Digital Identity Architect

Position: Identity and Access Management Architect

Location: REMOTE OK - (Hybrid schedule if living within 31 miles of Tustin, CA)

Compensation: starting at $140K, DOE

Position Summary:

The Digital Identity Architect plays a pivotal role in defining, designing, and advancing the enterprise’s Identity & Trust architecture. This role ensures that every digital interaction—across workforce, customer, and machine identities—is secure, seamless, and compliant with evolving regulatory requirements.

As a strategic technologist and hands-on architect, this position shapes the long-term digital identity vision, aligning it with business goals, Zero Trust principles, and emerging industry trends. Partnering with the Identity leadership team, cybersecurity, cloud, and business stakeholders, the Architect translates enterprise identity strategy into actionable, scalable solutions that strengthen security, support innovation, and enhance user experience.

This position demands a forward-looking leader with deep technical mastery, innovation mindset, and the ability to own complex, enterprise-scale initiatives in a dynamic financial environment.

Identity Verification checks are in place throughout the Candidate journey to prevent candidate fraud

Architecture & Implementation

• Define and execute the enterprise IAM and CIAM architecture roadmap, aligning with financial regulatory and business requirements.
• Design end-to-end identity architectures covering workforce, customer, privileged, and non-human identities, ensuring policy consistency and least-privilege enforcement.
• Architect and optimize Active Directory (AD) and Microsoft Entra ID environments to deliver secure, resilient, and compliant hybrid identity solutions.
• Lead the modernization of legacy identity systems into cloud-ready architectures integrated with Entra ID, Azure AD Connect, and federated authentication services.
• Establish governance and operational standards for AD forests, domains, and group policies aligned with least-privilege and Zero Trust principles.
• Manage cloud entitlements across AWS, Azure, and GCP using automation and policy-driven access controls to prevent privilege sprawl.
• Implement Just-in-Time (JIT) and Just-Enough-Access (JEA) for privileged accounts, service principals, and administrative roles to minimize standing privileges.
• Architect and oversee IAM and CIAM platforms, including SSO, MFA, PAM, IGA, API security, and directory services across hybrid and multi-cloud environments.
• Implement Identity Threat Detection and Response (ITDR) capabilities to proactively detect and contain credential misuse, account compromise, and insider threats.
• Integrate identity and access policies into DevSecOps pipelines, automating enforcement across SaaS and cloud workloads.
• Conduct proof-of-concepts for emerging IAM technologies, guiding evaluation, adoption, and enterprise scaling.

Governance, Risk & Compliance

• Establish identity lifecycle and entitlement governance for Active Directory, Entra ID, and Cloud Service Provider platform roles
• Define and enforce access policies for Privileged Access Management (PAM) and Just-in-Time Access (JIT)
• Integrate IAM controls within enterprise risk and compliance programs, ensuring alignment with best practice and regulatory frameworks.

Collaboration & Leadership

• Partner with enterprise architects, cloud security, infrastructure, and application teams to embed IAM standards and controls across the enterprise.
• Act as a trusted advisor to the CISO and senior technology leaders, providing architectural insight, risk posture assessments, and strategic investment recommendations.
• Provide technical leadership and mentorship to identity engineers and analysts, fostering a culture of innovation and accountability.
• Influence cross-functional teams to adopt identity-first security principles and ensure consistent application across systems and business units.
• Support incident response and post-event analysis for identity-related security or fraud investigations, embedding lessons learned into architecture improvements.

Innovation & Continuous Improvement

• Research, evaluate and integrate identity technologies, including decentralized identity, AI-driven access analytics, and behavioral risk scoring.
• Stay current on identity standards including emerging standards such as OpenID Shared Signals Framework
• Promote a security-by-design culture, emphasizing innovation, automation, and continuous improvement within the Identity & Trust domain.

• Proven expertise designing and managing Active Directory, Entra ID, and hybrid identity architectures.
• Extensive experience implementing and managing IAM and CIAM platforms (SSO, MFA, PAM, IGA, OAuth2, SAML, FIDO2, passwordless, adaptive authentication).
• Deep understanding of Zero Trust, ITDR, PAM, JIT, and access governance within financial systems.
• Experience managing cloud entitlements across AWS, Azure, and GCP environments.
• Strong knowledge of IAM maturity models, regulatory requirements, and security frameworks.
• Hands-on experience with major identity platforms and vendors, including Microsoft Entra ID, Okta, Ping Identity, SailPoint, Saviynt, and modern ITDR solutions.
• In-depth knowledge of Microsoft Entra ID, AWS IAM, Active Directory, and related directory/authentication services.
  • In-depth understanding of directory and authentication services, including AWS IAM, Kerberos, and modern federation protocols.
  • Solid grasp of CIAM capabilities, such as consent management, adaptive access, ivacy, and regulatory compliance.
  • Exceptional communication and stakeholder-management skills, capable of influencing both technical and executive audiences.
  • Strong project leadership and organizational skills, with a proven record of delivering complex identity programs under pressure.
  • Availability to participate in a rotating on-call schedule (24x7x365) as needed.

Education, Experience & Certification:

• Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, Business, or equivalent experience.
• 12+ years of experience in cybersecurity or IT, with 7+ years focused on IAM/CIAM.
• 5+ years guiding technical teams and managing projects in identity/security.
• Experience with leading IAM/CIAM and IGA platforms (Ping, Okta, Entra ID, SailPoint, Saviynt, etc.).
• One or more of the following certifications required (CIAM, CIMP, CAMS, CIGE, CISSP, CISM, CIGE, TOGAF)
• Experience in mortgage or financial services industry preferred.

Reporting Line:

• Primary: Reports directly to Sr Director Digital Identity
• Secondary: Partners with the Office of the CISO to align with organizational priorities.

Work Authorization:

Must be able to verify identity and employment eligibility to work in the U.S.

Other Duties:

This job profile is not intended to be an all-inclusive list of job duties and responsibilities, as one may perform additional related duties as assigned to meet the needs of the organization.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Must be able to lift up to ten pounds. Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a keyboard; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction. HEARING: Hear in the normal audio range with or without correction.

[EOE/M/F/D/V. Drug-free workplace.]

#LI-JS3

#REMOTE