Principal Identity & Access Management Architect

We are Generac, a leading energy technology company committed to powering a smarter world.

Over the 60 plus years of Generac’s history, we’ve been dedicated to energy innovation. From creating the home standby generator market category, to our current evolution into an energy technology solutions company, we continue to push new boundaries.

The Identity & Access Management (IAM) Principal Architect leads the strategic design and implementation of our enterprise identity solutions, drives the consolidation of fragmented Identity Providers (IdPs) into Microsoft Entra ID, ensuring a unified, secure, and scalable identity framework aligned with Zero Trust principles. Focuses on rightsizing authentication and authorization processes to enhance security while optimizing user access and experience.

A key responsibility is architecting and supporting the migration to a Single Identity model across the company’s Customer Identity and Access Management (CIAM) platforms, empowering our Digital Business Office and delivering a seamless, secure, and unified digital identity experience. The IAM Principal Architect ensures compliance with industry standards such as NIST, ISO 27001, and other relevant security frameworks.

Works closely with security teams, IT leadership, business stakeholders, and external vendors to design and implement scalable IAM solutions that align with organizational goals and regulatory requirements.

Strategy & Architecture

• Define and execute the enterprise IAM strategy, including consolidating fragmented Identity Providers (IdPs) into Microsoft Entra ID.

• Architect and implement a unified identity framework that supports Zero Trust principles, ensuring secure and scalable authentication and authorization.

• Develop IAM roadmaps, policies, and governance models aligned with business objectives, security best practices, and regulatory compliance.

• Drive the adoption of cloud identity security solutions, ensuring seamless integration with hybrid and multi-cloud environments.

Implementation & Operations

• Lead the design, deployment, and management of IAM solutions, including Entra ID, Okta, Auth0, Active Directory, and Privileged Access Management (PAM) platforms.

• Support the migration to a Single Identity framework within Customer Identity and Access Management (CIAM) platforms to enhance digital transformation and user experience.

• Implement IAM automation, AI-driven identity governance, and self-service capabilities to streamline identity lifecycle management.

• Develop and enhance federated identity solutions, adaptive authentication, and multi-factor authentication (MFA) strategies.

Security & Compliance

• Ensure IAM security policies and solutions comply with industry standards such as NIST, ISO 27001, SOC 2, GDPR, and other required frameworks.

• Implement role-based access control (RBAC), least privilege access (LPA), just-in-time (JIT) access, and adaptive authentication strategies.

• Enhance privileged access security through PAM solutions, reducing attack surfaces and securing access to critical infrastructure.

• Integrate identity threat detection and response (ITDR) capabilities to protect against compromised credentials and insider threats.

Collaboration & Leadership

• Partner with security, IT, and business teams to align IAM initiatives with organizational goals and risk management strategies.

• Provide technical leadership, mentorship, and guidance to IAM teams and stakeholders.

• Engage with external vendors, industry leaders, and security communities to stay ahead of emerging IAM threats and best practices.

• Drive continuous improvement and innovation in IAM processes, ensuring the adoption of next-gen identity security solutions.

Education

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience.

Work Experience

• 6+ years of experience in Identity and Access Management, or in Cybersecurity with heavy emphasis in IAM processes and/or controls.

Knowledge / Skills / Abilities

• Deep expertise in Identity & Access Management (IAM) architecture, Zero Trust principles, and identity governance frameworks.

• Strong understanding of authentication and authorization mechanisms, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Adaptive Authentication, and Passwordless Authentication.

• Hands-on experience with Microsoft Entra ID (Azure AD), Okta, Active Directory, Auth0, and Privileged Access Management (PAM) solutions.

• Knowledge of Identity Governance and Administration (IGA), including role-based access control (RBAC), attribute-based access control (ABAC), and Just-in-Time (JIT) access.

• Expertise in IAM automation and AI-driven identity analytics, including identity lifecycle management and self-service capabilities.

• Familiarity with federated identity standards (SAML, OAuth, OpenID Connect) and their implementation in cloud and hybrid environments.

• Experience securing identities across cloud platforms (AWS, Azure, Google Cloud), including cloud-native IAM services and API security.

• Strong understanding of compliance and regulatory frameworks, such as NIST, ISO 27001, SOC 2, GDPR, and CCPA, as they pertain to IAM.

• Experience in identity threat detection and response (ITDR), insider risk management, and identity-based attack prevention.

• Excellent problem-solving, analytical, and leadership skills, with the ability to collaborate across security, IT, and business teams to implement scalable IAM solutions.

Education

• Master’s degree in Cybersecurity or a related field.

Certification / License

• CISA/CISM/CISSP or equivalent

Physical Demands: While performing the duties of this job, the employee is regularly required to talk and hear; and use hands to manipulate objects or controls. The employee is regularly required to stand and walk.  On occasion the incumbent may be required to stoop, bend or reach above the shoulders. The employee must occasionally lift up to 25 - 50 pounds. Specific conditions of this job are typical of frequent and continuous computer-based work requiring periods of sitting, close vision and ability to adjust focus. Occasional travel.

“We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law.”