Senior IAM Architect

ESA - Electronic Security Association

IAM Architect leading enterprise identity strategy and managing secure identity across environments at Resideo Technologies. Driving Zero Trust aligned identity management and facilitating user experience.

Posted 5/18/2026full-timeBrno • CzechiaSeniorWebsite

Tech Stack

Tools & technologies

AWSAzureCloudGoogle Cloud Platform

About the role

Key responsibilities & impact

Own the enterprise IAM architecture strategy, target state, and roadmap across cloud, on-premises, and hybrid environments, aligned to Zero Trust and security standards.
Serve as the IAM technical authority and provide hands-on architectural leadership across infrastructure, cloud, and platform security initiatives.
Design and document end-to-end IAM capabilities across IGA, access management, PAM, secrets, and non-human identities.
Define integration patterns and reference architectures; evaluate build vs. buy and emerging IAM capabilities (e.g., passwordless, AI/agentic identities, decentralised identity) to deliver scalable services across applications, infrastructure, and DevOps tooling.
Architect authentication and authorisation (SSO, MFA, RBAC/ABAC) and standardize protocols (OAuth2/OIDC, SAML, SCIM, LDAP).
Lead IAM platform design and integration across cloud/hybrid (e.g., Microsoft Entra ID, Active Directory, SailPoint, PingFederate/Ping Identity, AWS IAM, CyberArk or equivalent).
Define identity lifecycle controls (joiner/mover/leaver, provisioning, access certifications, and role/entitlement modeling).
Identify IAM risks and architecture gaps; define constraints and mitigations, and drive remediation through roadmap and delivery items.
Ensure IAM controls and integrations meet security and regulatory requirements (e.g., NIST SP 800-63, ISO 27001, SOC 2, GDPR) and support audit activities.
Partner with business stakeholders to align IAM outcomes to enterprise objectives and communicate decisions and tradeoffs to senior leadership.

Requirements

What you’ll need

Strong experience in the identity and access management, preferably at architecture level, however IAM Engineers seeking opportunities to advance to an architecture role will be considered
Strong experience across core IAM domains: IGA (lifecycle, certifications), access management (SSO/MFA), Conditional Access, PAM, and non-human identity (workload/service identities), with hands-on-experience with one or more enterprise IAM platforms (e.g., Microsoft Entra ID/Azure AD, Okta, Ping, SailPoint) and integration across cloud/hybrid environments.
Deep knowledge of authentication/authorisation patterns and protocols: OAuth 2.0/OIDC, SAML 2.0, SCIM, and LDAP/AD.
Solid understanding of cloud IAM (AWS, Azure, and/or GCP), including identity federation and least-privilege design.
Experience assessing IAM risks and security controls, defining mitigations, and supporting audits and compliance requirements (e.g., NIST/ISO).
Strong analytical, problem-solving, and communication skills, with the ability to engage both technical and non-technical stakeholders effectively
Collaborative team player who adapts quickly to changing priorities while maintaining attention to detail

Benefits

Comp & perks

Funding provided to support your self-development
5 weeks of paid vacation
Hybrid work model
Flexible working hours
On-site canteen & home office meal vouchers
Pension plan or DIP contributions
Discounted phone plans & company product discounts
Multisport Card & cafeteria program

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IAM architectureidentity governance and administration (IGA)access managementprivileged access management (PAM)authenticationauthorizationOAuth 2.0SAML 2.0SCIMLDAP

Soft Skills

analytical skillsproblem-solvingcommunication skillscollaborationadaptabilityattention to detail

Certifications

NIST SP 800-63ISO 27001SOC 2GDPR