Role Title: ICAM Architect
Role Location: Estimated 50% onsite in Washington, DC

Required Qualifications

• Bachelor’s degree or higher in Computer Science, Information Systems, Cybersecurity, or a related field.
• 8–12 years of demonstrated experience in ICAM, cybersecurity, or enterprise architecture.
• Demonstrated experience designing enterprise ICAM or IAM architectures across the full delivery lifecycle, including assessment, solution design, migration strategy, implementation support, deployment, and operational transition.
• Experience with cloud-based identity platforms and enterprise system integration, including hybrid and legacy-to-modern transformation environments, which the PWS identifies as core evaluation areas for proposed personnel.
• Hands-on expertise with technologies relevant to this effort, including Okta, SailPoint, and Microsoft Entra ID.
• Strong knowledge of identity lifecycle management, provisioning/deprovisioning, access governance, SSO, MFA, federation, role/attribute/policy-based access control models, and federal ICAM regulations.

Preferred Qualifications

• Industry certifications aligned to ICAM, security, architecture, or cloud platforms, such as CISSP, CISA, CRISC, Security+, TOGAF, or relevant Okta, SailPoint, and Microsoft certifications. The PWS explicitly emphasizes appropriate certifications by role and identifies certifications such as CISSP, CISA, and CRISC for specialized functions.
• Experience supporting federal or [client] environments with strong security, compliance, and operational continuity requirements.

Day-to-Day Responsibilities:

The ICAM Architect serves as the senior technical authority responsible for designing, establishing, and evolving the [client]’s target-state Identity, Credential, and Access Management (ICAM) architecture. This role leads the architectural vision, future growth strategy, high-level identity flows, and migration approach for the modernization effort, while ensuring alignment with [client] requirements, enterprise integration needs, security standards, and operational objectives identified across the BPA lifecycle. The ICAM Architect is responsible for translating business, technical, security, and operational requirements into an actionable architecture and implementation path spanning solution design, migration planning, MVP deployment, full-scale rollout, adoption and training, transition, and post-implementation support.

Key Responsibilities

• Lead the design of the overall ICAM architecture, including target-state capabilities, identity flows, trust relationships, integration patterns, and modernization roadmap for the [client] environment.
• Assess the current identity ecosystem, processes, technologies, and dependencies to inform the future-state architecture and migration strategy.
• Develop comprehensive architecture and solution design artifacts that address functional/non-functional requirements, use cases, integration points, performance expectations, security controls, and operational support requirements.
• Define the architecture for authentication, authorization, federation, identity lifecycle management, access governance, self-service capabilities, and centralized identity data management. • Design secure access models supporting SSO, MFA, RBAC, ABAC, and PBAC, with adherence to Zero Trust principles and [client] security/compliance expectations.
• Lead the technical migration strategy from legacy ICAM capabilities to the modernized solution, including phased deployment, coexistence, milestone-based migration, and approaches for non-migratable systems.
• Direct integration architecture for enterprise applications, directories, ITSM platforms, SIEM capabilities, pilot applications, national applications, and non-national applications requiring onboarding frameworks or federation enablement.
• Establish architectural approaches for maintenance, updates, patching, resilience, failover, disaster recovery, logging, reporting, and long-term supportability of the deployed ICAM solution. • Support MVP planning and certification activities by ensuring the architecture can be validated against acceptance criteria and can support ATO-related compliance needs.
• Provide technical leadership for documentation, knowledge transfer, training enablement, and transition to [client] operations, including materials required to build, run, maintain, and support the solution.