Lead Identity Solutions Architect

McKesson   •  

Scottsdale, AZ

Industry: Healthcare


5 - 7 years

Posted 32 days ago

Position Description

As the Lead Identity Solution Architect, you will be part of a team that shapes the vision and strategy for Global Identity at McKesson. Successful candidates will have extensive experience in Customer or Enterprise Identity and Access Management and a proven ability to influence and drive change.

Responsibilities include:

  • Provides technical guidance to drive and shape the Global Identity Services architecture
  • Assists in the development of strategic roadmaps, technical blueprints, standards and reference architectures in support of the Global Identity Services program
  • Consults with business stakeholders and other architects to understand core business processes and business priorities and provides recommendations on IAM (Identity and Access Management) solutions
  • Assists with technical evaluations of IAM products including proof of concepts to determine business value of candidate solutions
  • Collaborates cross-functionally with other technology teams and Information Security and Risk Organization
  • Participates in Request for Proposal (RFP) and vendor selection process in the IAM space
  • Keeps abreast of industry trends and informs the team of evolving IAM standards and landscape
  • Mentors other members of the team on IAM best practices
  • Drives Request for Proposal (RFP) and vendor selection process in the IAM space


Minimum Requirements:

  • 6+ year experience in administering security controls in an organization
  • 4+ years' experience in developing technical architectures with minimum of 3 years focused on IAM architecture

Critical Skills

  • Strong understanding of the end-to-end Identity lifecycle management
  • Hands on experience with authentication and authorization protocols such as OIDC, SAML, OAuth2, FIDO, U2F, WebAuthn, SCIM, XACML, LDAP, RADIUS, Kerberos
  • Experience in architecting robust, scalable, and secure solutions that meet customer's IAM needs
  • Experience with Multi-factor authentication capabilities including token-based, biometrics, certificates, and adaptive authentication
  • Experience with IDaaS providers such as Okta, Azure AD, Ping Identity, or Google Cloud Identity

Additional Knowledge & Skills:

  • Experience with Privileged access management (PAM) architectures and capabilities (least privileged, session management, vaulting, and endpoint privileged management). Experience with CyberArk or Azure PIM a plus
  • Experience with cloud architectures particularly Azure and GCP native IAM controls
  • Experience with Identity Governance processes and solutions such as Sailpoint or Saviynt a plus
  • Experience with User Behavior Analytics
  • Experience with WorkDay, SAP, or SalesForce
  • Experience with O365, Active Directory and ADFS
  • Experience with MDM capabilities such as InTune, Jamf, or Airwatch
  • Experience with API Gateway and microservices architectures
  • Knowledge of Applied Cryptography and PKI
  • Experience with Python, PowerShell, Java, Java Script, JSON, REST, Scripting, HTML
  • Understanding of trends and regulations to ensure effectiveness and compliance with all regulations and frameworks (NIST, HIPPA-HITECH, HITRUST, PCI, GDPR)
  • Excellent written and verbal communication and organizational skills
  • Strong interpersonal and communications skills to build/ maintain ongoing business relationships


  • 4-year degree in computer science or related field or equivalent experience


  • CISSP or SANS GIAC a plus
  • OKTA – Professional or Consultant a plus