Lead Solutions Architect (CIAM)

Lead Solutions Architect (CIAM) — 12-Month Contract

Location: Central (Singapore)
Type: 1-year contract, Full-time
Compensation: Up to SGD 12,000/month

About the Role
We’re hiring a Lead Customer Identity Solutions Architect (CIAM) to design, implement, and govern secure, scalable identity experiences for consumer-facing channels. You’ll translate business challenges into reference architectures and delivery plans, set best practices for CIAM user journeys and API security, and guide optional expansions into Workforce AM, IGA, and PAM.

• CIAM Architecture & Delivery (Required): Design and implement CIAM solutions on Ping Identity or ForgeRock (or Okta for CIAM), covering registration, authentication, MFA, recovery, progressive profiling, consent, and self-service.
• User Journeys & API Security (Required): Define and secure customer journeys and APIs using OIDC, OAuth 2.0, SAML, token design, scopes/claims, session and refresh strategies.
• Workforce Access (Optional): Architect SSO/MFA and session management with Entra ID or Okta.
• Identity Governance (Optional Preferred): Model joiner/mover/leaver, SoD, certifications, and access reviews with SailPoint or Saviynt.
• Privileged Access (Optional Preferred): Define privileged access controls, vaulting, and session management with CyberArk.
• Stakeholder Engagement: Run workshops, translate business challenges into technical requirements, produce solution options/estimates, and align security, product, and engineering.
• Standards & Compliance: Ensure alignment with security policies, data protection, and regulatory expectations; produce architecture decisions, patterns, and runbooks.
• Business Development Support: Provide domain expertise for proposals, demos, and client advisory.

• CIAM (Ping Identity / ForgeRock) — mandatory; Okta acceptable for CIAM.
• Design & Implementation of CIAM User Journeys — registration, MFA, recovery, consent, profile management.
• Application Access Security — API Security, OIDC, OAuth 2.0, SAML (token/claims, scopes, session & refresh).
• Preferred (Optional): IGA (SailPoint/Saviynt) and PAM (CyberArk).

• Bachelor’s/Master’s in Cyber Security, IT, Computer Science, or equivalent.
• Excellent communication and stakeholder management; able to convert business problems into secure, client‑centric architectures and roadmaps.
• Strength in producing clear designs, reference patterns, and implementation guidance.

• 8+ years in IAM architecture/engineering/consulting, with strong delivery across Customer and Workforce Access Management.
• Proven solution architecture experience in IAM (especially Access Management), plus program/project involvement from discovery to production.li>
• Hands‑on configuration/customization on at least one CIAM platform (Ping Identity / ForgeRock / Okta) and integration with mobile/web apps, gateways, and identity stores.
• Exposure to Entra ID/Okta (Workforce AM), SailPoint/Saviynt (IGA), CyberArk (PAM) is advantageous.

• Ping Identity, ForgeRock, or Okta (CIAM/Workforce).
• SailPoint or Saviynt (IGA).
• CyberArk (PAM).
• Azure/Entra ID.
• Nice to have: SABSA or TOGAF, CISSP.

How to Apply: Interested applicants, please click on the “Apply Now” to submit your updated resume.
Please note: Due to the anticipated high volume of applications, only shortlisted candidates will be contacted. All information provided will be treated with strict confidentiality and used solely for recruitment purposes.