Identity & Access Management Lead Architect

Visa Sponsored Job:

Relocation Assistance Eligible:

Job Location:

Position Type & Term:

Salary Range $117,279 to $150,000

*Final salary and rates are based on education, experience, skills relevant to the role.*

Application Deadline:

• This position will be posted until March 7.

Required application materials: (preferably in PDF Format)

• Resume

• Application Questionnaire (included in the application)

• Cover Letter - Please address how your skills and experience meet the needs of this position (for more information, please refer to the Key Responsibilities and Knowledge, Skills, and Abilities sections of this job posting).

Background Checks: Conducted for candidates selected for hire. Learn more.
Work Location: Regardless of flexible work arrangements, UCAR requires ALL positions to be performed within the U.S., excluding U.S. Territories.

Here is a brief summary of what one would expect to be generally responsible for in this role.

• Design, develop, and implement IAM strategies and solutions to secure critical systems, data, and assets across the organization.

• Lead and manage end-to-end IAM architecture projects with high assurance level, including integration of on-premise, commercial-off-the-shelf, and cloud-based applications.

• Supports Fischer Identity integrations with Active Directory, Entra ID, and on-prem access and authorization infrastructure.

• Leads design requirements workshops with stakeholders to determine needs-based solutions for system access and authentication to develop a technical roadmap for seamless integration of core enterprise IAM solutions.

• As a subject matter expert provides application teams with expertise in Single Sign-On (SSO), Multi-Factor Authentication (MFA), Federation, API security, and identity governance.

• Team lead for a group focused on implementation of Identity and Access Management (IAM) including providing project and task duration as well as status, milestone, and risk updates to stakeholders in business, IT, and security

• Accountable for the delivery and security of the IAM platform and related services.

• Develops process change control requirements.

• Assists in developing solutions to automate and orchestrate repeatable tasks for IAM using tools such as Ansible, APIs, or scripting.

• Participates in ongoing audits and assessments to identify vulnerabilities and ensure compliance with security standards and regulations.

Successful candidates will ensure their application materials speak to the following criteria:

Education and Experience (Required/Desired):

REQUIRED:

• Bachelor's Degree in computer related field and extensive and progressive

• experience with IAM technology architecture, design and development;
• experience with access management technologies, setup, configuration, and administration, which is typically gained by twelve or more years of experience; or equivalent combination of education and experience.

DESIRED, BUT NOT REQUIRED:

• Certified Identity and Access Manager (CIAM).
• Working in higher education information technology.
• Working knowledge and experience with SSO protocols such as OAuth2, SAML, OIDC, Kerberos,LDAP.
• Working knowledge and experience with multiple identity management/identity governance and administration solutions and platforms.
• Understanding of fundamental cloud computing concepts;
• Knowledge and experience with Information Assurance concepts and processes;
• Knowledge of and experience with security regulations, standards, and processes;
• Expertise in security architecture, vulnerability management program management, operational activities, and technical toolsets;
• Working knowledge of security governance, compliance frameworks, and technical hardening standards (e.g., PCI, HIPAA, CIS, NIST, etc.).

Knowledge, Skills, and Abilities

• Expert knowledge of IAM principles such as SSO, RBAC ABAC, PBAC , and Federation,
• Advanced knowledge and support for complex enterprise class services such as Federated identity configurations and authentication solutions.
• Advanced knowledge of Active Directory, Entra ID, and LDAP.
• Experience in successful implementation and support of IAM solutions.
• Experience with directory platforms and authentication services including MFA.
• Experience with team leadership and working with development teams.
• Knowledge and experience with information security best practices and frameworks.
• Strong ability to analyze, present and explain complex technical topics, problems, alternative solutions to others.
• Ability to develop IAM metrics and KPIs to track progress and measure success.
• Customer and results focused. A high degree of creativity and the ability to actively listen to LCPO needs in crafting technical solutions is expected.
• Willingness to serve on and may lead institution-wide committees and help determine policies.

UCAR affirms its commitment to employees through competitive benefits. In addition to medical, dental, vision, retirement, and life insurance, UCAR offers a variety of programs focused on work-life balance and professional, and personal development. These include:

• Tuition Assistance, time off allowance to attend classes, and other professional development opportunities

• UCAR contributes 10% of your eligible pay into your retirement account; 100% fully vested on day one

• Starting minimum accrual of 20 days of personal time off each year (prorated for less than full-time positions)

• 10 paid holidays

• 10 days of sick leave each year

• 12 weeks of paid parental leave

• Short-term medical leave paid at 100% of your regular salary

• EcoPass for local Colorado residents to use the Denver and Boulder-area transit system at no cost

Applicants are not required to provide age or age-related information and may redact information related to age, date of birth, or dates of attendance at or graduation from an educational institution from any submissions during the initial application process.

At UCAR|NCAR|UCP, you will work alongside a dedicated team of professionals conducting critical research and community outreach to solve complex Earth system science problems including climate change, air pollution, extreme weather, floods, drought, wildfires, and space weather, all with the goal of improving human life and reducing economic loss. Each of us, from scientists to the professionals who support their work, serves the public and a collaborative community of scientists in our mission to understand the complex processes that make up the Earth system, from the ocean floor to the Sun's core.

Flexible Work

At UCAR, we are committed to supporting our mission by giving staff the flexibility to find the schedule and location that works best to maintain their own work-life circumstances and reach their full potential as professionals. Many positions within our organization are eligible for fully on-site, hybrid (three days per week) and/or flexible work hours.

Equal Opportunity Employer

UCAR is committed to providing equal opportunity for all employees and applicants for employment and does not discriminate on the basis of race, age, creed, color, religion, national origin or ancestry, sex, gender, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or pregnancy.Whatever your intersection of identities, you are welcome at UCAR.

Export Control

All positions are required to comply with U.S. export compliance regulations work location requirements regarding access to facilities and research systems.

Visa Wait Times

Please consider the length of visa procurement when applying for this posting, understanding that you will not be able to begin employment until you are able to get a visa and enter the U.S.

Work Location

UCAR requires ALL positions to be performed within the U.S., excluding U.S. Territories.