Contact Us

Home /  All vacancies /  CIAM / Identity Architect

CIAM / Identity Architect

Development Team

On behalf of our Client from the Caribbean region, Mobilunity is looking for a CIAM / Identity Architect

Our Client is the largest bank in the Caribbean region that serves 14 countries/territories. The aim is to transform this organization from a traditional bank into a new era of fintech, leveraging the cutting-edge of current fintech offerings.

The CIAM / Identity Architect is responsible for defining and governing the Customer Identity & Access Management architecture across digital channels, ensuring secure, scalable, compliant, and frictionless customer authentication and authorization experiences. This role owns the identity strategy for customers and external users, distinct from workforce IAM, and ensures alignment with security, privacy, regulatory, and digital transformation goals.

Responsibilities:

  • Define and maintain the CIAM reference architecture spanning authentication, authorization, customer lifecycle management, consent, and identity federation.
  • Design scalable identity flows for mobile apps, web experiences, APIs, and partner integrations, optimizing for usability, security, and performance.
  • Own and govern identity standards and patterns, including OIDC, OAuth 2.0, SAML, FIDO2/WebAuthn, token models, and session management approaches.
  • Embed privacy-by-design with consent capture, purpose limitation, data minimization, and regulatory alignment (e.g., GDPR and regional equivalents).
  • Provide architectural oversight for CIAM vendors and internal identity platforms; evaluate build vs. buy; ensure interoperability and roadmap alignment.
  • Define non-functional requirements and SLOs for availability, performance, fraud detection, resilience, disaster recovery, and multi-region scale.
  • Act as senior design authority for CIAM-related decisions and security exceptions, balancing customer experience with risk controls.
  • Partner with API, mobile, and web platform teams to align API security, token scopes, and gateway policies with zero trust principles.
  • Establish identity data models and customer profile boundaries across domains; guide eventing and telemetry for identity analytics and fraud monitoring.
  • Influence product roadmaps for enrollment, progressive profiling, step-up authentication, and self-service account recovery.
  • Define patterns for social login, partner federation, and B2B2C scenarios, including trust frameworks and contractual controls.

Requirements:

 

  • CIAM architecture: customer onboarding, identity proofing patterns, profile management, consent orchestration, MFA/step-up, account recovery.
  • AuthN/AuthZ protocols: OAuth 2.0, OIDC, SAML, JWT, token lifecycles, PKCE, device authorization, dynamic client registration.
  • Federation & social login: brokered identity, Just-In-Time provisioning, account linking, risk-aware social sign-in.
  • API security: gateway integration, token exchange, mTLS, rate limiting, scope design, audience and resource modeling.
  • Identity risk & fraud: bot and credential-stuffing defenses, device trust, anomaly/risk signals, adaptive access, and re-auth strategies.
  • Privacy engineering: data minimization, consent tracking, purpose binding, right-to-access/erase, data residency, and encryption patterns.
  • Architecture governance: reference models, standards catalogs, decision records, review boards, and cross-domain leadership.
  • Resilience & scale: multi-region, active-active, blue/green identity changes, schema evolution, rate/latency optimization.
  • Developer experience: SDK and pattern enablement, secure-by-default templates, guardrails, and documentation.

Certifications:

 

  • CIAM platform architecture (e.g., Okta/Auth0, ForgeRock, Ping, Microsoft Entra External ID/Azure CIAM).
  • Microsoft Entra ID identity architecture fundamentals.
  • TOGAF or equivalent enterprise architecture certification.
  • Data privacy training (GDPR and regional equivalents).
  • OWASP Identity & API Security training (including ASVS and API Security Top 10).


Required experience:

 

  • 8–12+ years in identity, security, or solution architecture roles.
  • 4+ years designing customer-facing identity platforms at scale (high-traffic consumer or partner ecosystems).
  • Experience in regulated industries such as banking, fintech, or telecommunications.
  • Proven leadership driving architecture decisions across multiple digital channels (mobile, web, API/platform).
  • Track record delivering measurable outcomes in conversion, fraud reduction, latency, and availability.

Success Measure:

  • Improved authentication success rate and reduced account recovery friction without increasing risk.
  • Adoption of reference patterns and standards across product teams; reduced custom auth code.
  • Regulatory alignment evidenced by privacy controls, consent auditability, and clean audit outcomes.

In return, we offer:

  • The friendliest community of like-minded IT people
  • Open knowledge-sharing environment – exclusive access to a rich pool of colleagues willing to share their endless insights into the broadest variety of modern technologies
  • Mobilunity Medical Insurance program is designed to meet our team’s needs
  • Paid vacations and sick leaves, including 5 paid days per year that don’t require a sick note
  • Perfect office location in the city center (900m from Lukyanivska metro station with a green and spacious neighborhood) or remote mode engagement: you can choose a convenient one for you, with a possibility to fit together both
  • No open-spaces setup – separate rooms for every team’s comfort, and multiple lounge and gaming zones
  • English classes in 1-to-1 & group modes with elements of gamification
  • Neverending fun: sports events, tournaments, music band, multiple affinity groups

Come on board, and let’s grow together!

 

Go Up