Principal IAM Architect

You desire impactful work.
 

You’re RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

The Principal Security Architect, IAM & Zero Trust is a strategic and technical leader responsible for designing, governing, and continuously improving enterprise-wide architecture. This role ensures security is embedded throughout the system and product development lifecycles, applying secure-by-design and zero trust principles across hybrid, cloud-native, and on-premises environments. The Identity Access Management Architect proactively anticipates evolving threats, translates complex risks into actionable strategies, and operationalizes controls that are scalable, resilient, and measurable. Through deep collaboration with engineering, business, and infrastructure teams, this role elevates the organization’s security maturity and enables adaptive defenses that support business growth and regulatory compliance.

Principal Duties

• Define and maintain the enterprise IAM strategy, ensuring alignment with cyber security, zero-trust, and regulatory requirements.

• Design end-to-end identity architectures, including authentication, authorization, directory services, privileged access, and lifecycle management.

• Lead implementation of IAM technologies, such as SSO, MFA, PAM, IGA, federation, and identity governance platforms.

• Establish identity standards and reference architectures, covering protocols like SAML, OAuth, OpenID Connect, SCIM, LDAP, Kerberos.

• Ensure security integration of applications within cloud, on premise, and hybrid, int enterprise identity services

• Drive identity lifecycle processes, ensuring proper onboarding, role provisioning, separation of duties, and time de-provisioning.

• Conduct architecture reviews and threat modeling for identity-related risks, including account compromise, session hijacking, and privilege escalation.

• Partner with security engineering, cloud, and app teams to embed IAM security controls into development and deployment pipelines.

• Oversee identity governance and compliance, ensuring adherence to RGA policies, standards, and local laws, regulations, and adopted security frameworks.

• Evaluate and recommend IAM tools, vendors, and emerging technologies, ensuring they meet RGAs enterprise standards.

• Provide technical leadership and guidance to fellow architects and engineers.

• Monitor identity threat landscape and guide adoption of modern defenses such as conditional access, continuous authentication, and identity threat detection and response.

Required Qualifications

• 8+ years of experience in cybersecurity, with at least 6+ years focused on IAM architecture, engineering, or operations.

• Expert knowledge of identity standards and protocols, including SAML 2.0, OAuth 2.0, OpenID Connect, SCIM, LDAP, Kerberos, and PKI.

• Hands-on experience with major IAM platforms, such as Azure AD / Entra ID, Okta, SailPoint, CyberArk, etc.

• Strong understanding of Zero Trust principles, identity governance, privileged access, and modern access control models (RBAC, ABAC, PBAC, JIT).

• Proven ability to design enterprise‑scale IAM architectures across cloud (AWS/Azure/GCP), on‑prem, and hybrid environments.

• Deep knowledge of enterprise directory services, identity lifecycle automation, and group/role modeling.

• Experience integrating applications (SaaS, custom, legacy, APIs, microservices) into centralized identity systems.

• Solid understanding of regulatory frameworks such as SOX, HIPAA, PCI-DSS, ISO 27001, and NIST 800‑53, and how they apply to identity controls.

• Strong background in threat modeling, particularly around authentication, authorization, credential management, and session security.

• Proficiency in scripting or automation (PowerShell, Python, REST APIs) for identity lifecycle and governance operations.

• Experience implementing MFA, conditional access, password-less authentication, and identity threat detection.

• Excellent communication and leadership skills, with the ability to influence technical and non‑technical stakeholders.

• Bachelor’s in Computer Science, Cybersecurity, Information Systems, or related field, or equivalent experience. Master's and/or relevant certifications preferred (CISSP, CISM, CCSP, GIAC, Azure/AWS security, Okta or SailPoint certifications).

#LI-CW1

#LI-Remote

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.

• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.

• Join the bright and creative minds of RGA, and experience vast, endless career potential.

We’re excited to get to know you and connect your unique skills with our global opportunities. To create a modern and seamless experience, we use artificial intelligence (AI) in parts of our preliminary screening process. This technology helps us personalize job recommendations, automate interview scheduling, evaluate candidates based solely on experience—without considering name, gender, or other personal details—and provide real-time answers through our chatbot. AI is used only during early screening and never makes hiring decisions. Your RGA recruiter will work closely with you every step of the way to ensure the process feels personal, thoughtful, and focused on you.

Compensation Range:

Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.

RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.