Job description

Kforce has a client that is seeking an Identity & Access Management Architect in Boston, MA. Summary: We are seeking a strategic and technically proficient Identity & Access Management (IAM) Architect to lead the implementation and optimization of internal and external identity provisioning systems. This role will serve as the primary internal stakeholder, partnering with a Managed Service Provider (MSP) to deliver a successful IAM transformation project and support ongoing operations. Key Responsibilities: • Act as the internal lead for IAM initiatives, collaborating closely with the selected MSP to ensure project success • Oversee the deployment and configuration of an external Identity Provider (IDP) tenant to support secure customer access to services • Improve internal identity workflows including Multi-Factor Authentication (MFA); Conditional Access Policies; Onboarding and Offboarding Automation; Role-based Access Control (RBAC); Single Sign-On (SSO) mechanisms • Ensure alignment with organizational security standards and compliance requirements • Guide the implementation of Microsoft 365 security and identity features, including Intune and Autopilot • Evaluate and potentially integrate emerging IAM tools such as Delinea for governance and password management • Maintain strong communication with leadership stakeholders including Infrastructure and Security teams • Provide architectural oversight and ensure MSP deliverables meet technical and business expectations • Proven experience in Identity & Access Management, including architecture and governance • Experience working with or managing MSPs in a technical delivery capacity • Hands-on familiarity with Microsoft 365 ecosystem, including Azure AD, Intune, Autopilot, and Defender • Strong understanding of IAM principles, MFA, conditional access, and SSO • Ability to lead cross-functional teams and communicate effectively with senior leadership • Familiarity with IAM tools such as Delinea or similar platforms is a plus Preferred Skills: • Experience with external IDP deployment and customer identity provisioning • Background in security architecture or infrastructure engineering • Ability to work autonomously and manage multiple priorities in a dynamic environment The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future. We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave. Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law. This job is not eligible for bonuses, incentives or commissions. Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.

Requirements