What are the responsibilities and job description for the Workforce Identity Architect, VP position at MUFG?
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.
Job Summary
The Workforce Identity Architect is a senior architecture role responsible for defining and governing workforce (human) identity architecture at global scale. This role designs and standardizes how employee and partner identities are created, governed, authenticated, authorized, reviewed, and retired across hybrid and cloud environments.
The Workforce Identity Architect operationalizes global IAM standards for human identity, ensuring secure, scalable, and auditable access while supporting regions transitioning through different identity maturity stages. This role focuses on architecture, standards, and enablement, not day‑to‑day operations or tool administration.
Key Responsibilities:
Workforce Identity Architecture
This role is:
Workforce identity is foundational to security, compliance, and user experience. This role ensures workforce identity evolves intentionally, consistently, and defensibly, enabling global scale while reducing access risk and operational friction.
Required Qualifications
These skills are essential to successfully perform the role and should be treated as non‑negotiable.
These are not required but add additional value and future‑proofing.
The typical base pay range for this role is between $166k - $192k depending on job-related knowledge, skills, experience, and location. This role may also be eligible for certain discretionary performance-based bonuses and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, paid vacation, sick days, and holidays.
Our hybrid work schedule is four days on-site and work remotely one day per week.
For more information on our Total Rewards package, please click the link below.
MUFG Benefits Summary
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.
Job Summary
The Workforce Identity Architect is a senior architecture role responsible for defining and governing workforce (human) identity architecture at global scale. This role designs and standardizes how employee and partner identities are created, governed, authenticated, authorized, reviewed, and retired across hybrid and cloud environments.
The Workforce Identity Architect operationalizes global IAM standards for human identity, ensuring secure, scalable, and auditable access while supporting regions transitioning through different identity maturity stages. This role focuses on architecture, standards, and enablement, not day‑to‑day operations or tool administration.
Key Responsibilities:
Workforce Identity Architecture
- Define and maintain global workforce identity architecture using Microsoft Entra ID in hybrid and cloud‑mastered environments.
- Establish standard patterns for authentication, federation, Conditional Access, and MFA.
- Design tenant‑level identity integration patterns that scale across applications and regions.
- Architect and standardize Joiner / Mover / Leaver (JML) identity lifecycle patterns driven by authoritative HR sources.
- Ensure consistent provisioning, modification, and deprovisioning of workforce identities.
- Reduce orphaned, dormant, and over‑provisioned access through strong lifecycle design.
- Define workforce identity governance standards, including access requests, access reviews, and separation of duties (SoD).
- Architect privileged access models for workforce identities, including PIM and Just‑in‑Time access.
- Ensure access models are auditable and aligned to regulatory and risk expectations.
- Leverage analytics and AI‑assisted capabilities to improve role and entitlement design.
- Reduce access certification noise by improving role quality, review scoping, and access rationalization.
- Translate analytic insights into architectural improvements rather than one‑off reporting.
- Define B2B and partner identity patterns using Entra ID that enable collaboration while maintaining centralized governance.
- Ensure third‑party access aligns with global standards and workforce identity controls.
- Partner with IAM Governance teams to define and consume workforce identity metrics, including access quality, review effectiveness, and lifecycle hygiene.
- Use metrics to continuously improve identity architecture and reduce access risk.
This role is:
- A senior architecture and standards role
- Focused on workforce identity at enterprise and global scale
- A bridge between architecture, security, risk, and delivery team
- An IAM operation or helpdesk role
- A single‑tool administrator position
- A regional‑only identity role
- Consistent, scalable workforce identity standards adopted across regions
- Reduced access risk and certification fatigue
- Clear lifecycle ownership and audit‑ready access governance
- Smooth regional progression toward cloud‑mastered identity
Workforce identity is foundational to security, compliance, and user experience. This role ensures workforce identity evolves intentionally, consistently, and defensibly, enabling global scale while reducing access risk and operational friction.
Required Qualifications
- 8–10 years of experience in identity, access management, or security architecture roles.
- Deep expertise in Microsoft Entra ID architecture in hybrid environments.
- Strong experience designing JML lifecycle, identity governance, and privileged access controls.
- Ability to design auditable, regulator‑defensible access models.
- Proven ability to influence across technical and non‑technical stakeholders.
- Experience using analytics or AI‑assisted tools for access optimization and certification improvement.
- Experience supporting global or federated IAM models with regional variation.
- Familiarity with regulated industries (e.g., financial services).
- Relevant identity or security certifications.
These skills are essential to successfully perform the role and should be treated as non‑negotiable.
- Identity Architecture & Lifecycle
- Enterprise‑level experience designing workforce identity architecture at scale.
- Deep understanding of Joiner / Mover / Leaver (JML) lifecycle patterns and HR‑driven identity provisioning.
- Strong grounding in least privilege, access lifecycle management, and identity hygiene.
- Microsoft Entra ID (Azure AD)
- Hands‑on architectural experience with Microsoft Entra ID in hybrid environments.
- Design and governance of:
- Authentication and federation
- Conditional Access and MFA
- Tenant‑level architecture and integration patterns
- Identity Governance & Access Controls
- Proven experience designing identity governance solutions, including:
- Access reviews / certifications
- Separation of Duties (SoD)
- Access request and approval workflows
- Ability to design auditable, regulator‑defensible access models.
- Privileged Access
- Experience with privileged access for workforce identities, including:
- Privileged Identity Management (PIM)
- Just‑in‑Time (JIT) access concepts
- Stakeholder & Architecture Skills
- Strong ability to collaborate across architecture, engineering, security, risk, and audit teams.
- Comfortable influencing outcomes without direct authority.
- Ability to translate complex identity concepts into clear architectural standards.
- Suggested Skills (Strongly Preferred)
- AI‑Assisted Identity Analytics
- Experience using analytics or AI‑assisted tools to improve:
- Role and entitlement rationalization
- Role / bundle design
- Reduction of access certification noise and over‑reviewing
- Ability to translate analytic insights into architectural improvements, not just reports.
- B2B & External Identity
- Experience designing B2B / partner identity patterns using Entra ID.
- Understanding of secure external collaboration models that preserve centralized governance.
- Hybrid & Global Environments
- Experience operating in global or federated IAM models, supporting regions at varying maturity levels.
- Familiarity with phased migrations from on‑prem AD‑centric to cloud‑mastered identity.
- Metrics & Continuous Improvement
- Experience defining or consuming IAM metrics, such as:
- Access review effectiveness
- Orphaned or dormant access
- Role reuse vs. sprawl
- Ability to use metrics to drive continuous improvement in identity design.
These are not required but add additional value and future‑proofing.
- Advanced Identity Concepts
- Familiarity with continuous access evaluation and signal‑driven identity models.
- Exposure to workforce identity data platforms or identity fabric concepts.
- Cloud & Platform Awareness
- Understanding of how workforce identity integrates with cloud platforms (e.g., AWS IAM Identity Center) without owning cloud IAM design.
- Relevant certifications (e.g., Microsoft Identity, CISSP, CCSP, IAM‑focused certifications).
- Experience in financial services or other highly regulated industries.
- Bachelor's degree in Computer Science or a closely-related discipline, or an equivalent combination of formal education and experience
The typical base pay range for this role is between $166k - $192k depending on job-related knowledge, skills, experience, and location. This role may also be eligible for certain discretionary performance-based bonuses and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, paid vacation, sick days, and holidays.
Our hybrid work schedule is four days on-site and work remotely one day per week.
For more information on our Total Rewards package, please click the link below.
MUFG Benefits Summary
We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.
Salary : $166,000 - $192,000