Principal Identity and Access Management Architect


About the role:

The role will be a part of an IT Services DevOps team serving the People Identity and Access Management (PIAM) Project driven by DPDHL’s Corporate Center Global HR representatives. After an initial implementation phase the PIAM project will turn into a global service, providing identity and access management processes and automations to all DPDHL divisions.

In this role, you will develop, maintain, assure and evolve the IAM architecture domain within the given HR and Active Directory architecture domains. You also will be responsible to create and maintain standard operation procedures to integrate the IAM solution with a huge number of business target applications.

Your work:

• Responsible for planning one architectural IAM domain
• Design and manage deployments of IAM tools from partners such as SailPoint, OneIdentity and Oracle
• Design and manage factory approach to efficiently onboard a high number of target applications while keeping business impacts as low as possible
• Work closely with Enterprise-, Active Directory- and HR Systems Architects as well as Infrastructure Architects and Subject Matter Experts to ensure adequate IAM systems, interfaces, procedures and processes are in place
• Address security and audit risks while meeting business objectives and regulatory requirements
• Provide high level technical leadership to project and operations teams, as needed, by acting as a consultant
• Responsible for ensuring solutions are aligned to the organization’s ability to build and maintain
• Responsible for communicating standards, modeling concepts and for educating project and operations teams on their scope and intent
• Ensure project teams comply with current standards, policies, industry regulations, and best practices.
• Oversees research into industry stands, architectural and structural options, features and functionality

You should have:

• Degree in computer science or related disciplines, alternatively 5-10 years architecture experience in the IAM field.
• Professional experience in identity and access management (concepts, methods, architecture, deployment models and platforms)
• Ability to understand HR and Business requirements and translate into technical processes
• Ideally experience in designing IAM solutions with at least two leading IAM solutions (Sailpoint, OneIdentity, Oracle)
• Understanding of:
- IAM related protocols such as OpenID Connect, UMA, SCIM, LDAP, OpenID and OAuth.
- Access Governance (e.g., Recertification and Attestation, SoD management, Auditing and Reporting)
- Authorization Management beyond RBAC (ABAC, Context and Risk-based authorization, Dynamic Authorization Management)
- provisioning and de-provisioning processes (accounts, roles, entitlements)
- IAM-related architectures like Cybersecurity (SIEM, SOAR, SOC, CDC), IT Service Management, PKI, Data Access Governance and physical access.
• Basic Understanding of API Management and API Security.
• Knowledge of scripting languages (e.g., Python, Perl, Ruby, PowerShell etc.).
• Up-to-date knowledge of the IAM/IGA market, current developments and future trends.
• Experience in integrating PAM into an overall Identity Architecture.
• Excellent experience with Microsoft AD and Azure AD.
• Ability to critical thinking and proven analytical skills.
• Ability to think “out of the box” is essential.
• Experience in architecture design with frameworks like TOGAF, Zachman or similar.
• English – fluent

What we offer:

• Great team of IT professionals and possibility of technical development
• Modern offices in Chodov
• Home office possibilities
• Permanent contract
• Company Car, Pension plan contribution, Long-term Sickness Insurance
• CAFETERIA employee benefit program with wide selection of benefits from Edenred
• Extra week of holiday (25 days/year), 6 Self-sickness days/year, Full salary compensation for up to 10 days absence due to illness per calendar year, Lunch vouchers fully covered by company
• Multisport card, mobile and laptop, fruit days, sport clubs for employees, Referral program……


Miroslav Flaška
Miroslav Flaška
DHL Information Services (Europe) s.r.o.

V DHL ITS jsem zodpovědný za kompletní nábor pro oddělení Solution Delivery,  které zastřešuje například software development, projektový management, technické konzultace nebo systémovou integraci a konfiguraci a za nábor pro oddělení Information Security. Především obsazuji pozice, Architect, Software Engineer, Test Engineer, Project Manager, Consultant a Information Security Engineer.

Víte o někom, kdo by měl o pozici zájem? Sdílejte!