Principal IAM Architect (Remote)
About Us
National Digital Trust Company (In Organization) has received conditional approval from the Office of the Comptroller of the Currency to open as a federally chartered trust bank to provide a broad range of digital asset services.
We are building a specialized financial institution addressing the growing demand for digital asset services. Our primary business will focus on digital asset custody, providing secure, efficient custodial and fiduciary services for a variety of digital assets.
You will work with foundational systems and processes to help shape our operating model and influence how a new category of financial infrastructure comes to market.
We are looking for builders who handle complexity with confidence and tackle ambitious opportunities while keeping pace with this rapidly evolving industry. Let’s build this together!
Our Principles
Greatness is a mindset, not an accomplishment. Mediocrity is unacceptable. Excellence is contagious. We hire people because we believe in their greatness. Now is the time to prove us right.
Responsibility comes with the territory. Everyone is an owner, which means we share a common vision and mutual accountability. We act in line with our strategic objectives and the trust our customers place in us. We believe there is no such thing as "not my problem." Taking this level of ownership not only drives our collective success but also offers the potential for significant reward.
Innovation and adaptation are in our DNA. We are in a period of the most dramatic and rapid period of technological change in the history of humankind. Those that stay ahead will thrive, those that don't, won't. We innovate intelligently and thrive on overcoming challenges, to get (at least) a little better every day and ensure our continued growth and success.
Team first. We are reliable teammates working together toward extraordinary success through honesty and accountability. We believe collaboration knows no hierarchy, and we focus on what matters. We work toward consensus, but when necessary, we disagree and commit. We know that winners win.
Job Overview
We are seeking a Principal Identity and Access Management (IAM) Architect to lead the strategy, design, and governance of our enterprise identity ecosystem. This is a senior technical leadership role responsible for defining the long-term IAM roadmap, architecting solutions across hybrid and multi-cloud environments, and ensuring identity is treated as a security perimeter across the organization. The ideal candidate combines deep hands-on technical expertise with the ability to influence architecture decisions at the executive level.
Objectives
- Design and own the enterprise IAM architecture, including identity governance, authentication, authorization, privileged access management (PAM), and lifecycle management strategies
- Lead architecture for hybrid identity environments (on-prem AD, Entra ID/Azure AD, multi-tenant and cross-tenant federation scenarios)
- Define standards and reference architectures for SSO, MFA, conditional access, and Zero Trust access models
- Architect and oversee Identity Governance and Administration (IGA) programs, including access certifications, entitlement management, and joiner/mover/leaver processes
- Partner with security, compliance, and legal teams to ensure IAM architecture supports regulatory requirements (SOX, HIPAA, GDPR, etc.) and eDiscovery/audit needs
- Evaluate, select, and integrate IAM tooling into a cohesive architecture
- Provide technical leadership and mentorship to IAM engineers and administrators; review designs and code (PowerShell, Graph API, Terraform) for IAM automation
- Lead cross-tenant and M&A identity integration efforts, including federation, directory synchronization, and access harmonization across business units
- Develop and maintain IAM architecture documentation, standards, and governance frameworks
- Act as a subject matter expert in IAM-related incident response and access-related risk assessments
- Stay current on identity threat landscape (credential-based attacks, token theft, privilege escalation) and adjust architecture accordingly
What you bring to our company
Required Qualifications
- 10+ years in IT/security roles, with 5+ years focused specifically on IAM architecture
- Deep expertise with Microsoft identity platforms: Entra ID (Azure AD), Entra ID Governance, Conditional Access, and Cross-Tenant Synchronization
- Strong background in directory services, federation protocols (SAML, OAuth 2.0, OIDC, SCIM), and PKI
- Hands-on scripting/automation experience (PowerShell, Microsoft Graph API, or equivalent)
- Experience architecting solutions across multiple tenants/domains, including complex B2B and cross-tenant access scenarios
- Familiarity with privileged access management tools and least-privilege design principles
- Experience with compliance-driven identity controls (audit logging, access reviews, eDiscovery support via tools like Microsoft Purview)
- Excellent communication skills, with experience presenting architecture decisions to executive stakeholders
Preferred Qualifications
- Experience with cloud IAM; AWS IAM alongside Microsoft-centric environments
- Experience with Teams and SharePoint identity/admin tooling in cross-platform environments
- Relevant certifications: SC-300, CISSP, CISM, or equivalent
- Experience with IGA platforms such as SailPoint, Saviynt, or One Identity
- Background supporting complex organizational structures (multiple business domains/tenants under one enterprise)
We promote diversity of thought, culture, background, and experience. We are an equal opportunity employer, and employment at our company is based solely on one's merit and qualifications directly related to professional competence. We do not discriminate based on race, creed, color, ancestry, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, military or veteran status, or any other characteristics protected by law.
Featured benefits
Employer-provided: Medical, Dental, and Vision insurance, 401(k), life and disability insurance.