We create smart innovations to meet the mobility challenges of today and tomorrow. We design and manufacture a complete range of transportation systems, from high-speed trains to electric buses and driverless trains, as well as infrastructure, signalling and digital mobility solutions. Joining us means joining a truly global community of more than 75000 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact. 

Purpose of the job

Reporting directly to the head of Security governance and risk management, the IAM Architect leads the Global Alstom IT strategy in terms of identity and access management.

He or she is in charge of developing and leading the governance of identities and accesses, in compliance with the IAM security policy at group level. This includes the definition of global processes to manage the lifecycle of users’ accounts and identity in the IT landscape.

He coordinates and gather relevant stakeholders around IAM topics, including but not limited to HR, Sourcing, Master Data managers, IS&T, business representatives.

He designs the appropriate IAM mechanisms and tools to be implemented within the Alstom Information System and is in charge of leading the functional and technical roadmap.

He leads the external resources team supporting Alstom IAM program and ensure the relation with external parties with the support of sourcing and legal teams.

Main responsabilities

• The IAM architect is solution owner for some specific Security Solutions under his responsibility
  • IAM standards
  • Architecture validation, against Security Policy
  • Governance of identities and accesses
  • Support level 3 – expertise – for IAM platforms and topics
• The IAM lead architect follows and validates the security aspects related to IAM in Alstom’s IT projects
  • ISSCQ – produce all Information System Security and Compliance Questionnaire at the initial phase of all projects
  • Risk analysis – perform risk analysis and identify mitigation plan when relevant
  • Security Insurance Plan –make sure that all IT partners/providers respect the IAM policy when they deliver services (e.g. Cloud or SaaS provider)
  • Security Acceptance –make the right decision considering the residual risk and the asset value
  • ISS Run Q&A and industrialization

Qualification & Competencies - Expected Level

Qualification: 

Initial Background: an IAM leader having 10 years of experience in IAM Security activities, ideally with an architecture background in IT Security

Languages : English (mandatory)          

                         French (optional)

Mandatory experiences :

• IAM concepts
• IAM Architecture
• Security background
• Excellent written/verbal/communication, listening and facilitation skills
• Able to analyze risks and to design an appropriate IAM security pattern (provisioning, habilitation workflow, authentication, master data authorities, segregation of duty, Privileged Access Management, federation)
• Subject-matter expertise across all IAM topics as it relates to both cloud and on-premises enterprise technology, and the relationship between the architectures.
• Drive the adoption of Authentication and Authorization reference architectures for existing, new and emerging IAM technologies.
• Develop effective architecture solutions that not only satisfy immediate project requirements but also deliver a coherent, reusable, reliable and phased architecture to help the business grow and change while aligning IAM security policy.
• Risk analysis
• Knowledge of ISO 27002 and ISO 27005

Competencies 

Technical Competencies

Experience architecting IAM solutions : Level 4                                         

Experience on IAM solutions within Saviynt AAG, Microsoft Azure or other IAG solution : Level 3

Very Good understanding of Identity & access governance, Multi-Factor authentication and Privileged Access Management : Level 4                                                                             

Good understanding on technologies related to Identity and access management, such as e.g. API , AD , LDAP , SQL : Level 4

Intimately familiar with IAM related protocols such as SAML , SCIM , SPML , XACML , OpenID and OAuth : Level 4

Good understanding on functional concept of Identity and access management (workflows, SOD, recertification access, provisioning, auto-correlation access, …) : Level 4

Good understanding on IT architecture principals and design (e.g network, e.g) : Level 3

2-3 years of IAM Saviynt software experience is appreciated : Level 1

Leadership dimensions

Ability to work global with functional as well as technical teams in a dynamic environment : Level 3

Ability to drive architecture topic related, to various stakeholders (Team, Architects, Head of, VP, Business) : Level 3