General Information
| Job Description | IT ARCHITECT 4 | Working Title | IAM Architect |
|---|---|---|---|
| Job Code | 000531 | Grade | 25 |
| Department Name | Identity & Access Management - D02064 | Department Head | Dewight Kramer |
| Supervisor | S�reyya Tuncel | Effective Date | 01/18/2022 |
Position(s) Directly Supervised
| Job Code | Title | FTE |
|---|
Generic Scope
| Technical leader with a high degree of knowledge in the overall field and recognized expertise in specific areas; problem-solving frequently requires analysis of unique issues/problems without precedent and/or structure. May manage programs that include formulating strategies and administering policies, processes, and resources; functions with a high degree of autonomy. |
Custom Scope
| Applies advanced IT architecture concepts and campus/medical center/OP or community-specific objectives to resolve highly complex issues with significant impact on the organization. Regularly works on issues where analysis of situations or data requires an in-depth evaluation of variable factors. Effectively selects criteria for evaluating results. |
Department Custom Scope
| As a member of the IT Security team, the Identity & Access Management (IAM) Architect functions with a high degree of autonomy, and is responsible for formulating strategies, processes, and resources; the architecture, design, development, and implementation of complex identity and access management solutions. These may include identity management federation operations; single sign-on, distributed access management, multi-factor authentication, and other services within Identity & Access Management service offering. General responsibilities include architecting scalable, flexible, and robust enterprise identity and access management solutions; designing middleware components and services; developing and maintaining identity and access management policies and best practices; mentoring support and technical staff; conduct research for emerging trends and best practices; recommending continual improvements to IAM technical and business processes; collaborating with stakeholders, business analysts, users and colleagues to identity business needs and devise appropriate technical solutions. This position is the technical leader and the recognized organization-wide expert on the enterprise IAM solution. The IAM Architect may lead teams, projects, and guide the work of other staff as needed to complete projects or operational assignments; and work with the IAM Manager and the PMO on project plans. |
Education & Experience Requirements
Education Requirements
| Degree | Requirement |
|---|---|
| Bachelor's degree in related area and/or equivalent experience/training. | Required |
Experience Requirements
| Experience | Requirement |
|---|---|
| Minimum of 2-4 years of Identity and Access Management related experience. | Required |
| Hands on experience with software develop and management tools including Git and demonstrated expertise in technologies and products, such as: J2EE, Java Servlets, XML, Web Services, Perl/CGI,SSL, etc. | Required |
| 6 - 10 years of related experience. | Required |
| Demonstrated significant experience with directory services like LDAP and Active Directory. | Required |
| Enterprise-level understanding of and experience with key modeling and description languages used to map highly complex business processes to architectural components, develop common, large-scale data resource architectures, and create reference frameworks. | Preferred |
| Significant experience deploying and maintaining identity management systems at a large scale (more than 5000) users either in higher education, in government or multi-national commercial organizations. | Required |
License Requirements
Certification Requirements
| Certification | Requirement |
|---|
Educational Condition Requirements
| Condition | Requirement |
|---|
Key Responsibilities
| Description | % Time |
|---|---|
| Initiates, designs and deploys large scale systems. Designs highly complex user systems interfaces, business software prototypes and new systems or major enhancements to existing programs. | 30 |
| Performs highly complex feasibility analysis on current and potential future projects. Gathers information and participates in selection of technical purchases with regards to processing, data storage, data access and software development. Establishes metrics and evaluates results. | 15 |
| Applies advanced IT architecture concepts to function as the highest level technical expert. Often serves as consultant to management. May lead or provide guidance to large development team in design of highly complex software systems. Advises on selection of technological purchases with regards to processing, data storage, data access and software development. | 15 |
| Leads and contributes to continuous improvement activities for IAM systems and functions; makes recommendations for improvement of processes, procedures, systems, applications, etc. | 15 |
