Identity and Access Management Architect

***This role is seeking a professional based in one of multiple

US and Canadian cities:

US : USA - Hermitage; USA - Atlanta; USA - Austin; USA - Chicago; USA - Cincinnati; USA - Cleveland; USA - Dallas; USA - Detroit; USA - Houston; USA - Jacksonville; USA - Kansas City; USA - Mclean; USA - Miami; USA - Morristown; USA - Nashville; USA - Philadelphia; USA - Pittsburgh; USA - Princeton; USA - Stamford; USA - Tampa

Canada: CAN - Halifax; CAN - Saint John; CAN - Toronto***

We are seeking a Senior Manager-level IAM Architect to partner with Senior IAM leadership team to define and drive the technical strategy and architecture for Identity and Access Management (IAM) across the organization. This role combines strategic leadership, hands-on solution design with product owners, and senior level stakeholder engagement, to secure identities, enable business objectives, and improve user experience across digital channels. This individual must have a pulse on the emerging identity technology trends and best practices to coordinate with Product Owners for integrated IAM architectures and roadmaps.

Core Responsibilities

• Partner with Senior IAM leadership team to define and own the enterprise IAM architecture, strategy, reference patterns, and roadmaps across authentication, authorization, identity lifecycle, privileged access, and account protection.
• Engage in executive level leadership conversations, translate business goals into IAM requirements, coordinate with IAM product owners on technical feasibility to ensure solutions scale and interoperate across on-premises, cloud, and hybrid environments.
• Partner with IAM product technical leads to assist with technical design and implementation for authentication (e.g. MFA, SSO, etc), authorization models (e.g. RBAC, ABAC, etc), identity provisioning, lifecycle management, and privileged access controls.
• Champion innovation with Identity and Access Management tools, evaluate and provide recommendations to product owners for consideration and integration with the existing platform, while balancing security, privacy, and usability.
• Architect secure integrations between IAM platforms and applications, directories, cloud services, and CI/CD pipelines, set standards and reusable patterns for developers.
• Partner with IAM Sr. Leadership team and IAM product technical leads to address IAM risk assessments, threat modeling, and remediation strategies, partner with security, risk, and compliance teams to implement controls and measure risk reduction.
• Partner with IAM product technical leads to oversee incident response activities as they relate to identity compromise, and lead post-incident root-cause analysis and remediation.
• Drive adoption: create technical guidance, architecture diagrams, and executive-level briefings, mentor architects and senior engineers on IAM best practices.
• Collaborate with product, engineering, and business leaders to prioritize roadmap items, measure outcomes (security posture, access-related incidents, time-to-provision), and demonstrate business value.
• Ensure compliance with relevant regulations and internal policies, support audits and attestations related to identity and access controls.
• On Call 24x7 responsibilities

The team

Deloitte Technology works at the forefront of technology development and processes to support and protect Deloitte around the world. In this truly global environment, we operate not in what is but rather what can be to help Deloitte deliver and connect with its clients, its communities, and one another in ways not previously conceived.

Qualifications

Do you possess the following?:

• 10 years of IAM experience with progressive technical leadership, experience in a consulting or large enterprise environment preferred.
• Proven track record designing, delivering, and operating enterprise-scale IAM solutions across cloud and on-prem environments.
• Deep technical knowledge of authentication/authorization protocols and standards (OAuth2/OIDC, SAML, SCIM, LDAP) and modern IAM architectures.
• Hands-on experience with at least two major IAM technologies (e.g., Entra ID/Azure AD, Microsoft AD, CyberArk, SailPoint, Ping Identity).
• Strong stakeholder management and communication skills, able to present technical concepts to executive audiences and translate business needs into technical requirements.
• Experience leading vendors, technical teams, and cross-functional workstreams to successful outcomes.
• Advanced degree (MS) or certifications (e.g., CISSP, CISM, SABSA, TOGAF, vendor-specific IAM certs).
• Experience with zero-trust identity models, identity governance, privileged access management, and modern authentication modalities (passwordless, biometrics, adaptive MFA).
• Prior experience building IAM programs or working in high-regulation industries (finance, healthcare, government).
• Balance strategic thinking with the ability to roll up sleeves and deliver technically where needed.
• Identity Providers / Directories: Entra ID/Azure AD, Microsoft AD
• Identity Governance and PAM: SailPoint, CyberArk
• Authentication & Federation: Ping Identity, OAuth2/OIDC, SAML, SCIM
• Cloud & DevOps integration: AWS/Azure/GCP identity services, CI/CD tooling

Limited immigration sponsorship may be available in some locations.