What are the responsibilities and job description for the Identity & Access Management Lead Architect position at UCAR - The University Corporation for Atmospheric Research?
Job Description Summary:
The Identity and Access Management (IAM) Lead Architect aligns IAM technology and processes to institutional and IT business drivers and requirements.
This person is responsible for gathering institutional strategic objectives, IT business drivers, stakeholder requirements and aligning the IAM architecture and technology with the needs of the campus. They will participate in and lead IAM stakeholder requirements workshops and develop and maintain the overall IAM architecture as well as detailed technical and functional design documents including data mapping, workflows, and use cases and policies for identity lifecycle management. This position leads a team of people working closely with campus stakeholders, other IT leads (e.g., enterprise business applications, systems infrastructure, and the office of information security), IAM technical resources, and project management office to gather and document requirements, document and validate technical designs, develop deployment plans, and lead and participate in IAM solution development and deployment.
Reporting to the manager of Enterprise Core Services (ECS), the IAM Lead Architect position requires a skilled and experienced individual with a high business acumen and strong communication skills. The position requires extensive experience in developing and implementing scalable, high-performance IAM strategies, policies, and procedures that align with industry best practices and security frameworks (SSO, MFA, Federation, OAuth, SAML, LDAP, SCIM).
Position Details:
Visa Sponsored Job:
No
Relocation Assistance Eligible:
No
Job Location:
Boulder, Colorado
Position Type & Term:
Full time, Regular
Compensation Range:
Salary Range $117,279 to $150,000
Application Deadline:
Work Location: Regardless of flexible work arrangements, UCAR requires ALL positions to be performed within the U.S., excluding U.S. Territories.
What You Will Do
Here is a brief summary of what one would expect to be generally responsible for in this role.
Successful candidates will ensure their application materials speak to the following criteria:
Education and Experience (Required/Desired):
REQUIRED:
UCAR affirms its commitment to employees through competitive benefits. In addition to medical, dental, vision, retirement, and life insurance, UCAR offers a variety of programs focused on work-life balance and professional, and personal development. These include:
Applicants are not required to provide age or age-related information and may redact information related to age, date of birth, or dates of attendance at or graduation from an educational institution from any submissions during the initial application process.
Some Final Considerations
At UCAR|NCAR|UCP, you will work alongside a dedicated team of professionals conducting critical research and community outreach to solve complex Earth system science problems including climate change, air pollution, extreme weather, floods, drought, wildfires, and space weather, all with the goal of improving human life and reducing economic loss. Each of us, from scientists to the professionals who support their work, serves the public and a collaborative community of scientists in our mission to understand the complex processes that make up the Earth system, from the ocean floor to the Sun’s core.
Flexible Work
At UCAR, we are committed to supporting our mission by giving staff the flexibility to find the schedule and location that works best to maintain their own work-life circumstances and reach their full potential as professionals. Many positions within our organization are eligible for fully on-site, hybrid (three days per week) and/or flexible work hours.
Equal Opportunity Employer
UCAR is committed to providing equal opportunity for all employees and applicants for employment and does not discriminate on the basis of race, age, creed, color, religion, national origin or ancestry, sex, gender, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or pregnancy. Whatever your intersection of identities, you are welcome at UCAR.
Export Control
All positions are required to comply with U.S. export compliance regulations work location requirements regarding access to facilities and research systems.
Visa Wait Times
Please consider the length of visa procurement when applying for this posting, understanding that you will not be able to begin employment until you are able to get a visa and enter the U.S.
Work Location
UCAR requires ALL positions to be performed within the U.S., excluding U.S. Territories.
The Identity and Access Management (IAM) Lead Architect aligns IAM technology and processes to institutional and IT business drivers and requirements.
This person is responsible for gathering institutional strategic objectives, IT business drivers, stakeholder requirements and aligning the IAM architecture and technology with the needs of the campus. They will participate in and lead IAM stakeholder requirements workshops and develop and maintain the overall IAM architecture as well as detailed technical and functional design documents including data mapping, workflows, and use cases and policies for identity lifecycle management. This position leads a team of people working closely with campus stakeholders, other IT leads (e.g., enterprise business applications, systems infrastructure, and the office of information security), IAM technical resources, and project management office to gather and document requirements, document and validate technical designs, develop deployment plans, and lead and participate in IAM solution development and deployment.
Reporting to the manager of Enterprise Core Services (ECS), the IAM Lead Architect position requires a skilled and experienced individual with a high business acumen and strong communication skills. The position requires extensive experience in developing and implementing scalable, high-performance IAM strategies, policies, and procedures that align with industry best practices and security frameworks (SSO, MFA, Federation, OAuth, SAML, LDAP, SCIM).
Position Details:
Visa Sponsored Job:
No
Relocation Assistance Eligible:
No
Job Location:
Boulder, Colorado
Position Type & Term:
Full time, Regular
Compensation Range:
Salary Range $117,279 to $150,000
- Final salary and rates are based on education, experience, skills relevant to the role.*
Application Deadline:
- This position will be posted until March 7.
- Resume
- Application Questionnaire (included in the application)
- Cover Letter - Please address how your skills and experience meet the needs of this position (for more information, please refer to the Key Responsibilities and Knowledge, Skills, and Abilities sections of this job posting).
Work Location: Regardless of flexible work arrangements, UCAR requires ALL positions to be performed within the U.S., excluding U.S. Territories.
