Primary responsibilities include

• Develop and Design Secure platform architectures, ensuring that architecture is consistent with enterprise architecture standards, guidelines and principles.
• Review Architecture and Implementations for consistency to CFG security standards
• Develop standards, recommendations, requirements, and security guidance in support of business activities
• Evaluate, design, and test IAM technologies to ensure secure, scalable, and cost-effective solutions.
• Guide IAM integration for new tools and systems, including configuration, debugging and deployment.
• Perform security assessments on projects across multiple CFG business product lines
• Participate in code and design reviews with teams of software, network and cloud engineers to ensure that solutions meet enterprise IAM and security standards.
• Collaborate with application teams across CFG to guide the direction of designing secure products. 
• Collaborate with other functional teams' leadership and engineers to ensure solutions align with organizational goals and user needs.  
• Contribute to technology direction, develop architecture and influence implementation to gain measurable business improvements.
• Stay ahead of industry trends to advise CFG identity strategies and strengthen the company security posture.

Qualifications, Education, Certifications and/or Other Professional Credentials

• 8+ years of professional Security & Identity experience with 5+ years as a Principal Architect
• Experience designing security and identity solutions for 10K+ headcount organizations
• Extensive experience designing and implementing IAM solutions in enterprise environments with strong knowledge of identity lifecycle, access control, authentication and hybrid cloud security
• Demonstrable experience in leading IAM modernization initiatives, encompassing Active Directory, Entra ID, Single Sign On, MFA, Privileged Identity Management, and Zero Trust.
• Experience with IAM tools such as SailPoint, Okta, CyberArk, HashiCorp, Entra ID and Active Directory preferred
• Strong working knowledge of regulatory and compliance frameworks, including GDPR, NIST, and ISO 27001, and their application to enterprise identity preferred.
• Familiar with public cloud platforms (e.g. AWS, Entra, GCP) and Continuous Integration/Continuous Delivery (CI/CD) practices preferred.
• Deep understanding of Zero Trust, SD WAN and SASE approaches and platforms preferred
• Industry certifications like CISSP, CISM, CCSP, AWS, Azure or GCP highly valued