AVP IAM Solutions Architect

Job Title -AVP IAM Solutions Architect

Organizational Context

With over 200 brands sold in more than 180 countries, we're the world's leading premium drinks company. Every day, over 27,000 dedicated people come together at Diageo to create the magic behind our much-loved brands. From iconic names to innovative newcomers - the brands we're building are rooted in culture and local communities. Our ambition is to be one of the best performing, most trusted and most respected consumer products companies in the world. Diageo Digital & Technology (D&T) is a multi-functional global shared services function built to drive effectiveness and efficiency across our core operations and achieve our efficiency goals. We fuel growth for our markets through a focus on new capabilities, consistent, common, and available analytics, and data, and equipping our markets and functions through integrated solutions.

• Solution Design & Architecture:
• Collaborate with partners to understand business needs and ensure to Design and implement IAM solutions, ensuring alignment with business objectives, security policies, and regulatory requirements.
• Evaluate existing technologies and recommend appropriate IAM technologies (e.g., Saviynt, CyberArk, MS Entra) based on organizational needs and budget constraints.
• Develop comprehensive IAM strategies and standard methodologies for IAM platforms (Saviynt, MS Entra, CyberArk) for user authentication, role-based access control (RBAC), privileged access management (PAM), and customer identity management (CIAM).
• Create and lead identity and access management roadmaps that align with business objectives and technology needs.

• Implementation and Integration with Optimization:
• Lead the technical implementation of IAM solutions, including integration with existing systems, applications, and directories demonstrating Saviynt, MS Entra, CyberArk PAM, and CIAM platforms.
• Architect and configure Saviynt for identity governance and administration (IGA), automating the user lifecycle, role-based access policies, and compliance reporting.
• Maintain and enhance seamless OAuth and SSO solutions for secure access across cloud, on-premises, and hybrid environments.
• Implement and handle CyberArk PAM solutions for privileged access management, ensuring robust protection of critical systems and sensitive data.
• Implement CIAM solutions that deliver secure and frictionless authentication experiences for customers and partners (B2C and B2B), including registration, login, and profile management.
• Review, define & implement access control policies, user lifecycle management processes & regular access reviews to maintain data security under access governance.
• Continuously optimize IAM solution performance and user experience, demonstrating automation and monitoring tools to reduce manual intervention.
• Automate IAM processes, including user provisioning, deprovisioning, role assignments, and access certifications to improve efficiency and reduce manual overhead.

• Security, Compliance & Best Practices:
• Ensure IAM solutions are designed and implemented to meet security, privacy, and compliance standards, including GDPR, SOX, HIPAA, and other regulatory requirements.
• Implement robust multi-factor authentication (MFA), adaptive authentication, and SSO capabilities across both B2B and B2C user environments.
• Design and implement fine-grained access control policies, ensuring the principle of least privilege (PoLP) and separation of duties (SoD).
• Conduct IAM risk assessments, audits, and vulnerability assessments, and provide actionable recommendations for improving security posture.

• B2B/B2C Identity Management:
• Architect and implement scalable B2B and B2C identity solutions, providing secure access for partners, contractors, and customers.
• Enable seamless federation of identities with external systems, applications, and partners using OAuth, SAML, and OpenID Connect.
• Ensure seamless integration of customer identity management (CIAM) for external user registration, consent, authentication, and self-service options.

• Continuous Improvement:
• Stay updated with the latest IAM technologies, industry trends, and security threats to ensure the organization's IAM strategies remain competitive and effective.
• Continuously evaluate IAM systems for opportunities to enhance security, improve user experience, and streamline access management workflows.

• Collaboration & Leadership:
• Provide technical leadership and mentorship to multi-functional teams, including IT security, infrastructure, and application development teams.
• Collaborate with senior leadership to define IAM strategies, roadmaps, and technology investments.
• Lead and handle IAM projects, working closely with partners to gather requirements, define solutions, and ensure successful project delivery.

• Documentation & Reporting:
• Create detailed user documentation, architecture diagrams, and operational procedures for IAM solutions.
• Provide regular reports on the performance and security of IAM systems, including key performance indicators (KPIs), audit results, and incident management.
• Document and communicate IAM policies, standards, and governance frameworks to ensure alignment across the organization.
• Monitor and report on the health, performance, and security of IAM solutions, highlighting areas of improvement and potential risks.

• Bachelor's or Master's degree in computer science, IM&S or similar field.
• 12+ years of experience in Identity and Access Management (IAM), with at least 4 years in a solution architecture or technical leadership role.
• Extensive knowledge of best-of-breed technology platforms to deliver IdAM capabilities - including Saviynt IGA and AAG, CyberArk (PAM), MS Entra/Azure AD, Azure PIM, Customer Identity and Access Management (CIAM) capabilities addressing needs of different persona of identities.
• Hands-on experience with integrating IAM solutions into enterprise IT infrastructure (applications, databases, cloud services, etc.).
• In-depth understanding of IAM protocols (SAML, OAuth, OpenID Connect, LDAP, and APIs.), MFA, SSO, RBAC, and identity federation.
• Solid understanding of security standard methodologies and regulatory requirements (e.g., GDPR, HIPAA, SOC 2, SOX).
• Proven experience managing and optimizing enterprise-level IAM solutions and platforms.

• Outstanding social skills - the ability to translate sophisticated IT matters to those without an IT background and to articulate solutions, including resource-, techno-functional requirements, phasing, and dependencies.
• Strong leadership, collaboration, and communication skills.
• Ability to simplify complex IAM concepts for technical and non-technical partners.
• Analytical and problem-solving approach, with a focus on security, efficiency, and continuous improvement.
• Self-motivated with the ability to handle multiple projects and meet deadlines in a fast-paced environment.