preferred 7 direct years of experience.
- Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, OSCE, or other relevant industry certification and/or desire to obtain such certifications.
- Experience working within a DevOps environment.
- Experience in managing IAM projects from inception to delivery.
- Experience of FFIEC audit guidelines for banking regulators
- Computer for prolonged periods
Disclaimer
State Employees' Credit Union reserves the right to fill this role at a higher/lower level based on business need.
