WHAT YOU'LL DO
The IT IAM Architect provides consulting expertise and thought leadership for the internal BCG Identity and Access Management program. The IAM architect provides technical consulting for identity and access management architecture, design, and strategy; and is responsible for leading technical architecture and product integration for solutions across hybrid on-premises, multi-cloud and SaaS ecosystems, and influencing engineering decisions and outcomes that drive business success. The IAM Architect ensures the digital applications, tools, and services protect our data, our clients’ data, and our intellectual property; are resilient to cyber-attack; meet BCG policy and standards, regulatory requirements, and industry best practices, while using a risk-based approach to meeting BCG business needs and objectives.
The IT IAM Architect works with teams inside BCG to secure enterprise information by determining identity, access, and security requirements; planning, implementing and testing secure systems; participating in IT projects as the IAM Subject Matter Expert; preparing IAM standards, policies and procedures; and mentoring team members.
YOU'RE GOOD AT
- Determining Identity and Access Management requirements by evaluating business strategies and requirements, implementing IAM and information security standards, conducting system and vulnerability analyses and risk assessments, recommending secure architecture aligned to business architecture, and identifying/driving remediation of integration issues in IAM.
- Creating, maintaining and driving identity and access management technology strategy and roadmap.
- Researching and analyzing emerging technologies, designing and advocating new technologies, architectures, and IAM products in collaboration with system and service owners.
- Providing expert knowledge of solution/application architecture for IAM capabilities as well as methodologies in the software development life cycle.
- Managing end to end delivery of projects with hands on involvement in the development and configuration of products around IAM.
- Maintaining security and IAM principles by ensuring compliance to standards, policies, regulatory requirements, and good industry practices.
- Self-managing progress and status of tasks and deliverables on projects and escalating issues and risks timely.
- Interacting with stakeholders and possessing the ability to influence direction, articulate risks and sell secure IAM solutions and roadmaps.
- Completing market assessments on vendor products, packages and services; guiding tests and implementation of products solving enterprise IAM and information security requirements.
- Suggesting and implementing alternative mitigations/compensating controls to allow for business to continue while protecting BCG's assets.
- Guiding the configuration, implementation, monitoring, and support for software and systems with identity and access management solutions that will help ensure compliance with regulatory, industry, and corporate policies and procedures.
- Partnering with cross functional teams to ensure compliance to industry and company standards including ISO 27001, SOC2, NIST, GDPR, and Cobit standards.
- Subject Matter Expert and security domain participant for overall enterprise architecture and other technologists.
- Updating job knowledge by tracking and understanding emerging IAM and security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Training more junior members of the IAM team with new and emerging technologies
- Vendor escalations and Major Incident Management support for critical services
- Able to provide operational support within all Identity solutions including CyberArk, Azure AD, AD, Okta, PKI/CA
YOU BRING (EXPERIENCE & QUALIFICATIONS)
- Bachelor’s degree (or equivalent experience );
- Minimum of 8 years of experience in architecture, design and deployment of industry leading identity and access management and governance solutions
- Experience with implementations in hybrid cloud, multi-cloud and SaaS environments
- SME in IAM practices that include the administration of control systems, vulnerability identification and mitigation, best practices for securing/hardening, and risk analysis
- Experience with identity standards and protocols: LDAP, SAML, OAuth, SCIM & OpenID
- Experience with best-practice and frameworks for “zero trust”, SSO, MFA, adaptive and risk-based authentication, secrets management, role/attribute/policy-based access controls
- Extensive experience with enterprise scale implementations of Okta, Azure AD, and Active Directory
- Experience and architecture of B2B and federated IDP
- Experience with IGA solutions such Sailpoint or Saviynt
- Experience developing and maintaining account Lifecyle for various account types including external/guests, internal/AD/HR mastered
- Experience scripting and automation of functions using Powershell or similar
- Experience with Privileged Access Management best practices and tools such CyberArk
- Experience working in an Agile framework and helping lead a Center of Excellence
- Experience with certificate authority and PKI configuration, architecture, and management
- Experience with credential hardening, credential cracking, and passwordless strategies
- Incident response and change management through use of ServiceNow
YOU'LL WORK WITH
You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture. You will be a part of a team of professionals in support of internal IT, business professionals, and consultants delivering business and management strategy to our clients. You will work with enterprise architects, IT and business professionals, application developers, and analysts providing capabilities, tools, and support for our consultants. You will be an integral part of the BCG Identity & Access Management team in delivering Information Technology for all of BCG.