Security Architect - IAM

The Security Architect will define and drive the organization's Identity & Access Management (IAM) strategy, architecture, and roadmap across hybrid cloud environments, embedding Zero Trust principles into all aspects of enterprise security design. This is an integral, hands-on role providing critical decision support and guidance to project teams.

Responsibilities:

• Develop and own the IAM strategy, architecture, and multi-year roadmap for the organization.
• Lead the design and implementation of scalable, secure IAM solutions for both on-premises and multi-cloud environments.
• Work as an integral part of project teams to secure conceptual, logical, and physical architectures, providing critical decision support and technical recommendations.
• Help define IAM policies, standards, and best practices (e.g. Identity Governance Administration (IGA), Privileged Access Management (PAM), Role-Based Access Control (RBAC), etc.) to ensure all project architectures comply with internal standards and external regulations (e.g., NIST, ISO27001, SOX).
• Guide the IAM team in optimizing processes, conducting risk assessments, and ensuring successful implementation of target-state architectures.

Qualifications:

• This position is not eligible for immigration sponsorship
• A bachelor's degree in a technical field (or equivalent) and/or a minimum of 7 years of experience in an equivalent Security Architect or Senior IAM role.
• Proven experience operating in complex IT environments with modern PaaS/SaaS architectures and successfully leading large-scale projects.
• Strong understanding of regulations and standards such as NIST, ISO27001, SOX, and GDPR.
• One or more certifications for Okta is required.
• One or more information security related certifications from ISC2, ISACA, SANS, Azure, Google, EC-Council, etc. is desired.
• Advanced or expert level identity lifecycle automation experience.
• Demonstrable expertise in modern authentication and authorization standards, including OAuth 2.0, OIDC, and SAML 2.0.
• Expertise in SCIM for automated user lifecycle management.
• In-depth knowledge of LDAP and Microsoft Active Directory (AD forest/domain design, GPOs, and security best practices).
• Privileged Access Management (PAM): Hands-on experience architecting and managing enterprise-scale PAM platforms (Delinea, CyberArk, or equivalent)
• Candidates must demonstrate Extensive Experience in the following areas:
• Identity Platforms & Cloud
• Utilizing Okta Workforce Identity and Okta Customer Identity (Universal Directory, SSO, MFA, Lifecycle Management, and API Products).
• Expert-level experience with Azure AD (Entra ID) Hybrid environments, including AAD Connect, Conditional Access, Identity Governance, and PIM (Privileged Identity Management).
• Google Cloud Directory Sync, Context Aware Access, Just-In-Time (JIT) Access and Cloud Identity Governance.
• Expertise in Cloud Identity Security functions and principles for Azure and GCP, covering roles, resource-level access control, and organization policies. Experience integrating IAM with containerized workloads.

We know benefits are critical and we are committed to offering comprehensive and affordable options for you and your loved ones. This position is eligible for benefits, which include medical, dental and vision plans. We also offer a 401(k) plan, stock purchase plan, paid time off, life insurance, disability plans and other optional supplemental coverage.

Werner Enterprises provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, genetic information or veteran status or other status protected by law. We encourage applicants of all ages as we do not discriminate on the basis of an applicant's age.

By clicking "Submit" you are expressly consenting to our Privacy Policy (available at https://www.werner.com/privacy-policy/) and to Werner Enterprises, Inc., its representatives, and affiliates ("Werner") contacting you about your inquiry, and that Werner may collect sensitive information about you to consider your employment as explained further in our Privacy Policy. All information collected will be handled and retained as explained in the Privacy Policy.