IAM Specitist - R01551805

About Brillio:
Brillio is one of the fastest growing digital technology service providers and a partner of choice for many Fortune 1000 companies seeking to turn disruption into a competitive advantage through innovative digital adoption. Brillio, renowned for its world-class professionals, referred to as "Brillians", distinguishes itself through their capacity to seamlessly integrate cutting-edge digital and design thinking skills with an unwavering dedication to client satisfaction. Brillio takes pride in its status as an employer of choice, consistently attracting the most exceptional and talented individuals due to its unwavering emphasis on contemporary, groundbreaking technologies, and exclusive digital projects. Brillio's relentless commitment to providing an exceptional experience to its Brillians and nurturing their full potential consistently garners them the Great Place to Work® certification year after year.
IAM Specitist

Role Summary

• We are seeking a seasoned Senior IAM Consultant to lead a comprehensive assessment of the identity landscape for a global financial services firm operating in the capital markets domain. The ideal candidate will bring extensive, hands-on expertise across the IAM, IGA, and PIM/PAM stack, with a strong understanding of regulatory mandates, entitlement risk, and control enforcement in trading environments. This role will work closely with security leadership, risk teams, and technical stakeholders across front, middle, and back-office operations.


• You will assess and help strengthen the client’s Identity & Access Management program, ensuring alignment with zero-trust principles, least privilege enforcement, and capital markets regulatory obligations. Your insights will directly influence strategic initiatives around identity governance, privileged access management, and authentication frameworks in a high-risk, high-compliance environment.

Key Responsibilities:
• Work with a team to conduct a full-spectrum IAM assessment covering governance, operations, architecture, tools, and compliance alignment.
• Analyze identity lifecycle processes (JML – joiner, mover, leaver) across both human and non-human identities; identify automation and control gaps.
• Evaluate enterprise-level IGA platforms (e.g., SailPoint, Saviynt, ForgeRock Identity Governance, Oracle Identity Manager) for policy alignment, role engineering, certification campaign efficacy, and SoD enforcement.
• Assess privileged access workflows across PAM solutions such as CyberArk, BeyondTrust, Delinea (formerly Thycotic), One Identity Safeguard, and AWS/Azure-native PIM capabilities.
• Conduct deep dives into Active Directory and Azure AD/AAD B2B/B2C architectures and synchronization flows (e.g., Azure AD Connect, SCIM).
• Validate authentication mechanisms—including SSO, MFA, biometric factors, and adaptive access policies—across federated and hybrid environments using protocols such as SAML 2.0, OIDC, OAuth2.0, and LDAP.
• Map regulatory requirements from SOX, SEC, FINRA, NYDFS 500, GLBA, and GDPR to IAM-specific controls and gaps.
• Identify identity-related risks in trade support systems, front-office platforms, OMS/EMS, and financial data pipelines.
• Produce maturity heatmaps, capability gap analyses, and a phased roadmap for IAM transformation aligned to security objectives and business risk.
• Guide improvements in policy management, access recertification, entitlement management, and RBAC/ABAC strategy.

Required Skills & Experience
• 7+ years of hands-on experience in IAM, security architecture, identity governance, or cloud access control implementation.
• In-depth experience with IGA platforms like SailPoint IdentityNow/IIQ, Saviynt, or ForgeRock Identity Cloud in enterprise implementations.
• Demonstrated deployment or engineering experience with PAM/PIM solutions, such as any one or more of:
o CyberArk PAS/EPM/CPM o BeyondTrust Password Safe o Azure Privileged Identity Management & similar solutions
• Deep technical proficiency with:
o Active Directory/Azure AD o SSO/MFA/conditional access frameworks (Okta, Ping Identity, Microsoft Entra) o Federation, provisioning connectors (SCIM, REST/SOAP APIs), and custom workflow orchestration
• Experience conducting IAM audits, regulatory control mapping, and identity risk assessments in capital markets or investment banking. Preferred Certifications
• Identity Governance & Administration
o SailPoint Certified IdentityNow/IIQ Engineer or Architect o Saviynt Certified Implementation Specialist o ForgeRock Identity Cloud Architect
• Privileged Access Management
o CyberArk Defender / Sentry / Guardian o BeyondTrust Certified Administrator o Microsoft SC-300 or AZ-500 (with PAM focus)
• Security Architecture
o CISSP (Certified Information Systems Security Professional) o CISM (Certified Information Security Manager)
• Cloud & Compliance
o AWS Security Specialty
Know more about DI: https://www.brillio.com/services-digital-infrastructure/ Know what it’s like to work and grow at Brillio: https://www.brillio.com/join-us/ Equal Employment Opportunity DeclarationBrillio is an equal opportunity employer to all, regardless of age, ancestry, color, disability (mental and physical), exercising the right to family care and medical leave, gender, gender expression, gender identity, genetic information, marital status, medical condition, military or veteran status, national origin, political affiliation, race, religious creed, sex (includes pregnancy, childbirth, breastfeeding, and related medical conditions), and sexual orientation.
#LI-AY1

 Know what it’s like to work and grow at Brillio: Click here