Identity \u0026amp; Access Management Senior Architect

Job Description

We have an exciting new opportunity for an Identity & Access Management Senior Architect to join the A&O Shearman London office.

About the team

The firm's ability to keep our clients' data secure is a bedrock for our reputation as a trustworthy professional services partner to many of the world's large and prestigious organisations. Information security is not an afterthought; it is core to all that we do, to protect not only our data but that of our clients, and has the unwavering support of the Board.

Led by our new CISO, the in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman's strategy to lead where global complexity creates opportunity.

In addition, you will have the opportunity to share and gain intel from the firm's cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients' cyber risk management and incident response programmes.

What you will do

The Identity and Access Senior Architect will be part of the Digital Trust team, and will be responsible for maintaining the identity and access management (IAM) security of the firm's assets. This role is critical in translating the organisation's IAM vision into a workable, mature and optimized function and service. This role requires extensive experience across all IAM core disciples including identity management, identity governance and administration, privileged access, and conditional access. This role will support the transformation of IAM into a modern, automated, predictable and customer-oriented function. The ideal candidate will excel at Microsoft Entra ID technologies, CyberArk, machine identity management, and translation of identified requirements into practical identity architecture and design.

This will include:

IAM Strategy and Architecture

• Design, implement and continuously improve the organisational IAM architecture for a modern security perimeter, leveraging extensive knowledge and experience across all IAM disciplines.
• Review functional and non-functional requirements, apply architectural acceptance criteria, and produce artefacts describing the logical and physical design of IT and security (IAM) solutions scaled for the enterprise needs, and assist in solution architecture.
• Influence and evaluate decisions on IAM components: directory, identity, privileged access, entitlements management.
• Configure and maintain technologies that support the IAM function such as Active Directory, Entra ID Privileged Identity, Privileged Access, and Governance; Conditional Access Policies; CyberArk.
• Design and transition IAM service components into operation - operational manuals, support patterns, standard changes, request management.

IAM Risk and Change Management

• Work alongside Solution Architects to ensure solutions are designed securely from an access management perspective. Ensure adherence to the change management process when implementing IAM relevant changes to architecture.
• Perform detailed analysis of application architectures to provide IAM assurance.
• Understand threat modelling and participate in major incidents responses with IAM components.
• Review and approve the IAM components of solution designs.
• Collaborate with cloud infrastructure teams to implement IAM design patterns.
• Ensure IAM security controls are appropriately implemented in our environment and align with NIST and CIS benchmarks.
• Validate effectiveness of implemented IAM security controls through technical analysis.
• Perform residual IAM risk assessments and document acceptance/rejection rationale.
• Scope and manage IAM security testing including penetration tests and Red Teaming as well as remediation activities.
• Work closely with wider Information Security team to ensure compliance, assurance, risk management, monitoring, and other operational requirements related to IAM are met. Ensure the IAM service follows and complies with IT and Information Security policies and regulatory standards.
• Help configure and keep current the integration of IAM technologies with SIEM, SOAR, Service Desk and other tools.
• Work closely with relevant vendors to ensure optimised use of the supplied technologies and professional services.
• Serve as an escalation point for issues of non-compliance related to PAM, IAM and IGA policies and processes.

Leadership & Team Development

• Provide leadership and structured mentorship to a team of identity and access management staff, supporting their technical development, training & certifications, and career progression.
• Oversee the design and management of the on-call support structure, ensuring appropriate coverage, escalation paths, and minimal disruption to business operations.

What you will have

• Extensive experience in working with Microsoft identity products, namely Active Directory and Entra ID.
• Extensive experience working in architecture or information security, with a significant focus on identity and access management.
• Current Azure certifications (e.g., Azure Security Engineer Associate).
• Strong knowledge of security and compliance standards and frameworks, such as ISO27001, MS CAF, and WAF.
• Excellent communication, leadership, and interpersonal skills, with the ability to collaborate across teams and with external parties such as MSSP.
• Ability to work effectively in a fast-paced, dynamic environment.

You will stand out if you bring

• Bachelor's degree in Information Security, Computer Science, or a related field.
• Additional relevant security certifications e.g. CISSP, SABSA, TOGAF.
• Legal or professional services experience is highly desirable.
• Knowledge of additional cloud platforms e.g. AWS, GCP.
• Experience with zero trust architecture implementation and least privilege principles.
• Background in application security and secure SDLC practices

Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.

We are an equal opportunities recruiter and do not discriminate on the basis of race, colour, sex, religion, sexual orientation, national origin, disability, or any other protected characteristic.

We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing an onsite gym, wellbeing centre and GP service, emergency back-up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, season ticket loans and online discounts and lifestyle management services.

Our approach to hybrid working seeks to combine and maximise the benefits of effective remote working with the benefits of being in the office. Our current hybrid working arrangements require office based working for a minimum of 60% of your time (i.e. three days per week for a full time role) in accordance with our hybrid working policy.