GCP IAM Architect

Design, plan, build, and manage secure, compliant cloud-based access controls and solutions with a strong emphasis on Identity and Access Management (IAM) and Privileged Access Management (PAM) in Google Cloud Platform (GCP). Serve as a technical leader responsible for architecture, integration, security posture, performance, availability, and scalability of IAM-related infrastructure in a highly regulated banking environment.

Key Responsibilities
Design and implement least-privilege access models using just-in-time (JIT) access, session management, identity lifecycle management, and privileged access controls.
Provide technical direction, resolve complex issues, define architecture, ensure proper technical integration, and maintain service level objectives (SLOs) for IAM and PAM solutions.
Own performance, high availability, and scalability aspects of the cloud IAM infrastructure.
Independently conduct risk assessments, security audits, and recommend appropriate security controls and remediation measures.
Lead tool evaluation initiatives, including defining evaluation criteria, identifying candidate tools, and conducting thorough evaluations.
Automate and manage cloud infrastructure and configurations using GitHub and Terraform.
Drive the evolution of analytics, dashboards, and key risk metrics (KRIs) to measure the effectiveness of cloud-based PAM controls.
Collaborate effectively with a diverse, global technology and business community; manage evolving requirements and communicate complex concepts clearly.
Technical Requirements / Hands-on Expertise
In-depth experience with Google Cloud Platform (GCP), especially:
GCP IAM (roles, policies, conditional access, custom roles, hierarchies)
GCP Secrets Manager
Strong hands-on knowledge of container orchestration and related technologies: Kubernetes, Docker, and Red Hat OpenShift.
Proficiency in infrastructure as code and automation tools: Terraform (mandatory), GitHub (for version control and CI/CD workflows).
Coding/scripting experience in one or more of: Python, Go, PowerShell, or similar languages.
Solid understanding of Privileged Access Management (PAM) and Secrets Management concepts and best practices.
Deep knowledge of the broader IAM cybersecurity landscape, including:
Identity stores
Authentication and authorization mechanisms
Privileged access management methodologies
Strong focus on public cloud environments (especially GCP)
Mandatory Skills
GCP (core focus on IAM & security services)
Terraform
Kubernetes
Preferred / Nice-to-Have
Experience in highly regulated industries (e.g., banking/financial services) with emphasis on compliance, audit, and risk management.
Familiarity with GCP Privileged Access Manager (PAM) features for JIT elevation.
Exposure to zero-trust principles, RBAC/ABAC models, and identity federation in cloud environments.
This role requires a blend of deep technical hands-on expertise, architectural leadership, and the ability to operate in a secure, compliance-heavy banking environment. Ideal candidates will champion least-privilege principles while delivering scalable, automated IAM/PAM solutions on GCP