What You Will Do
Here is a brief summary of what one would expect to be generally responsible for in this role.
- Design, develop, and implement IAM strategies and solutions to secure critical systems, data, and assets across the organization.
- Lead and manage end-to-end IAM architecture projects with high assurance level, including integration of on-premise, commercial-off-the-shelf, and cloud-based applications.
- Supports Fischer Identity integrations with Active Directory, Entra ID, and on-prem access and authorization infrastructure.
- Leads design requirements workshops with stakeholders to determine needs-based solutions for system access and authentication to develop a technical roadmap for seamless integration of core enterprise IAM solutions.
- As a subject matter expert provides application teams with expertise in Single Sign-On (SSO), Multi-Factor Authentication (MFA), Federation, API security, and identity governance.
- Team lead for a group focused on implementation of Identity and Access Management (IAM) including providing project and task duration as well as status, milestone, and risk updates to stakeholders in business, IT, and security
- Accountable for the delivery and security of the IAM platform and related services.
- Develops process change control requirements.
- Assists in developing solutions to automate and orchestrate repeatable tasks for IAM using tools such as Ansible, APIs, or scripting.
- Participates in ongoing audits and assessments to identify vulnerabilities and ensure compliance with security standards and regulations.
Successful candidates will ensure their application materials speak to the following criteria:
Education and Experience (Required/Desired):
REQUIRED:
- Bachelor’s Degree in computer related field and extensive and progressive
- experience with IAM technology architecture, design and development;
- experience with access management technologies, setup, configuration, and administration, which is typically gained by twelve or more years of experience; or equivalent combination of education and experience.
- Certified Identity and Access Manager (CIAM).
- Working in higher education information technology.
- Working knowledge and experience with SSO protocols such as OAuth2, SAML, OIDC, Kerberos,LDAP.
- Working knowledge and experience with multiple identity management/identity governance and administration solutions and platforms.
- Understanding of fundamental cloud computing concepts;
- Knowledge and experience with Information Assurance concepts and processes;
- Knowledge of and experience with security regulations, standards, and processes;
- Expertise in security architecture, vulnerability management program management, operational activities, and technical toolsets;
- Working knowledge of security governance, compliance frameworks, and technical hardening standards (e.g., PCI, HIPAA, CIS, NIST, etc.).
- Expert knowledge of IAM principles such as SSO, RBAC ABAC, PBAC , and Federation,
- Advanced knowledge and support for complex enterprise class services such as Federated identity configurations and authentication solutions.
- Advanced knowledge of Active Directory, Entra ID, and LDAP.
- Experience in successful implementation and support of IAM solutions.
- Experience with directory platforms and authentication services including MFA.
- Experience with team leadership and working with development teams.
- Knowledge and experience with information security best practices and frameworks.
- Strong ability to analyze, present and explain complex technical topics, problems, alternative solutions to others.
- Ability to develop IAM metrics and KPIs to track progress and measure success.
- Customer and results focused. A high degree of creativity and the ability to actively listen to LCPO needs in crafting technical solutions is expected.
- Willingness to serve on and may lead institution-wide committees and help determine policies.
UCAR affirms its commitment to employees through competitive benefits. In addition to medical, dental, vision, retirement, and life insurance, UCAR offers a variety of programs focused on work-life balance and professional, and personal development. These include:
- Tuition Assistance, time off allowance to attend classes, and other professional development opportunities
- UCAR contributes 10% of your eligible pay into your retirement account; 100% fully vested on day one
- Starting minimum accrual of 20 days of personal time off each year (prorated for less than full-time positions)
- 10 paid holidays
- 10 days of sick leave each year
- 12 weeks of paid parental leave
- Short-term medical leave paid at 100% of your regular salary
- EcoPass for local Colorado residents to use the Denver and Boulder-area transit system at no cost
Applicants are not required to provide age or age-related information and may redact information related to age, date of birth, or dates of attendance at or graduation from an educational institution from any submissions during the initial application process.
Some Final Considerations
At UCAR|NCAR|UCP, you will work alongside a dedicated team of professionals conducting critical research and community outreach to solve complex Earth system science problems including climate change, air pollution, extreme weather, floods, drought, wildfires, and space weather, all with the goal of improving human life and reducing economic loss. Each of us, from scientists to the professionals who support their work, serves the public and a collaborative community of scientists in our mission to understand the complex processes that make up the Earth system, from the ocean floor to the Sun’s core.
Flexible Work
At UCAR, we are committed to supporting our mission by giving staff the flexibility to find the schedule and location that works best to maintain their own work-life circumstances and reach their full potential as professionals. Many positions within our organization are eligible for fully on-site, hybrid (three days per week) and/or flexible work hours.
Equal Opportunity Employer
UCAR is committed to providing equal opportunity for all employees and applicants for employment and does not discriminate on the basis of race, age, creed, color, religion, national origin or ancestry, sex, gender, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or pregnancy. Whatever your intersection of identities, you are welcome at UCAR.
Export Control
All positions are required to comply with U.S. export compliance regulations work location requirements regarding access to facilities and research systems.
Visa Wait Times
Please consider the length of visa procurement when applying for this posting, understanding that you will not be able to begin employment until you are able to get a visa and enter the U.S.
Work Location
UCAR requires ALL positions to be performed within the U.S., excluding U.S. Territories.
Salary : $117,279 - $150,000
