Job Application

Job Title: IAM Architect (Active Directory and EntraID)

Department: Information Technology/Identity and Access Management (IAM)

Location: Remote

Job Type: Full Time

Overview:

We are seeking an experienced IAM Architect with expertise in Active Directory (AD) and EntraID/Azure AD B2B and B2C to lead the strategic redesign and automation of our identity and access management infrastructure. This role will focus on optimizing the AD and Azure AD environments to meet evolving business and security objectives, ensuring they are scalable, secure, and efficient. The ideal candidate will play a critical role in refining the AD architecture, addressing current and future needs, and implementing best practices to enhance operational resilience, security, and user experience .

Key Responsibilities:

Assessment and Gap Analysis:

Conduct a detailed assessment of the existing AD and EntraID/Azure AD environment, identifying gaps in scalability, security, data quality, and operational efficiency.

Review and address security exposures from Legacy configurations and weak protocols identified in recent penetration tests.

Complete the gap analysis and deliver a strategic plan to address IAM vulnerabilities, scalability issues, and inefficiencies.

Collaborate with internal stakeholders to understand business objectives, growth plans, and IAM-related pain points.

IAM Architecture Redesign:

Design a new, scalable architecture that integrates AD with Azure AD B2B and B2C capabilities, ensuring support for both internal and external identity management needs.

Ensure the new architecture enhances security, mitigates risks, and improves operational resilience.

Align the AD structure with business needs and regulatory requirements, ensuring compliance with industry standards and GxP.

Security and Risk Mitigation:

Strengthen security by eliminating weak protocols, improving access control, and implementing Multi-Factor Authentication (MFA) and Privileged Access Management (PAM).

Reduce the organization's exposure to ransomware and other cyber threats by implementing resilient disaster recovery solutions for AD and Azure AD environment.

Advanced knowledge in setting up disaster recovery solutions, including cross-site replication and failover, specifically for AD environments.

Automation and Operational Efficiency:

Implement automation solutions to streamline IAM processes across AD and Azure AD, including user provisioning, de-provisioning, and group management.

Introduce/deploy Real Time monitoring tools to track AD and EntraID system health, security, and performance, ensuring timely detection of issues.

Establish clear procedures and standards, such as naming conventions, organizational unit (OU) structure, and Group Policy Object (GPO) management.

Scalability and Future-Proofing:

Design the IAM environment to be future-proof, capable of supporting the organization's long-term growth and scalability.

Ensure the IAM structure and tools are adaptable to support emerging business requirements and new technology integrations.

Business Continuity and Compliance:

Ensure the redesigned AD environment is resilient and supports business continuity in case of incidents or disasters.

Achieve regulatory compliance (eg, GxP, GDPR) and improve audit readiness to protect the company from potential fines and reputational damage.

Design the IAM structure to be audit-friendly, providing clear traceability and control over user access and permissions.

Data Quality and Clean-up:

Collaborate closely with the IAM Engineer for Directory Services and the Microsoft Services Team to lead a thorough clean-up of Legacy data within the AD environment.

Drive initiatives to enhance AD data quality by implementing automation tools and standardizing processes.

Ensure the removal of outdated user accounts, groups, and security settings to improve overall AD hygiene and maintain a secure, efficient directory structure.

Qualifications:

8+ years of hands-on experience in designing and implementing Active Directory architecture for large-scale environments.

In-depth expertise in AD security, automation, and management tools (eg, AD Manager Plus).

Proven experience addressing Legacy IAM infrastructure challenges, particularly security vulnerabilities and scalability issues.

Strong knowledge of GxP compliance, audit readiness, and industry standards for AD environments.

Strong project leadership skills with experience overseeing end-to-end AD transformation projects.

Certifications in Microsoft AD or related technologies (eg, Microsoft Certified: Identity and Access Administrator) are preferred.

Preferred Skills:

Advanced knowledge in setting up disaster recovery solutions, including cross-site replication and failover, specifically for AD and Azure AD environments.

Strong analytical and problem-solving skills, with the ability to make informed decisions quickly.

Experience in a GxP-regulated environment is highly desirable

Familiarity with high-availability solutions and disaster recovery strategies for IAM environments.

Job Title: IAM Architect

Location: Zürich, Switzerland

Job Type: Contract

TEKsystems, an Allegis Group company. Allegis Group AG, Aeschengraben 20, CH-4051 Basel, Switzerland. Registration No. CHE-101.865.121. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands. If you apply, your personal data will be processed as described in the Allegis Group Online Privacy Notice available at our website.

To access our Online Privacy Notice, which explains what information we may collect, use, share, and store about you, and describes your rights and choices about this, please go our website.

We are part of a global network of companies and as a result, the personal data you provide will be shared within Allegis Group and transferred and processed outside the UK, Switzerland and European Economic Area subject to the protections described in the Allegis Group Online Privacy Notice. We store personal data in the UK, EEA, Switzerland and the USA. If you would like to exercise your privacy rights, please visit the "Contacting Us" section of our Online Privacy Notice on our website for details on how to contact us. To protect your privacy and security, we may take steps to verify your identity, such as a password and user ID if there is an account associated with your request, or identifying information such as your address or date of birth, before proceeding with your request. commitments under the UK Data Protection Act, EU-U.S. Privacy Shield or the Swiss-U.S. Privacy Shield.