IAM Architect - Remote Contract

Company Overview:
Arctiq is a global, intelligence-driven technology services company delivering professional and managed services across Hybrid Cloud Infrastructure, Networking & Connected Experiences, Cybersecurity, Data & AI, Autonomous Operations & Intelligence, and Enterprise Service Management. We help organizations operate, secure, and modernize complex environments by unifying infrastructure, networking, data, security, automation, and observability under a single, integrated operating model. Our work focuses on helping customers reduce operational friction, improve resilience, and make better, faster decisions as their environments evolve. Arctiq builds on decades of industry expertise and a customer-centric ethos to deliver exceptional value to clients across diverse industries.

This is a remote, contract opportunity for one of Arctiq's clients.

We are seeking a highly experienced Lead IAM Specialist to architect, lead, and operationalize our client's enterprise identity and access management program across a multi-cloud environment (AWS, Azure, and GCP). This senior role combines deep technical expertise in cloud-native IAM, zero trust security architecture, and policy-as-code with the strategic leadership needed to define team structure, drive secure-by-default platform engineering, and embed identity governance into every layer of our cloud operations and CI/CD pipelines.

The ideal candidate brings hands-on mastery of AWS multi-account governance, zero trust frameworks, CIEM, secure microservices development, and CSPM tooling (Wiz), and has a proven track record of leading large-scale IAM cloud programs from strategy through execution.

Key Responsibilities

Enterprise IAM Architecture & Multi-Cloud Governance

• Design and enforce IAM least-privilege models across AWS Organizations, Landing Zones, and Service Control Policies (SCPs), with parity controls extended to Azure and GCP.
• Lead zero trust initiatives end-to-end: verify-explicitly policies, Just-in-Time (JIT) / Just-Enough-Access (JEA) provisioning, CIEM integration, and identity platform governance.
• Define and maintain approved access patterns for services and users, aligned to predefined roles (Reader, Contributor, Administrator) and documented as policy-as-code.
• Implement and govern OAuth/OIDC flows, service mesh identity controls, and federated identity across cloud and on-prem environments.

Inventory & Cloud Security Posture Management

• Maintain a comprehensive inventory of all approved AWS and Azure services, cataloging IAM resources and differentiating between control plane (roles, policies) and data plane (user/key/role/policy/group) resources.
• Manage credentials for local data plane resources in vaults; ensure resource policies are applied consistently across services.
• Utilize Wiz (CSPM) for cloud asset inventory, compliance reporting, evidence collection, and correlation to AWS/Azure/GCP documentation.
• Identify and govern external dependencies including secrets, keys, and cross-account policies.

Metadata Strategy & Module Development

• Develop a comprehensive metadata tagging strategy mapped to application service lines (ASL), environments, and repository associations.
• Design and build reusable IAM modules for each service access pattern, published to the service registry with consistent enforcement of naming conventions, metadata, and parameters.
• Customize module policies to accommodate unique use cases while maintaining governance guardrails.
• Establish methods to correlate modules with service resource policies and user roles/policies.

Policy-as-Code & Secure IaC/CI-CD Integration

• Embed IAM guardrails and policy-as-code controls natively into IaC templates (Terraform, CloudFormation) and CI/CD pipelines for secure-by-default provisioning.
• Develop methodologies and criteria for pre-approved service registry modules deployable via pipelines vs. those requiring manual review.
• Define and enforce controls pertinent to IAM and cloud security standards across all services; implement a shift-left strategy to proactively address IAM cloud operations.

Secure Microservices & Application Security

• Guide and contribute to secure microservices development in Python and Go on AWS, Azure, and GCP, including async and event-driven architectures.
• Establish secure coding standards and review processes for service identity, inter-service authentication, and least-privilege service accounts.
• Oversee network and data security controls: segmentation, KMS/encryption strategies, and cloud-native logging and detection pipelines.

Documentation, Procedures & SDLC

• Document IAM configurations for pipelines, repositories, and all cloud services; develop and maintain IAM SDLC documentation.
• Formulate request and approval processes for new IAM modules, including pre-approval pipeline design and approval authority definition.
• Document manual review procedures and escalation paths for non-standard access patterns.

Strategy, Leadership & Team Development

• Develop a comprehensive IAM Cloud program strategy, defining its functions, roadmap, and maturity model.
• Provide recommendations on team structure, roles, skillsets, and resourcing needs across Service Desk, Global Command Center, Cloud Operations, and Cloud Engineering.
• Mentor and guide junior IAM engineers; act as the subject matter expert and escalation point for complex identity and access challenges.

Required Qualifications

• 10+ years of experience in IAM, cloud security, or identity engineering roles with demonstrated progression.
• Proficiency with CSPM tooling, specifically Wiz, for inventory, reporting, and compliance evidence collection.
• Deep expertise in AWS multi-account governance: Organizations, Landing Zones, SCPs, and IAM least-privilege design patterns.
• Proven experience leading zero trust initiatives including JIT/JEA provisioning, CIEM platforms, OAuth/OIDC, and service mesh identity.
• Hands-on experience with policy-as-code tooling and embedding IAM guardrails into IaC (Terraform / CloudFormation) and CI/CD pipelines.
• Experience securing microservices architectures (Python, Go) in async and event-driven environments across AWS, Azure, and GCP.
• Strong command of network and data security controls: segmentation, KMS/encryption, cloud-native logging, and detection.
• Proficiency in metadata tagging strategies, service access pattern development, and credential vault management.
• Strong documentation, process development, and communication skills with the ability to influence cross-functional teams.

Preferred Qualifications

• Relevant cloud security certifications: AWS Security Specialty, CCSP, CISSP, or equivalent Azure/GCP security certifications.
• Experience implementing and managing enterprise-scale cloud infrastructure security programs.
• Familiarity with identity governance and administration (IGA) platforms and PAM solutions.
• Experience with service mesh technologies (Istio, Envoy) for service-to-service authentication.
• Strong project management skills with experience leading cross-functional security initiatives.

Why Join Us

This is a high-impact, senior individual contributor and leadership role at the intersection of cloud security architecture, identity engineering, and platform governance. You will have the opportunity to shape our enterprise IAM strategy from the ground up, influence how identity is embedded into every cloud workload, and build a best-in-class program that scales with our growth.

Arctiq is an equal opportunity employer. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know. We celebrate our inclusive work environment and welcome members of all backgrounds and perspectives to apply.

We thank you for your interest in joining the Arctiq team! While we welcome all applicants, only those who are selected for an interview will be contacted.