Architect: Infrastructure & Access Management

The Opportunity

Our client is a leading international law firm, recognised for representing the world's major corporations, funds, and financial institutions in their most complex transactions and disputes. We are looking for a talented and experienced Architect: Infrastructure & Access Management to join the firms IT department in London.

This is a high-impact role at the heart of our global security and identity strategy, offering the chance to shape architecture at enterprise scale while collaborating with top-tier colleagues across regions.

What You'll Do

You will lead the design and evolution of our Identity and Access Management (IAM) architecture across a complex, global environment. Key responsibilities include:

• Developing and maintaining IAM architecture covering identity lifecycle, access governance, and privileged access controls
• Designing secure authentication and authorisation patterns (OpenID Connect, SAML, OAuth, Kerberos, LDAP) and Conditional Access policies aligned with Microsoft best practices
• Embedding zero trust and least privilege principles across all privileged roles and enterprise applications
• Owning global firewall design and architecture
• Architecting and enhancing Privileged Access Management (PAM) capabilities, including approval workflows and continuous monitoring
• Championing Identity Threat Detection and Response (ITDR) solutions to proactively mitigate identity-based attacks
• Guiding the hardening of multi-site Active Directory domains/forests and cloud identity components (Entra/Azure AD)
• Collaborating with Security to design Azure Policies and guardrails supporting audit readiness (ISO 27001, ISO 22301)
• Integrating IAM with HR, IT, and engineering systems throughout the user lifecycle
• Staying ahead of emerging technologies including passwordless authentication, decentralised identity frameworks, and adaptive access controls

What We're Looking For

Qualifications & Experience

• Proven background in IAM/identity engineering or architecture within large enterprise environments
• Prior global or large-scale enterprise experience preferred
• Microsoft Certified: Identity and Access Administrator Associate
• CISSP or equivalent
• Azure Cybersecurity Expert or Certified Identity and Access Manager (CIAM)

Technical Skills

• Deep expertise in Microsoft identity and security across SaaS/PaaS, IAM, and Privileged Access domains
• Advanced knowledge of Entra ID/Azure AD and on-premises Active Directory
• Strong command of SSO and authentication protocols: OpenID Connect, SAML, OAuth, Kerberos, LDAP
• Hands-on experience with RBAC design, entitlement management, and automated provisioning pipelines
• Proficiency with PowerShell and RESTful integrations for identity automation
• Familiarity with NDR, Micro-Segmentation, and network topology as they relate to IAM
• Experience with Azure Policy, landing zone guardrails, and Conditional Access at scale