Workforce Identity Architect, VP

Workforce Identity Architect

Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary

The Workforce Identity Architect is a senior architecture role responsible for defining and governing workforce (human) identity architecture at global scale. This role designs and standardizes how employee and partner identities are created, governed, authenticated, authorized, reviewed, and retired across hybrid and cloud environments.

The Workforce Identity Architect operationalizes global IAM standards for human identity, ensuring secure, scalable, and auditable access while supporting regions transitioning through different identity maturity stages. This role focuses on architecture, standards, and enablement, not day-to-day operations or tool administration.

Key Responsibilities:

• Define and maintain global workforce identity architecture using Microsoft Entra ID in hybrid and cloud-mastered environments.
• Establish standard patterns for authentication, federation, Conditional Access, and MFA.
• Design tenant-level identity integration patterns that scale across applications and regions.
• Architect and standardize Joiner / Mover / Leaver (JML) identity lifecycle patterns driven by authoritative HR sources.
• Ensure consistent provisioning, modification, and deprovisioning of workforce identities.
• Reduce orphaned, dormant, and over-provisioned access through strong lifecycle design.
• Define workforce identity governance standards, including access requests, access reviews, and separation of duties (SoD).
• Architect privileged access models for workforce identities, including PIM and Just-in-Time access.
• Ensure access models are auditable and aligned to regulatory and risk expectations.
• Leverage analytics and AI-assisted capabilities to improve role and entitlement design.
• Reduce access certification noise by improving role quality, review scoping, and access rationalization.
• Translate analytic insights into architectural improvements rather than one-off reporting.
• Define B2B and partner identity patterns using Entra ID that enable collaboration while maintaining centralized governance.
• Ensure third-party access aligns with global standards and workforce identity controls.
• Partner with IAM Governance teams to define and consume workforce identity metrics, including access quality, review effectiveness, and lifecycle hygiene.
• Use metrics to continuously improve identity architecture and reduce access risk.

What This Role Is — and Is Not

This role is:

• A senior architecture and standards role
• Focused on workforce identity at enterprise and global scale
• A bridge between architecture, security, risk, and delivery team

This role is not:

• An IAM operation or helpdesk role
• A single-tool administrator position
• A regional-only identity role

What Success Looks Like

• Consistent, scalable workforce identity standards adopted across regions
• Reduced access risk and certification fatigue
• Clear lifecycle ownership and audit-ready access governance
• Smooth regional progression toward cloud-mastered identity

Why This Role Matters

Workforce identity is foundational to security, compliance, and user experience. This role ensures workforce identity evolves intentionally, consistently, and defensibly, enabling global scale while reducing access risk and operational friction.

Required Qualifications

• 8–10+ years of experience in identity, access management, or security architecture roles.
• Deep expertise in Microsoft Entra ID architecture in hybrid environments.
• Strong experience designing JML lifecycle, identity governance, and privileged access controls.
• Ability to design auditable, regulator-defensible access models.
• Proven ability to influence across technical and non-technical stakeholders.

Preferred Qualifications

• Experience using analytics or AI-assisted tools for access optimization and certification improvement.
• Experience supporting global or federated IAM models with regional variation.
• Familiarity with regulated industries (e.g., financial services).
• Relevant identity or security certifications.

Required Skills (Must Have)

These skills are essential to successfully perform the role and should be treated as non-negotiable.

• Identity Architecture & Lifecycle
• Enterprise-level experience designing workforce identity architecture at scale.
• Deep understanding of Joiner / Mover / Leaver (JML) lifecycle patterns and HR-driven identity provisioning.
• Strong grounding in least privilege, access lifecycle management, and identity hygiene.
• Microsoft Entra ID (Azure AD)
• Hands-on architectural experience with Microsoft Entra ID in hybrid environments.
• Design and governance of:
• Authentication and federation
• Conditional Access and MFA
• Tenant-level architecture and integration patterns
• Identity Governance & Access Controls
• Proven experience designing identity governance solutions, including:
• Access reviews / certifications
• Separation of Duties (SoD)
• Access request and approval workflows
• Ability to design auditable, regulator-defensible access models.
• Privileged Access
• Experience with privileged access for workforce identities, including:
• Privileged Identity Management (PIM)
• Just-in-Time (JIT) access concepts
• Stakeholder & Architecture Skills
• Strong ability to collaborate across architecture, engineering, security, risk, and audit teams.
• Comfortable influencing outcomes without direct authority.
• Ability to translate complex identity concepts into clear architectural standards.

• Suggested Skills (Strongly Preferred)
  • AI-Assisted Identity Analytics
  • Experience using analytics or AI-assisted tools to improve:
  • Role and entitlement rationalization
  • Role / bundle design
  • Reduction of access certification noise and over-reviewing
  • Ability to translate analytic insights into architectural improvements, not just reports.
  • B2B & External Identity
  • Experience designing B2B / partner identity patterns using Entra ID.
  • Understanding of secure external collaboration models that preserve centralized governance.
  • Hybrid & Global Environments
  • Experience operating in global or federated IAM models, supporting regions at varying maturity levels.
  • Familiarity with phased migrations from on-prem AD-centric to cloud-mastered identity.
  • Metrics & Continuous Improvement
  • Experience defining or consuming IAM metrics, such as:
  • Access review effectiveness
  • Orphaned or dormant access
  • Role reuse vs. sprawl
  • Ability to use metrics to drive continuous improvement in identity design.

Optional Skills (Nice to Have)

• Advanced Identity Concepts