SECURITY ARCHITECT L1(CONTRACT)
Wipro Limited
- Coventry, England, United Kingdom
- Coventry, England, United Kingdom
Über
City: Coventry
State/Province: West Midlands
Posting Start Date: 2/2/26
Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients' most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at www.wipro.com.
Job Description Senior IDAM Architect - Identity Pillar (Lot 1)
Location: Coventry - Hybrid
Role Purpose The Senior IDAM Architect is the
end to end technical authority for all Identity Pillar scope under Lot 1 , accountable for Initiate, Discovery, Design, and Implementation across Identity Governance & Administration (IGA), Active Directory/Entra ID, RBAC/ABAC, PKI, Conditional Access, Identity Lifecycle, CIEM, and identity threat protection capabilities.
This role acts as the single technical point of contact for all identity related decisions, integrations, designs, and technical escalations, ensuring adherence to Zero Trust principles, Client Delivery & Cyber frameworks, and the architectural governance process.
Key Responsibilities
Programme-Level Identity Architecture Leadership
Serve as the lead architect for all identity capabilities: IGA, directories (AD/OT AD/Entra ID), RBAC/ABAC, Conditional Access, PKI, CIEM, machine identity, identity lifecycle automation.
Own the architectural strategy and roadmap for the Identity Pillar across Year 1 (I&D) and influence Year 2 planning.
Act as the single technical authority across all identity workstreams, ensuring coherence, interoperability, and alignment with Zero Trust Identity outcomes.
Lead technical governance engagement: Information Security TAG, PESA approvals, Design Authority reviews, and cross pillar integration sessions.
Initiate & Discovery Responsibilities (Identity Specific)
Lead comprehensive DAAS discovery for identity components: identity stores and directories; AD forests/domains and OT AD footprint; application identity models; entitlements, access patterns, privileged roles; IGA process and connector readiness; non human / service identities.
Conduct identity specific discovery across: JML processes, access request flows, attestation cycles; directory security posture (CIS benchmarks, Microsoft best practices); account discovery (human, service, machine) across IT, OT, cloud, SaaS, air gapped systems.
Evaluate and document: identity risks; excessive privileges; identity lifecycle issues; unmanaged accounts; access policy gaps.
Produce: discovery logs; dependency registers; technical constraints; discovery outputs traceable to future designs.
Identity Architecture Design Responsibilities
IGA Architecture: Produce HL/ML/LLD for the IGA platform (SailPoint/Saviynt/etc.).
Define architecture for lifecycle automation (Joiner/Mover/Leaver); access request & approval workflows; entitlements management; attestation & certification; role mining & identity analytics.
Define integration patterns with HR (authoritative source); AD/OT AD/Entra ID; ServiceNow; SIEM for identity related detections; PAM/PIM for privileged identities.
Directory Services & Identity Core: Produce architecture for AD, Entra ID, and OT AD identity capabilities: secure configuration baselines; naming conventions, OU design, GPO strategy; trust boundaries, domain/forest design; identity lifecycle & sync patterns; directory-tiering strategy (Tier 0).
RBAC / ABAC: Define enterprise RBAC/ABAC models: business roles, application roles, segregation of duties, governance and lifecycle of roles; ensure alignment with HR data models and IGA role mining outputs.
Conditional Access & Authentication: Architect conditional access policies (CA rules, sign in risk, device trust, session controls); Define MFA strategy: Authenticator App, FIDO2, passwordless, biometrics; Define Zero Trust authentication patterns for privileged identities, third parties, mobile/remote users, OT identities where applicable.
PKI & Certificate Lifecycle: Produce architecture for PKI, certificate issuance, renewal, and lifecycle governance; Define trust anchors and certificate policies for user identities, device identities, service principals, OT and cloud workloads.
CIEM (Cloud Infrastructure Entitlement Management): Define cloud identity entitlement patterns (Azure/AWS); Establish least privilege, JIT/JEA patterns for cloud workloads.
Implementation Responsibilities (Identity-Focused)
Provide hands on architectural oversight to ensure implementations follow approved designs.
Oversee rollout and validation of: IGA connectors, workflows, lifecycle processes; AD/Entra ID configuration updates and hardening; Conditional access/MFA/policy rollout; RBAC role deployment and attestation setup; PKI enhancements, CA templates, certificate workflows; CIEM configuration and governance.
Guide identity engineers and application onboarding teams through technical sequencing, integration steps, and issue resolution.
Validate end to end identity flows (authentication, provisioning, deprovisioning, attestation).
Identity Governance, Compliance & Risk
Ensure all identity designs align with Zero Trust Identity requirements; CAF/eCAF outcomes; regulatory and compliance frameworks (GDPR, NIS R, PCI DSS).
Define governance processes for privileged identity control; identity data quality; access attestation; policy exceptions.
Support the audit and compliance teams with identity reporting, evidence, and control design.
Stakeholder & Technical Leadership
Act as the single point of contact for all identity related technical matters across the programme.
Lead communication with Cyber Architecture, HR, IT Ops, Security Operations, Application teams, OT Identity & OT Engineering teams.
Conduct design walkthroughs, knowledge handovers, and training sessions for BAU teams.
Resolve identity related escalations, engineering blockers, and architecture decision disputes.
Skills & Experience Requirements (Identity Scope) Technical Expertise
12+ years in Identity & Access Management architecture.
Deep expertise in: IGA (SailPoint/Saviynt), RBAC/ABAC; AD/Entra ID/OT AD; Authentication/Federation (SAML, OAuth2, OIDC); Conditional Access & MFA; PKI & Certificate Lifecycle; CIEM, cloud identity & Zero Trust identity patterns.
Extensive experience designing and integrating identity capabilities across hybrid (IT/OT) landscapes.
Delivery & Architecture
Proven experience delivering large-scale IAM transformations end to end.
Strong architectural documentation and governance skills.
Ability to lead multi vendor and multi platform identity delivery teams.
Behavioural
Executive-level communication and architectural leadership.
Operates confidently across strategic, detailed technical, and operational domains.
Structured, methodical, collaborative, and outcome driven.
Deliverables
Identity DAAS Discovery Reports
Requirements (Functional & Non Functional)
High/Mid/Low-Level Identity Designs
IGA Architecture, Connector Designs & Workflow Specifications
Directory Services Architecture Pack
RBAC/ABAC Role Taxonomy & Governance Framework
Conditional Access & MFA Design Pack
PKI Architecture & Lifecycle Model
Identity Implementation Playbooks
Governance, Controls & Attestation Designs
Technical submissions for TAG/PESA/Design Authority
Mandatory Skills: SailPoint Identity Now.
Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.