Directory Services Architect
Directory Services Architect
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
About the Role:
1. Position Summary / The Opportunity
We are seeking a visionary and deeply technical Principal Directory Services Architect to own the strategic direction and technical integrity of our global identity and access infrastructure. This is a critical leadership role responsible for designing building and securing the directory services that form the bedrock of our enterprise IT environment. You will be the ultimate subject matter expert guiding the evolution of our on-premises and cloud identity platforms to support our business strategy enhance our security posture and enable a seamless user experience. This role requires a blend of strategic foresight architectural mastery and hands-on leadership.
2. Key Responsibilities
- Strategy & Architecture:
- Drive the technical architecture and evolution of the directory services ecosystem playing a pivotal role in shaping the long-term strategic roadmap.
- Architect and design highly available secure and scalable solutions for identity provisioning authentication authorization and federation.
- Lead the architectural design for complex business scenarios including mergers and acquisitions (M&A) divestitures and greenfield cloud migrations.
- Evaluate emerging technologies in the identity space and create business cases for their adoption.
- Define and enforce enterprise-wide standards policies and best practices for all directory services.
- Security & Compliance:
- Act as the primary architect for securing Active Directory and Entra ID implementing security hardening principles like the Tiered Access Model and principles of least privilege.
- Architect secure authentication solutions that leverage Public Key Infrastructure (PKI) including certificate-based authentication for both on-premises resources and cloud applications via Entra ID.
- Design and oversee the implementation of Privileged Access Management (PAM) solutions.
- Ensure all directory services designs and implementations meet regulatory and compliance requirements (e.g. SOX GDPR ISO 27001).
- Partner with Cybersecurity and IT Operations to ensure critical identity data sources (from Active Directory Entra ID etc.) are properly integrated into enterprise SIEM and monitoring platforms and architect the logic to detect threats.
- Technical Leadership & Mentorship:
- Serve as the highest point of technical escalation for complex and persistent directory services issues.
- Mentor and develop senior engineers and operations staff fostering a culture of technical excellence.
- Lead cross-functional projects collaborating with security network application and cloud teams to deliver integrated solutions.
- Create and maintain comprehensive architectural documentation including high-level designs low-level designs and standard operating procedures.
3. Essential Skills & Experience (The Must-Haves)
- Experience:
- 15 years of progressive IT experience with at least 10 years focused specifically on Directory Services architecture in large complex global enterprise environments.
- Proven track record of leading the design and implementation of multi-forest Active Directory environments including complex trust relationships.
- Demonstrable experience architecting and executing large-scale migrations (e.g. AD version upgrades on-prem to cloud tenant-to-tenant migrations).
- Extensive hands-on experience with M&A activities including the integration and separation of Active Directory and Entra ID tenants.
- Technical Expertise:
- Microsoft On-Premises: Expert-level knowledge of Active Directory Domain Services (AD DS) DNS DHCP Group Policy Objects (GPOs) and Active Directory Federation Services (ADFS).
- Microsoft Cloud (Entra ID): Deep architectural understanding of Microsoft Entra ID and its ecosystem including:
- Entra ID Connect (Sync & Cloud Sync)
- Conditional Access Policies
- Privileged Identity Management (PIM)
- Single Sign-On (SSO) and Application Integration (SAML OAuth 2.0 OIDC)
- Entra Application Proxy
- B2B and B2C collaboration
- PKI Integration:
- Strong architectural understanding of how Public Key Infrastructure (PKI) integrates with directory services without necessarily owning the PKI service itself.
- Experience designing solutions that leverage Active Directory Certificate Services (AD CS) for certificate template management auto-enrollment (via GPO) and enabling LDAPS.
- Proven ability to architect and configure Certificate-Based Authentication (CBA) in Microsoft Entra ID for phishing-resistant MFA.
- Security: Mastery of identity security principles including credential protection tiered administration models and Active Directory disaster recovery strategies.
- Scripting & Automation: High proficiency in PowerShell for Active Directory and Entra ID administration and automation. Experience with the Microsoft Graph API is essential.
4. Desired Qualifications (The Nice-to-Haves)
- Broader IAM Knowledge: Experience with other leading Identity and Access Management (IAM) platforms (e.g. Okta Ping Identity SailPoint).
- Public Cloud: Familiarity with identity integration in other public clouds (AWS IAM Google Cloud Identity).
- Infrastructure as Code (IaC): Experience using tools like Terraform or Bicep to manage identity infrastructure is a significant plus.
- Certifications: While experience is paramount relevant certifications are a bonus (e.g. Microsoft Certified: Azure Solutions Architect Expert Microsoft Certified: Identity and Access Administrator Associate).
- DevSecOps Mindset: Understanding of how to integrate identity and security into CI/CD pipelines.
5. Candidate Profile
- Strategic Thinker: You can see the big picture and translate business needs into robust long-term technical solutions.
- Excellent Communicator: You can articulate complex technical concepts to both technical peers and non-technical stakeholders including C-level executives.
- Natural Leader: You command respect through your expertise and can influence decision-making across the organization without direct authority.
- Pragmatic Problem-Solver: You are analytical detail-oriented and can navigate ambiguity to find the most effective solutions.
About OSTTRA
Candidates should note that OSTTRAis an independentfirm jointly owned by S&P Global and CME Group. As part of the joint venture S&P Global providesrecruitmentservices to OSTTRA - however successful candidates will be interviewed and directly employed by OSTTRA joiningour global team of more than 1200 posttrade experts.
OSTTRA was formed in 2021 through the combination of four businesses that have been at the heart of post trade evolution and innovation for the last 20 years: MarkitServ Traiana TriOptima and Reset. OSTTRA is a joint venture owned 50/50 by S&P Global and CME Group.
With an outstanding track record of developing and supporting critical market infrastructure our combined network connects thousands of market participants to streamline end to end workflows -from trade capture at the point of execution through portfolio optimization to clearing and settlement.
Joining the OSTTRA team is a unique opportunity to help build a bold new business with an outstanding heritage in financial technology playing a central role in supporting global financial markets.
Learn more at.
Whats In It For You
Benefits:
We take care of you so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global.
Our benefits include:
Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay retirement planning a continuing education program with a company-matched student loan contribution and financial wellness programs.
Family Friendly Perks: Its not just about you. S&P Global has perks for your partners and little ones too with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awardssmall perks can make a big difference.
For more information on benefits by country visit: Fraud Alert:
If you receive an email from a domain or any other regionally based domains it is a scam and should be reported to. S&P Global never requires any candidate to pay money for job applications interviews offer letters pre-employment training or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines fraudulent domains and how to report suspicious activityhere.
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity color religion sex sexual orientation gender identity national origin age disability marital status military veteran status unemployment status or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability please send an email to:and your request will be forwarded to the appropriate person.
US Candidates Only:The EEO is the Law Poster discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - - Professional (EEO-2 Job Categories-United States of America) BSMGMT203 - Entry Professional (EEO Job Group)
Required Experience:
Director
Employment Type
Full-Time
Key Skills
Similar Jobs
Dr. Job is an online platform that connects employers with skilled job seekers, facilitating the search for job opportunities and top talent. Established in 2015. Dr. Job Pro has emerged as the world premier job portal, attracting thousands of job seekers every day from all over the world.
Follow Dr.Job
Dr Job FZ LLC. 2025 © All Rights Reserved