Vacancy expired!
Job Description:CST Architecture - Authentication & Identity TeamThe Cyber Security Technology (CST) function within Global Information Security (GIS) is responsible for technology research and innovation, architecture, engineering, solutions development and deployment, maintenance and support of information technology security controls, along with strategic plan development across the GIS organization. This position is for an Architect who specializes in Identity and Access Management (IAM) technologies, specifically in the Authentication and Identity space. Must be able to meet demands of working across multiple work streams, communicate effectively with senior technology leaders and business partners. Organized evidence of compliance and producing documentation will also be key to this role. Tight coordination with the infrastructure technology organization will also be required.Key Responsibilities:
- Define, document, and publicize strategic roadmap for various IAM technology stacks
- Influence stakeholders to ensure alignment & effective prioritization of product roadmaps in relation to IAM strategy
- Continuously follow and evaluate IAM technology landscape (market/best practice) for gap/opportunity development
- Bridge the gap between various development teams designing solutions and business partners to fully understand their requirements
- Define enterprise wide standards and policies in respect to emerging technologies and provide the control framework to ensure adherence
- Strong understanding of existing (LDAP, SAML, WS-, Kerberos) and emerging (OAuth, OpenID Connect, SCIM, FIDO) industry protocols which shape the authentication and identity landscape
- Experience with authentication concepts (Multi-Factor Authentication, Adaptive/Contextual Authentication, Risk-Based Authentication) and the supporting strong authentication technologies (FIDO U2F/UAF/FIDO2, Hard Tokens, Soft Tokens, Biometrics)
- Familiarity with IAM vendor landscape, experience doing product evaluations, and documenting requirements for adoption of emerging technologies.
- Experience with mapping stakeholder requirements to technology solutions, defining architectural direction, and providing supporting artifacts to technical teams for implementation.
- Experience with SSO / Federation technologies such as Ping Access, CA Siteminder, Ping Federate, or Okta.
- Experience with directory server technologies (Ping Directory, Unbound ID, CA Directory) and related concepts (replication topology, schema design, namespace design).
- Understanding of API design concepts (authentication protocols) and modern application interaction patterns (gateway technologies, micro services, SPAs).
- Knowledge across the technology stack such as web protocols, multiple operating systems, hypervisors and distributed systems architecture. Proficient in both Windows and Midrange platforms.
- Familiarity with deployments and integrations patterns in regards to IAM solutions within the cloud (Azure, AWS, Google Cloud Platform) and hybrid deployment models.
- Experience deploying solutions at enterprise scale while still accounting for best practices and regional segmentation.
- Familiarity with industry best practices and guidance publications (NIST 800-63, OAuth RFCs, OpenID Connect Core).
- 5+ years working in Information Technology
- 3+ years working in Identity & Access Management space
- 3+ years of experience with authentication and identity technologies
- Understanding of financial services regulatory and legal environment
- CISSP Certification desired
- Bachelor's degree in Information Technology or related field
- Define, document, and publicize strategic roadmap for various IAM technology stacks
- Influence stakeholders to ensure alignment & effective prioritization of product roadmaps in relation to IAM strategy
- Continuously follow and evaluate IAM technology landscape (market/best practice) for gap/opportunity development
- Bridge the gap between various development teams designing solutions and business partners to fully understand their requirements
- Define enterprise wide standards and policies in respect to emerging technologies and provide the control framework to ensure adherence
- Strong understanding of existing (LDAP, SAML, WS-, Kerberos) and emerging (OAuth, OpenID Connect, SCIM, FIDO) industry protocols which shape the authentication and identity landscape
- Experience with authentication concepts (Multi-Factor Authentication, Adaptive/Contextual Authentication, Risk-Based Authentication) and the supporting strong authentication technologies (FIDO U2F/UAF/FIDO2, Hard Tokens, Soft Tokens, Biometrics)
- Familiarity with IAM vendor landscape, experience doing product evaluations, and documenting requirements for adoption of emerging technologies.
- Experience with mapping stakeholder requirements to technology solutions, defining architectural direction, and providing supporting artifacts to technical teams for implementation.
- Experience with SSO / Federation technologies such as Ping Access, CA Siteminder, Ping Federate, or Okta.
- Experience with directory server technologies (Ping Directory, Unbound ID, CA Directory) and related concepts (replication topology, schema design, namespace design).
- Understanding of API design concepts (authentication protocols) and modern application interaction patterns (gateway technologies, micro services, SPAs).
- Knowledge across the technology stack such as web protocols, multiple operating systems, hypervisors and distributed systems architecture. Proficient in both Windows and Midrange platforms.
- Familiarity with deployments and integrations patterns in regards to IAM solutions within the cloud (Azure, AWS, Google Cloud Platform) and hybrid deployment models.
- Experience deploying solutions at enterprise scale while still accounting for best practices and regional segmentation.
- Familiarity with industry best practices and guidance publications (NIST 800-63, OAuth RFCs, OpenID Connect Core).
- 5+ years working in Information Technology
- 3+ years working in Identity & Access Management space
- 3+ years of experience with authentication and identity technologies
- Understanding of financial services regulatory and legal environment
- CISSP Certification desired
- Bachelor's degree in Information Technology or related field
- Define, document, and publicize strategic roadmap for various IAM technology stacks
- Influence stakeholders to ensure alignment & effective prioritization of product roadmaps in relation to IAM strategy
- Continuously follow and evaluate IAM technology landscape (market/best practice) for gap/opportunity development
- Bridge the gap between various development teams designing solutions and business partners to fully understand their requirements
- Define enterprise wide standards and policies in respect to emerging technologies and provide the control framework to ensure adherence
- Strong understanding of existing (LDAP, SAML, WS-, Kerberos) and emerging (OAuth, OpenID Connect, SCIM, FIDO) industry protocols which shape the authentication and identity landscape
- Experience with authentication concepts (Multi-Factor Authentication, Adaptive/Contextual Authentication, Risk-Based Authentication) and the supporting strong authentication technologies (FIDO U2F/UAF/FIDO2, Hard Tokens, Soft Tokens, Biometrics)
- Familiarity with IAM vendor landscape, experience doing product evaluations, and documenting requirements for adoption of emerging technologies.
- Experience with mapping stakeholder requirements to technology solutions, defining architectural direction, and providing supporting artifacts to technical teams for implementation.
- Experience with SSO / Federation technologies such as Ping Access, CA Siteminder, Ping Federate, or Okta.
- Experience with directory server technologies (Ping Directory, Unbound ID, CA Directory) and related concepts (replication topology, schema design, namespace design).
- Understanding of API design concepts (authentication protocols) and modern application interaction patterns (gateway technologies, micro services, SPAs).
- Knowledge across the technology stack such as web protocols, multiple operating systems, hypervisors and distributed systems architecture. Proficient in both Windows and Midrange platforms.
- Familiarity with deployments and integrations patterns in regards to IAM solutions within the cloud (Azure, AWS, Google Cloud Platform) and hybrid deployment models.
- Experience deploying solutions at enterprise scale while still accounting for best practices and regional segmentation.
- Familiarity with industry best practices and guidance publications (NIST 800-63, OAuth RFCs, OpenID Connect Core).
- 5+ years working in Information Technology
- 3+ years working in Identity & Access Management space
- 3+ years of experience with authentication and identity technologies
- Understanding of financial services regulatory and legal environment
- CISSP Certification desired
- Bachelor's degree in Information Technology or related field