Job description

Role Summary - We are seeking a seasoned Senior IAM Consultant to lead a comprehensive assessment of the identity landscape for a global financial services firm operating in the capital markets domain. The ideal candidate will bring extensive, hands-on expertise across the IAM, IGA, and PIM/PAM stack, with a strong understanding of regulatory mandates, entitlement risk, and control enforcement in trading environments. This role will work closely with security leadership, risk teams, and technical stakeholders across front, middle, and back-office operations. - You will assess and help strengthen the client’s Identity & Access Management program, ensuring alignment with zero-trust principles, least privilege enforcement, and capital markets regulatory obligations. Your insights will directly influence strategic initiatives around identity governance, privileged access management, and authentication frameworks in a high-risk, high-compliance environment. Key Responsibilities: - Work with a team to conduct a full-spectrum IAM assessment covering governance, operations, architecture, tools, and compliance alignment. - Analyze identity lifecycle processes (JML – joiner, mover, leaver) across both human and non-human identities; identify automation and control gaps. - Evaluate enterprise-level IGA platforms (e.g., SailPoint, Saviynt, ForgeRock Identity Governance, Oracle Identity Manager) for policy alignment, role engineering, certification campaign efficacy, and SoD enforcement. - Assess privileged access workflows across PAM solutions such as CyberArk, BeyondTrust, Delinea (formerly Thycotic), One Identity Safeguard, and AWS/Azure-native PIM capabilities. - Conduct deep dives into Active Directory and Azure AD/AAD B2B/B2C architectures and synchronization flows (e.g., Azure AD Connect, SCIM). - Validate authentication mechanisms—including SSO, MFA, biometric factors, and adaptive access policies—across federated and hybrid environments using protocols such as SAML 2.0, OIDC, OAuth2.0, and LDAP. - Map regulatory requirements from SOX, SEC, FINRA, NYDFS 500, GLBA, and GDPR to IAM-specific controls and gaps. - Identify identity-related risks in trade support systems, front-office platforms, OMS/EMS, and financial data pipelines. - Produce maturity heatmaps, capability gap analyses, and a phased roadmap for IAM transformation aligned to security objectives and business risk. - Guide improvements in policy management, access recertification, entitlement management, and RBAC/ABAC strategy. Required Skills & Experience - 7+ years of hands-on experience in IAM, security architecture, identity governance, or cloud access control implementation. - In-depth experience with IGA platforms like SailPoint IdentityNow/IIQ, Saviynt, or ForgeRock Identity Cloud in enterprise implementations. - Demonstrated deployment or engineering experience with PAM/PIM solutions, such as any one or more of: o CyberArk PAS/EPM/CPM o BeyondTrust Password Safe o Azure Privileged Identity Management & similar solutions - Deep technical proficiency with: o Active Directory/Azure AD o SSO/MFA/conditional access frameworks (Okta, Ping Identity, Microsoft Entra) o Federation, provisioning connectors (SCIM, REST/SOAP APIs), and custom workflow orchestration - Experience conducting IAM audits, regulatory control mapping, and identity risk assessments in capital markets or investment banking. Preferred Certifications - Identity Governance & Administration o SailPoint Certified IdentityNow/IIQ Engineer or Architect o Saviynt Certified Implementation Specialist o ForgeRock Identity Cloud Architect - Privileged Access Management o CyberArk Defender / Sentry / Guardian o BeyondTrust Certified Administrator o Microsoft SC-300 or AZ-500 (with PAM focus) - Security Architecture o CISSP (Certified Information Systems Security Professional) o CISM (Certified Information Security Manager) - Cloud & Compliance o AWS Security Specialty Know more about DI: https://www.brillio.com/services-digital-infrastructure/ Know what it’s like to work and grow at Brillio: https://www.brillio.com/join-us/ Equal Employment Opportunity DeclarationBrillio is an equal opportunity employer to all, regardless of age, ancestry, color, disability (mental and physical), exercising the right to family care and medical leave, gender, gender expression, gender identity, genetic information, marital status, medical condition, military or veteran status, national origin, political affiliation, race, religious creed, sex (includes pregnancy, childbirth, breastfeeding, and related medical conditions), and sexual orientation.#LI-AY1

Requirements