| Participates in the architecture review of all critical system designs impacting aspects of the IAM architecture and provides technical guidance in the selection and implementation processes. Independently performs feasibility analyses, up to and including the most complex and advanced, on current and potential future IAM projects. Leads post-implementation and periodic reviews of installed IAM systems to assure effective installation and operations. Ensures that all current and future IAM services meet or are implemented in compliance with Federal NIST recommendations, international standards such as REFEDS, and mandated California and University of California policy. Assists with the prioritization and management of enhancements and operation of legacy identity systems. | 10 |
| Creates, reviews and improves existing documentation and/or instructional materials; develops new documentation/training related to IAM; applies standard formatting and nomenclature. Delivers training or presentations related to IAM systems to ITS and campus IT teams; effectively presents complex technical topics taking into account audience level and knowledge. | 5 |
| Recommends major and critical purchases impacting all aspects of the IAM architecture. Oversees the design and delivery of frameworks and products related to identity and access management systems. Works with and as a peer of Enterprise architects overseeing the design and delivery of standards-based applications, frameworks, tools, technologies, and guidelines in support of Identity Management services. | 5 |
| Required to participate in ongoing professional development, training and educations. | 5 |
Knowledge, Skills & Abilities
| Knowledge/Skill/Ability | Requirement |
|---|---|
| Ability to understand business needs and how business systems can support those needs. | Required |
| Experience with the integration of complex, diverse, internally and externally developed implementations of business functions to build scalable systems. | Required |
| Demonstrated ability to translate business needs into long-term architecture solutions. Expertise relating to the design and development of software across the organization. | Required |
| Knowledge of other related areas of IT. Ability to apply department processes and procedures to work. | Required |
| Knowledge of software, database, infrastructure or other IT function. Knowledge relating to the design and development of software across the organization. | Required |
| May require skills in web software, web software language and object oriented software concepts. May require knowledge of network protocols and how they are used on a large (campus/medical center/OP-wide, institution-wide or beyond) network. May require advanced knowledge of data storage, processing analysis and visualization technologies and how they are used in administrative and/or academic endeavors at a large, top-tier research university or medical center. | Required |
| Advanced knowledge of data storage, processing, and analysis and how they are used in administrative, medical and/or academic endeavors. | Required |
| Demonstrated ability to work with others from diverse backgrounds. | Required |
| Demonstrated effective communication and interpersonal skills, including the ability to communicate technical information to technical and non-technical personnel at various levels in the organization. | Required |
| Self-motivated and works independently and as part of a team. Demonstrates problem solving skills. Able to learn effectively and meet deadlines. | Required |
| Advanced working knowledge of authentication technologies such as SAML, OAuth, ODIC, and Shibboleth. | Required |
| Demonstrated advanced knowledge of enterprise identity and access management principles, technologies, and practices and expertise relating to the design and development of information technology architectures across the organization. | Required |
| Possess the verbal and written communication skills to work effectively with technical and non-technical personnel at various levels in the organization; ability to use standard English grammar and punctuation. | Required |
| Familiarity with cloud hosted Identity Governance Administration Solutions and containerization platforms. | Required |
| Understanding of and experience with key modeling and description languages used to map complex business processes to architectural components, develop common data resource architectures, and create reference frameworks. | Preferred |
| Advanced knowledge of computer security tools, best practices and policies including demonstrated experience securing server-based software. Demonstrated skill at administering moderately complex security controls and configurations to computer hardware, software and networks. | Preferred |
Special Requirements & Conditions
| Special Condition | Requirement |
|---|---|
| Must pass a background check. | Required |
| Occasional travel for university related business meetings, conferences and/or professional development. | Required |
| Travel Outside of Normal Business Hours. | Required |
| Weekend and after hours work to complete system patches, upgrades, enhancements, and implementations. | Required |
| Must actively participate in an on-call rotation supporting a 24/7 IT operation. | Required |
Other Special Requirements & Conditions
|
|
Level of Supervision Received
| Direction |
Environment
Working Environment
| Remote with occasional visits to UCR campus as necessary. |
Other Requirements
Items Used
|
Physical Requirements
|
Mental Requirements
|
Environmental Requirements
|
Critical Position
| Is Critical Position: Yes |