Identity & Access Management Senior Architect

Job description

We have an exciting new opportunity for an Identity & Access Management Senior Architect to join the A&O Shearman London office.

About the team

The firm’s ability to keep our clients’ data secure is a cornerstone of our reputation as a trustworthy professional services partner to many of the world’s large and prestigious organisations. Information security is integral to all our activities, with unwavering support from the Board.

Led by our new CISO, the in-house Information Security team is a core part of our technology services, with mature or evolving capabilities across digital security and cyber defense. We align our efforts with the NIST framework and other certifications including ISO27001 and SOC2, striving to keep pace with the evolving threat landscape, supporting A&O Shearman’s strategy to lead where global complexity creates opportunity.

You will have the opportunity to share and gain insights from the firm’s cybersecurity lawyers, who advise clients on incidents and feedback practical lessons learned into cyber risk management and incident response programs.

What you will do

The Identity and Access Senior Architect will be part of the Digital Trust team, responsible for maintaining the IAM security of the firm’s assets. This role involves translating the organisation’s IAM vision into a mature, optimized service, requiring extensive experience across core IAM disciplines, including identity management, governance, privileged access, and conditional access. The role supports transforming IAM into a modern, automated, customer-oriented function, with expertise in Microsoft Entra ID, CyberArk, machine identity management, and translating requirements into practical architecture and design.

This will include:

• IAM Strategy and Architecture

• Designing, implementing, and improving the IAM architecture for a modern security perimeter, leveraging extensive knowledge across all IAM disciplines.

• Reviewing requirements, applying architectural criteria, and producing design artifacts for scalable enterprise solutions.

• Influencing decisions on IAM components such as directory services, privileged access, and entitlements management.

• Configuring and maintaining technologies like Active Directory, Entra ID Privileged Identity, CyberArk, and Conditional Access Policies.

• Designing and transitioning IAM services into operational support, including manuals and support patterns.

IAM Risk and Change Management

• Ensuring solutions are securely designed from an access management perspective and adhere to change management processes.

• Analyzing application architectures for IAM assurance and participating in incident responses involving IAM components.

• Reviewing and approving IAM components of solution designs.

• Collaborating with cloud infrastructure teams to implement IAM design patterns.

• Ensuring IAM security controls align with NIST and CIS benchmarks and are effectively tested and validated.

• Managing IAM security testing, including penetration tests and remediation activities.

• Working with the wider Security team to ensure compliance, risk management, and operational requirements are met.

• Configuring integrations of IAM technologies with SIEM, SOAR, and other tools.

• Engaging with vendors to optimize technology use and services.

• Serving as an escalation point for non-compliance issues related to PAM, IAM, and IGA policies.

Leadership & Team Development

• Providing leadership and mentorship to the IAM team, supporting their technical growth and career development.

• Overseeing the design and management of on-call support structures to ensure minimal business disruption.

What you will have

• Extensive experience with Microsoft identity products, especially Active Directory and Entra ID.

• Experience in architecture or information security, focused on IAM.

• Azure certifications such as Azure Security Engineer Associate.

• Knowledge of security standards like ISO27001, MS CAF, and WAF.

• Strong communication, leadership, and interpersonal skills, with ability to collaborate across teams and with external partners.

• Ability to thrive in a fast-paced environment.

You will stand out if you bring

• Bachelor’s degree in Information Security, Computer Science, or related fields.

• Additional security certifications e.g., CISSP, SABSA, TOGAF.

• Legal or professional services experience is highly desirable.

• Knowledge of additional cloud platforms like AWS or GCP.

• Experience with zero trust architecture and least privilege principles.

• Background in application security and secure SDLC practices.

We are committed to diversity and inclusion, and support candidates with disabilities or health conditions through our recruitment team. Our benefits include pension schemes, health resources, mental health support, flexible working, and more.

Our hybrid working model requires a minimum of 60% office presence (three days per week).

Additional information about A&O Shearman and our global presence, commitment to professional development, and inclusive culture.