Enterprise Architect - Identity and Access Management - is required to join a large-scale technology transformation programme and to define and lead the enterprise-wide Identity & Access Management (IdAM/IAM) architecture, ensuring alignment with business strategy, security objectives, and the organisation’s target-state enterprise architecture.

This is a large transformation focused on establishing a unified, enterprise-wide identity capability, covering identity governance, access management, and privileged access, supporting identities across a complex supply chain domain environment.

You will be responsible for:

• Defining and owning the enterprise IdAM architecture, strategy, and roadmap.
• Establishing architectural principles, standards, and patterns for identity and access across the organisation.
• Leading the IT and technology input into IdAM business cases, ensuring alignment with enterprise architecture and long-term strategy.
• Providing architectural leadership and governance across multiple programmes and delivery teams.
• Collaborating with senior business and technology stakeholders to drive adoption of the IdAM strategy.
• Embedding Zero Trust principles into the enterprise security architecture.
• Defining and governing a unified IdAM operating model with centralised identity governance and administration.
• Assessing current state capabilities, tooling, and organisational maturity.
• Defining how IDAM capabilities integrate across business and technology domains.
• Establishing identity governance, lifecycle management, and access models.
• Delivering a single, enterprise-wide identity control plane.
• Aligning all IDAM capabilities with enterprise architecture standards and future-state design.

Required experience and skills:

• Extensive experience operating as an enterprise or lead IDAM architect within large, complex organisations.
• Deep expertise in IDAM domains, including:
• Federated identity
• Single sign-on (SSO)
• Multi-factor authentication (MFA)
• Role-based and attribute-based access control (RBAC/ABAC)
• Strong experience with enterprise identity platforms such as Microsoft Entra ID (Azure AD) and Okta.
• Experience with identity governance and PAM solutions (e.g. SailPoint, CyberArk).
• Strong understanding of enterprise architecture frameworks and governance (e.g. TOGAF).
• Proven ability to influence and engage senior stakeholders across business and technology functions.
• Experience defining and embedding Zero Trust and Privileged Access Management (PAM) strategies.
• Ability to define and enforce architecture governance, ensuring consistency, scalability, and compliance across the enterprise.
• Retail or supply chain domain experience.
• Multi-location operating model experience and exposure to external SOC providers will be beneficial.