Chief Architect, Identity and Access Management
- Foster City, CA, USA
As the world's leader in digital payments technology, Visa's mission is to connect the world through the most creative, reliable and secure payment network - enabling individuals, businesses, and economies to thrive. Our advanced global processing network, VisaNet, provides secure and reliable payments around the world, and is capable of handling more than 65,000 transaction messages a second. The company's dedication to innovation drives the rapid growth of connected commerce on any device, and fuels the dream of a cashless future for everyone, everywhere. As the world moves from analog to digital, Visa is applying our brand, products, people, network and scale to reshape the future of commerce.
At Visa, your individuality fits right in. Working here gives you an opportunity to impact the world, invest in your career growth, and be part of an inclusive and diverse workplace. We are a global team of disruptors, trailblazers, innovators and risk-takers who are helping drive economic growth in even the most remote parts of the world, creatively moving the industry forward, and doing meaningful work that brings financial literacy and digital commerce to millions of unbanked and underserved consumers.
You're an Individual. We're the team for you. Together, let's transform the way the world pays.
Visa is seeking a Chief Architect, Identity and Access Management (IAM) in the Cybersecurity department to act as one of key technology leaders to build a strategic and tactical IAM architecture roadmap and collaborate with the team to execute on it from concept to production.
The Identity And Access Management (IAM) team’s vision is to securely and easily connect all authorized users to the resources they need to do their work and to protect Visa from unauthorized access. The IAM mission is to protect Visa assets and the brand by expanding coverage of applications and systems, increasing privileged access management coverage, simplifying the user experience, optimizing IAM processes, and driving to a continuously higher global security posture following a practical risk-based approach.
The IAM Chief Architect will work as a member of the Cybersecurity IAM team, and with deep and broad expertise in IAM systems and industry best practices and trends, will provide overall strategic architectural direction. The individual will perform a lead role in identification, analysis, evaluation, and adoption of IAM architectures and technologies. The IAM Chief Architect will collaborate actively with the IAM leaders and teams to ensure the right IAM solutions are successfully designed, developed, deployed and operated end-to-end from conception through production. In addition, the IAM Chief Architect will be involved with evangelizing IAM best practices, education and mentorship, development of technical architecture and standards documents, and advanced topics research.
Craft a practical architectural road map from the existing state to a target state that utilizes industry best practices, upcoming standard trends (such as Zero Trust, FIDO and biometrics), and can meet diverse requirements for security, compliance, high availability, scalability and performance, excellent user experience, and innovation.
- Architect and deliver global, large-scale IAM systems, overseeing data architecture, development and systems integration, and align complex business problems to appropriate technology solutions that deliver strong returns on investment
- Own the IAM technical standard documents for both the employee as well as customer/consumer domains
- Author and maintain the IAM reference architecture, and IAM technology standards documents
- Key contributor to the IAM strategy and road map
- Analyze and provide Point of View perspectives on complex, challenging cross-domain problems
- Collaborate with the other technology architects and leads to ensure that IAM security is properly embedded in their technology architecture
- Advise leadership on IAM issues, systems, processes, products, and services
- Maintain oversight of the design and implementation of IAM systems to ensure appropriate and effective security controls are included
- 12 years of work experience with a Bachelor’s Degree; 10 years of work experience with an Advanced degree (e.g. Masters/MBA/JD/MD), or a minimum of 5 years of work experience with a PhD
- Deep interest and 10+ years practical, hands-on expertise in IAM (especially IAM for employees, but also IAM for customers/consumers) including current best practice and future trends such as zero trust, Cloud, mobile, API security, multi-factor authentication, container security, Hadoop, etc.
- Hands-on experience architecting, designing, developing, deploying and operating scalable IAM solutions for large multinational enterprises and within heterogeneous application server, operating system and database environments
- Very strong ability to collaborate and harvest the best ideas from the team at Visa as well as from industry, and to collaboratively negotiate priorities, to construct the best practical path forward for Visa.
- Excellent written and verbal communication skills. Should be the owner and chief editor of the IAM architecture and technical standards documents. Excellent written skills are critical for authoring precise, easy-to-read architectural standards with the proper rationale so that they can be easily followed by the rest of the organization. Excellent collaborative skills are essential to harvest the best ideas from across the team, and also to construct a practical, phased road map.
- Experience developing and authoring technical standards for IAM, strategies, architectures, and road maps
- Experience with the following:
- Deep understanding of the full IAM life-cycle including Joiners-Movers-Leavers, authentication, authorization, AD groups, and privileged access for systems and applications and enrolling applications and systems into the IAM platform
- Strong understanding of (and ability to create/influence) corporate IAM policy, modern IAM security requirements and best practices and enterprise Key Controls
- Experience on building strong authentication and access control mechanisms on Windows, Mac desktops and systems (Unix, Windows, Mainframe, Tandem) and applications
- Single-Sign-On (SSO) and federation standards such as SAML and OpenID Connect
- Multi-Factor Authentication (MFA)
- Privileged Access Management – including solutions such as Xceedium, CyberArk
- API security including standards such as OAUTH
- IAM solutions for big data platforms such as Hadoop
- Mobile application authentication and authorization
- Experience on Cloud IAM deployments (e.g., IAM to secure deployments on AWS, Azure)
- Experience on working with internal audit, compliance, pen testers and external assessors to both reactively and proactively assess and correct findings related to IAM
- Knowledge of Active Directory forest architecture, trusts, hardening concepts, LDAP, Kerberos, and integration with Linux platform and applications.
- ISO 270001, CISSP certifications
- Ability to quickly learn and adapt to complex environments in large multinational financial service companies such as Visa and implement practical, robust IAM solutions
- Ability to construct right-sized IAM solutions for mergers and acquisitions that meet benefit/cost criteria
- Experience with SailPoint, ForgeRock, Xceedium, Citrix, etc.
- Experience with modern and existing IAM standards such as FIDO, OAuth, Open ID Connect, SAML, WS-Federation, and WS-Security; and ability to influence such standards based on enterprise needs
Incumbent must make themselves available during core business hours.
This position may require the incumbent to travel up to 10% of the time.
This position will be performed in an office setting. The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers, reach with hands and arms, and bend or lift up to 25 pounds.
Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.