Principal Architect - Cybersecurity, IAM

Take your engineering expertise to new heights by joining a team of exceptionally talented professionals and solidify your place among top performers in the industry.
 

As a Principal Cybersecurity Architect at JPMorgan Chase within the CTC, you will lead the strategic design, implementation, and governance of enterprise-wide Identity and Access Management (IAM) solutions. The position demands extensive hands-on experience with leading IAM technologies, deep knowledge of security architecture, and a proven ability to drive cross-functional collaboration. This role is critical in ensuring the organization’s digital assets are protected through robust authentication, authorization, and risk management practices.

Job responsibilities

• Define and drive the IAM strategy, architecture, and roadmap to support business objectives and regulatory requirements.
• Architect, implement, and oversee large-scale IAM systems using tools such as Entra ID, ForgeRock, Ping, ADFS, SailPoint, Okta, Active Directory, and Veza.
• Lead the design and deployment of Public Key Infrastructure (PKI) solutions, including ACME protocol integration and certificate management.
• Conduct advanced threat modeling and risk assessments to identify vulnerabilities and recommend mitigation strategies.
• Develop and maintain comprehensive security architecture documentation, including IAM design patterns, technical standards, and best practices.
• Implement and manage IAM protocols and standards such as RBAC, OAuth2.0, SCIM, Authentication, WebAuthN, Authorization, OPA, and PBAC.
• Partner with engineering, application, infrastructure, and business teams to ensure IAM solutions are aligned with organizational goals and integrated seamlessly.
• Apply advanced security principles, including encryption, data security, and risk management, to all IAM solutions and processes.
• Stay abreast of emerging IAM technologies and security trends, recommending and implementing improvements to enhance security posture.
• Produce clear, detailed documentation and communicate complex technical concepts effectively to both technical and non-technical stakeholders.

Required qualifications, capabilities, and skills

• Formal training or certification on security concepts and 10+ years applied experience with a focus on IAM architecture and implementation.
• Demonstrated success in leading large-scale IAM projects in complex environments.
• Extensive hands-on experience with IAM tools: Entra ID, ForgeRock, Ping, ADFS, SailPoint, Okta, Active Directory, Veza.
• Strong background in PKI development and ACME protocol.
• Proficient in threat modeling and risk assessment methodologies.
• Deep understanding of encryption, data security, and risk management.
• Expertise in IAM principles: RBAC, OAuth2.0, SCIM, Authentication, WebAuthN, Authorization, OPA, PBAC.
• Proven ability to lead and influence cross-functional teams.
• Experience mentoring and guiding junior architects and engineers.
• Exceptional verbal and written communication skills.
• Strong documentation skills for technical and business audiences.

 Preferred Qualifications, Capabilities, and Skills:

• Relevant certifications (e.g., CISSP, CISM, or vendor-specific IAM certifications)
• Strategic thinker with a proactive approach to problem-solving.
• Strong organizational and project management skills.
• Commitment to continuous learning and professional development.

#CTC