IAM Architect; Entra​/Azure​/SSO

IAM Architect (Entra /Azure/SSO)

Hybrid working: 3 days per week required in the office in London.

The role will focus on designing, implementing, and evolving identity, access, and infrastructure security capabilities across hybrid environments.

• Monitor and evaluate emerging IAM trends (eg, passwordless authentication, decentralised identity, adaptive access controls).
• Lead automation and governance initiatives, including machine-learning-based anomaly detection.
• Integrate and optimise multi-factor authentication, biometrics, and mobile identity capabilities.
• Drive adoption of identity threat detection and response (ITDR) solutions.
• Develop and maintain IAM architecture covering identity life cycle, governance, and privileged access.
• Design secure authentication and authorisation patterns (OpenID Connect, SAML, OAuth, Kerberos, LDAP).
• Embed Zero Trust and least-privilege principles across systems and applications.
• Own global Firewall architecture and contribute to micro-segmentation and network security strategy.
• Enhance privileged access management (PAM), including workflow and monitoring capabilities.
• Ensure audit readiness and contribute to compliance frameworks (eg, ISO standards).
• Integrate IAM with HR, IT, and engineering systems for life cycle automation.
• Oversee Conditional Access, risk-based authentication, and device-state policies.
• Support the secure operation of multi-site Active Directory domains and cloud identity platforms.
• Collaborate with cross-regional IT and business leaders; manage vendor relationships and roadmaps.
• Assess IAM vulnerabilities and define mitigation strategies.

• Degree in Computer Science, IT, or equivalent experience.
• Strong background in IAM engineering/architecture within enterprise environments, including leadership of complex design initiatives.
• Experience in global or large-scale organisations preferred.

• CISSP
• Identity & Access Administrator (required)
• Azure Cybersecurity Expert (preferred)
• CIAM or similar (highly desirable)

• Deep expertise in IAM across hybrid Microsoft ecosystems, including Azure AD/Entra  on-premises Active Directory.
• Strong understanding of authentication/SSO standards (OIDC, SAML, OAuth, Kerberos, LDAP).
• Experience with RBAC, entitlement management, and automated provisioning/deprovisioning.
• Skilled in Power Shell, REST APIs, and identity automation.
• Familiar with micro-segmentation, NDR, and network-IAM interplay.
• Experience with infrastructure hardening and monitoring across hybrid environments.
• Knowledge of Azure Policy, landing zones, and Conditional Access at scale.

In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position.

DGH Recruitment Limited acts as both an Employment Agency and Employment Business.