Identity and Access Management Architect

Recruitment notice:

Platte River Power Authority does not accept unsolicited resumes from headhunters, recruitment agencies or fee-based placement services. No agency emails, calls, or solicitations to staff are accepted without a valid agreement. Any unsolicited resume submitted to staff will be considered property of Platte River Power Authority and with no obligation to pay any referral fees.

Job summary

Responsible for the design, development, and implementation of secure, scalable Identity and Access Management (IAM) systems and processes that govern user identities, roles, access permissions, and authentication mechanisms. This role ensures alignment with organizational policies, regulatory requirements, and industry best practices, and collaborates closely with technology, cybersecurity, and business stakeholders to manage identity lifecycles, enforce access controls, streamline authentication and authorization, and maintain robust identity governance. Core responsibilities include designing and supporting IAM tools and platforms, contributing to enterprise security initiatives such as single sign-on (SSO), multifactor authentication (MFA), role-based access control (RBAC), privileged access management (PAM), Active Directory (AD), certificate services, and identity governance.

This posting closes on September 10 at 5:00 pm MT.

Work environment and schedule

This position works a typical Monday through Friday schedule in a general office environment and may be eligible for hybrid workdays. The successful candidate should reside within a commutable distance. Performing this work requires occasional physical effort to lift and carry light objects and is primarily sedentary; minimal walking or standing is required on an as-needed basis.

Essential duties and responsibilities

- Design, develop, and maintain enterprise-wide IAM architectures, frameworks, and solutions to manage user identities, authentication, authorization, access permissions, and governance.

- Implement and optimize IAM technologies, including Okta as the primary identity platform, along with SSO, MFA, PAM, RBAC, AD, and certificate services.

- Define and enforce IAM policies, standards, and procedures in alignment with cybersecurity frameworks, regulatory requirements, and industry best practices.

- Architect and oversee the integration of digital certificates and Public Key Infrastructure (PKI) solutions into enterprise authentication systems, including issuance, renewal, revocation, and secure communications.

- Develop and maintain identity governance processes, including access certifications, access reviews, entitlement management, and enforcement of least-privilege policies.

- Administer IAM platforms, ensuring high availability, performance, scalability, and compliance with security and operational standards, including patching and configuration management.

- Integrate IAM systems with enterprise applications, third-party platforms, and hybrid cloud environments to streamline authentication and authorization.

- Design, develop, implement, and regularly test disaster recovery and redundancy plans for IAM systems to ensure cybersecurity resilience and secure business continuity.

- Maintain comprehensive documentation of IAM configurations, architectures, processes, disaster recovery plans, and incident response activities.

- Lead troubleshooting and resolution of IAM-related incidents and technical issues, including authentication, authorization, provisioning, and directory service problems.

- Implement and maintain security best practices, including least privilege, separation of duties, and secure credential management.

Other functions

- Participate in cross-functional security initiatives, working groups, or committees as needed to advance the organization's cybersecurity posture.

- Provide subject matter expertise during system design reviews, major application upgrades, and technology initiatives to ensure IAM and identity governance considerations are incorporated.

- Stay current on emerging IAM and IGA technologies, cybersecurity threats, and regulatory developments, and recommend adjustments to organizational strategies as appropriate.

- Support incident response efforts by providing expertise related to identity and access impacts during cybersecurity events.

- Perform other duties and special projects as assigned to support the cyber and information security department’s objectives.

Knowledge, skills, and abilities

- Extensive knowledge of identity and access management (IAM) principles, identity governance (IGA), frameworks, technologies, and standards (e.g., Okta, SSO, MFA, RBAC, PAM, SCIM, SAML, OAuth, OpenID Connect).

- Strong understanding of identity lifecycle management, directory services (e.g., Active Directory, Azure AD), authentication/authorization models, and entitlement management.

- Expertise in designing and integrating digital certificate services and PKI solutions into enterprise environments.

- Strong knowledge of cybersecurity principles, least privilege models, zero trust architectures, and regulatory compliance requirements (e.g., NERC CIP, SOX, HIPAA, Colorado Privacy Act).

- Ability to develop, deploy, and maintain automation scripts and tools to improve IAM and governance operations.

- Skilled in troubleshooting complex IAM and governance issues, conducting root cause analyses, and implementing corrective actions.

- Ability to design and maintain disaster recovery and business continuity plans for IAM systems.

- Excellent written and verbal communication skills, with the ability to translate complex technical concepts into clear, actionable guidance.

- Strong collaboration skills with cross-functional teams, cybersecurity peers, business stakeholders, and technology leadership.

- Commitment to continuous learning in identity, governance, security, and regulatory developments.

Required qualifications

- Bachelor’s degree in computer science, information security, information systems, or a related technical field; relevant experience may be substituted for education.

- One of the following certifications related to cybersecurity or identity and access management (or ability to obtain within one year of hire):

- Certified Information Systems Security Professional (CISSP)

- Certified Identity and Access Manager (CIAM)

- Certified Information Security Manager (CISM)

- Experience:

- 8 years of progressive responsibility in IAM, cybersecurity architecture, or enterprise security engineering.

- 5 years direct architecting, implementing, and supporting IAM systems with a primary focus on Okta or similar cloud-based identity platforms.

- Designing and integrating IAM and IGA solutions across hybrid environments (on-premises and cloud platforms such as Azure and AWS).

- Implementing identity lifecycle management, access provisioning/deprovisioning, privileged access management (PAM), and federated authentication.

- Supporting audit, compliance, and regulatory reporting related to identity governance and access management such as NERC CIP, SOX, HIPAA, Colorado Privacy Act.

- Valid driver’s license.

Preferred qualifications

- Master’s degree in cybersecurity, information technology, or a related field preferred.

- Okta certi

fication (e.g., Okta Certified Professional or Okta Certified Administrator.

- Additional certifications related to identity platforms, privileged access management, or cloud security (e.g., CyberArk Defender, Microsoft Certified: Identity and Access Administrator Associate) are desirable.

- Experience implementing automation and orchestration for IAM processes, including access provisioning, certification campaigns, and policy enforcement.

- Prior experience working in electric utilities, energy, or critical infrastructure sectors.

- Familiarity with Zero Trust security models and cloud-native identity management architectures (e.g., Azure Active Directory, AWS Identity Center).

- Demonstrated leadership in cross-functional cybersecurity initiatives and the ability to influence organizational adoption of IAM best practices.

Pay

This role is classified as exempt; salaries are paid bi-weekly and are annualized below for reference. Factors that may be used to determine actual salary include specific skills, years of experience, education, and certifications.

- Full range: $150,396 to $218,096

- Hiring range: $150,396 to $184,354