CIAM Solution Architect

Job Title: CIAM Solution Architect

Location: Onsite - Raleigh, NC or Phoenix, AZ | Remote (US)
Experience Required: 8+ Years (3+ Years in CIAM Architecture)
Employment Type: Contract

Role Overview

We are seeking an experienced CIAM Solution Architect to define, design, and deliver a secure, scalable Customer Identity and Access Management (CIAM) platform for large-scale, customer-facing applications. This role will drive CIAM strategy and roadmap execution, ensuring frictionless customer experiences while meeting stringent security, privacy, and regulatory requirements.

The ideal candidate brings strong hands-on architecture experience with modern CIAM platforms—especially Okta —and deep expertise in identity protocols, Zero Trust security, and cloud-native architectures.

Key Responsibilities

CIAM Strategy & Architecture

• Define and drive the enterprise CIAM roadmap in collaboration with engineering, security, and business stakeholders.

• Design and document end-to-end CIAM solution architectures for customer-facing applications, ensuring scalability, security, and compliance.

• Develop omnichannel CIAM patterns across Mobile, Web, and Customer Care platforms.

Platform Integration & Delivery

• Lead integration of Okta as the CIAM platform across cloud and hybrid environments.

• Architect CIAM solutions for registration, login, account management , and customer identity lifecycle management.

• Design frictionless user journeys incorporating MFA, adaptive authentication, consent management, and federation.

Security, Compliance & Governance

• Implement Zero Trust principles and enforce authentication and authorization standards.

• Ensure compliance with regulatory and security frameworks including GDPR, CCPA, PCI-DSS, HIPAA, SOC2, and ISO 27001 .

• Align IAM architectures with NIST, OWASP, MITRE , and encryption standards.

• Conduct CIAM-related risk assessments and implement mitigation strategies.

Identity & Access Patterns

• Provide architectural guidance on SSO, federation, delegated administration, privileged access , and API security.

• Design identity solutions using industry standards and protocols such as SAML, SPML, XACML, SCIM, OpenID Connect, and OAuth 2.0 .

• Support API-driven and microservices-based architectures with secure identity patterns.

Documentation & Leadership

• Maintain architecture diagrams, technical standards, reference architectures, and operational playbooks .

• Act as a trusted advisor, providing CIAM best practices and technical leadership across teams.

Required Skills & Qualifications

• 8+ years of experience in Identity & Access Management (IAM) , with at least 3+ years focused on CIAM architecture .

• Proven experience designing and deploying CIAM solutions for large-scale, customer-facing platforms .

• Strong expertise in IAM protocols: SAML, SPML, XACML, SCIM, OpenID Connect, OAuth .

• Hands-on experience with CIAM platforms such as Okta , Onespan, and Twilio.

• Strong knowledge of Directories, SSO, Federation, Delegated Administration, API Gateways, and SOA services .

• Solid understanding of MFA, PAM, and Risk-Based Authentication .

• Experience integrating CIAM with enterprise and third-party systems such as Salesforce and other SaaS platforms.

• Working knowledge of AWS, Azure, and GCP , including DevSecOps practices.

• Excellent communication skills with the ability to collaborate across business and technical teams.

Preferred Qualifications

• Professional certifications such as CISSP, CCSP, AWS/Azure Security , or equivalent.

• Experience working in financial services or highly regulated industries .

Key Competencies

• Strong architectural and strategic thinking

• Ability to influence without authority

• Security-first mindset with customer experience focus

• Ownership and accountability for enterprise CIAM outcomes

• Ability to operate in complex, cross-functional environments

Technical Skills

CIAM Architecture | Okta | OAuth2 | OpenID Connect | SAML | SCIM | MFA | Zero Trust | API Security | Cloud IAM | GDPR | PCI-DSS | NIST | OWASP