Remoworker Remoworker
C

IDM Solution Architect

CloudPay
Remote Full-time United Kingdom
Solution-Architecture Identity-And-Access-Management Enterprise-Architecture Security-Architecture API-Security-Architecture Senior-Identity-&-Access-Management-Architect Identity-Security-Architect Identity-Governance-Architect
Apply on Himalayas →

You'll be redirected to the original listing.

Description

About this job opportunity

Our Vision

To be the world's most trusted global payroll partner, simplifying pay for all employees.

Our Mission

Empowering global workforces with seamless, compliant, and innovative payroll and payment solutions, enabling businesses to thrive in a connected world.

Our People

Our fundamental beliefs at CloudPay are built on core values of professionalism, passion, empowerment, innovation, and teamwork. We value our employees and strive to create a great workplace where everyone is valued, heard, inspired, and encouraged to bring their authentic selves to work. We're committed to providing an excellent employee experience through fulfilling projects, empowerment to make a difference, and an environment that inspires innovation.

What makes this role exciting

The Solutions Architect specializes in Identity & Access Management (IAM) to lead the design and implementation of enterprise-grade identity solutions across workforce, machine-to-machine (M2M), and customer (B2B, B2C) domains.

The role works in a highly cross-functional environment, bridging the gap between security, core platforms, and application teams to deliver a cohesive, future-proof identity strategy

Main responsibilities

  • Enterprise IAM Architecture: Lead the architecture and design of enterprise IAM solutions, leveraging the Ping Identity suite.
  • Authorization Modeling: Design and implement a robust RBAC model adaptable across workforce, applications, and platforms, with a clear evolutionary path toward hybrid RBAC/ABAC and Fine-Grained Authorization (FGA).
  • API Security & Gateway Enforcement: Define patterns for API security and token-based access (OAuth2, OIDC, JWT). Partner closely with API Platform teams to establish standardized token validation, scoping, and mediation patterns at the API Gateway tier (e.g., Apigee, Kong).
  • Machine-to-Machine (M2M) Security: Architect secure service-identity and M2M authorization models, including Client Credentials flows, service identity lifecycles, and API-to-API trust frameworks.
  • Zero Trust Governance: Ensure all identity patterns align with Zero Trust principles, producing robust architectural artifacts including role hierarchies, token claims strategies, and centralized access policies.

Experience needed for this role

Core IAM & Authorization

  • Hands-on architectural experience with the Ping Identity suite.
  • Deep understanding of modern identity protocols like: OAuth2, OIDC, SAML, and JWT architecture.
  • Proven experience designing enterprise-wide RBAC and entitlement models spanning both users and services.
  • Experience implementing modern authorization patterns (Modern Grant Authorization, scopes, claims-based access).

API Security & M2M Infrastructure

  • Solid experience integrating IAM frameworks with API Management and Gateway platforms (Apigee, Kong, or AWS API Gateway) to enforce edge security.
  • Deep experience with the OAuth2 Client Credentials flow, token design, workload identities, and securing service-to-service communication.

Leadership & Governance

  • Strong enterprise architecture background with a design-first mindset (focusing on systemic patterns rather than just localized implementation).
  • Proven ability to align large, diverse stakeholder groups (Security, Business Domains, App Teams, and Platform/Infra teams) and articulate complex IAM concepts in business-friendly language.
  • Comfortable dealing with ambiguity, legacy constraints, and organizational complexity.

Nice to have, but not essential

  • Experience with Identity Governance & Administration (IGA) tools.
  • Familiarity with compliance frameworks (SOX, GDPR, ISO).
  • Knowledge of DevSecOps, infrastructure-as-code (IaC), and IAM automation pipelines.
  • B2C experience.
  • AWS Cognito experience.

About you and Our core values

  • Taking ownership, working with integrity and respect
  • Being a team player is key to our culture
  • Solution and customer focused
  • Great initiative with the goal for excellence in achieving results
  • Dedicated to developing and always looking for continuous improvements
  • Be creative, be committed, be engaged and enjoy what you do

UK Package and benefits

  • Competitive Salary

  • Competitive vacation allowance

  • Calm app

  • WFH Allowance

  • Life Assurance

  • Private Medical Insurance

  • Cycle to Work Scheme

  • EAP

  • Eye Tests & Glasses Contribution

  • Simplyhealth Enhanced Health Plan

  • Pension Scheme

  • Give-As-You-Earn (GAYE)

  • Employee Referral Program

  • CloudPay NOW

  • Paid Volunteering days

  • Marriage Leave

  • Bereavement Leave

  • Vacation Purchase Plan

CloudPay is committed to being an equal opportunities employer.

The CloudPay culture is built upon on five core values, from which we develop our service, our technology and our business strategies. Our fundamental beliefs are a promise to our employees, customers and partners, built on the core values of professionalism, passion, empowerment, innovation, and teamwork.
Glassdoor

Originally posted on Himalayas