Job Description

We're looking for a highly experienced IAM Engineer to design and implement a custom identity and access management solution for a Client's global digital platform ecosystem.



This role will be critical in helping the Client evolve from a legacy hierarchical structure into a modern, tag-based, fine-grained access model that respects row-level data permissions and user context across blended datasets and applications.

Key Responsibilities

Design and implement a custom IAM model for the Client's application and API ecosystem. Extend the IAM solution to cover row-level data access across a central data lake, respecting all upstream and downstream permission flows. Collaborate with stakeholders across IT, security, data, and application teams to integrate IAM into the current and future-state architecture. Build a tag-based permissions system, supporting complex multi-dimensional access control (beyond roles and hierarchy). Support Okta integration as a federated identity layer, ensuring interoperability without duplicating access logic. Design and implement policies that are compliant with regional data privacy and security standards (e.g., GDPR, CCPA, ISO 27001, etc.). Create comprehensive documentation for the IAM architecture, design decisions, and control mappings for audit and compliance purposes. Support application teams with onboarding, identity delegation, and enforcement of IAM standards.

Ideal Experience

5+ years in IAM architecture and engineering, with proven delivery in custom or hybrid IAM systems Strong understanding of Azure AD, RBAC, ABAC, and federated identity management Experience with Okta and integrating it into custom IAM workflows Deep knowledge of fine-grained access control, including row-level security in data platforms (e.g., Azure Synapse, Data Lake, Databricks, etc.) Exposure to multi-tenant architectures, and familiarity with client brand market models Understanding of tag-based permissioning and contextual access policies Experience working in highly regulated industries, with the ability to design systems that align with compliance frameworks (e.g., ISO, GDPR) Familiarity with data governance, data mesh principles, or data access proxy layers (nice to have)

Bonus Points For

Experience with Keycloak, Okta, or building custom OAuth2/OIDC providers Exposure to graph-based access models Working knowledge of marketing technologies, media platforms, or agency ecosystems Prior work in global, multi-brand organisations with federated structures

Why This Role?

Opportunity to build a mission-critical system from the ground up Work with a globally recognised brand and a high-calibre architecture team Influence how identity, permissions, and data access are handled across the entire enterprise * Take on a complex, high-impact challenge with deep technical and strategic implications