IAM/Privileged Access Management Architect

Job Description

Company: InterSources Inc

Location: New York, US

Title: IAM /Privileged Access Management Architect

Location: NYC, New York 10004

Work Mode- Hybrid – 3 Days Onsite and 2 Days Remote

Duration: 12 month+ Contract

Client needs an IAM /PAM Architect
Responsibilities

• Access Administration Oversight: Manage identity provisioning/deprovisioning workflows, access requests, and escalations for employees, contractors, and vendors.

• Directory and Group Management: Support governance and lifecycle of AD / Azure / Entra ID security groups and distribution lists, including group ownership, naming conventions, and expiration policies.

• Joiner-Mover-Leaver (JML) Workflow Execution: Monitor and refine onboarding/offboarding processes via SailPoint or similar IAM platforms.

• Policy & Controls Alignment: Assist in implementing least-privilege access, SoD checks, and audit remediation efforts for regulated applications.

• Team Leadership & Guidance: Act as a lead or escalation point for junior team members. Help manage queue priorities, ensure SLA compliance, and drive operational consistency.

• IAM Documentation & SOPs: Maintain up-to-date documentation of access policies, procedures, and exception handling workflows.

• Application Access Support: Liaise with app owners and business units to define and implement role-based access models.

Qualifications

• Strong 7+ years of experience in IAM /PAM , preferably in enterprise or public sector environments

• Familiarity with tools like SailPoint IIQ, Azure Entra ID, Active Directory, ServiceNow, and MFA (Duo, Microsoft, etc.)

• Strong understanding of access lifecycle, group management, and least-privilege models

• Basic scripting or workflow logic knowledge (e.g., PowerShell or automation platforms) is a plus

• Hands-on experience with AD, Entra ID, Linux, and at least one major cloud platform (Azure, AWS, or GCP).

• Strong knowledge of vaulting technologies and endpoint privilege management practices (least privilege, privilege elevation, application control).

• Proficiency with authentication methods: MFA, SSO, passwordless, Kerberos, and certificate-based access.

• Familiarity with NIST 800-63B, Zero Trust frameworks, ITDR, and cloud security standards (CIS, CSA, etc.).

• Strong scripting/automation skills (PowerShell, Python, Bash, Terraform, etc.).

• Demonstrated reliability and ownership in operational support environments

• Experience with privileged access, RBAC design, or CIAM platforms

• Audit or compliance exposure (e.g., NIST, SOX, NYS Cyber Regs)

• Prior experience mentoring or managing small teams

Source: BeBee