We are UMG the Universal Music Group. We are the worlds leading music everything we do we are committed to artistry innovation and entrepreneurship. We own and operate a broad array of businesses engaged in recorded music music publishing merchandising and audiovisual content in more than 60 countries. We identify and develop recording artists and songwriters and we produce distribute and promote the most critically acclaimed and commercially successful music to delight and entertain fans around the world.

We are currently seeking an experienced Sr. Identity Access Management Architect to lead architectural design strategic planning and delivery across the full Identity & Access Management landscape. The Sr. Identity Access Management Architect will play a critical role in shaping UMGs global identity ecosystem across areas such as Access Management IGA PAM Directory Services and PKI.

This hands-on role will drive scalable and secure identity solutions leading complex integrations across on-premises and multi-cloud environments. The successful candidate will possess deep technical expertise a strategic mindset and a strong ability to influence cross-functional teams and executive stakeholders.

Job Functions:

• Architect and design enterprise-wide IAM solutions aligned with business goals security policies and compliance requirements.

• Provide leadership and oversight for strategic IAM functions including PAM IGA SSO MFA Federation PKI Directory Services and Secrets Management.

• Define technical direction for IAM tools and develop overall strategic framework for implementation across the company with an emphasis on standard configurations.

• Lead architecture planning and lifecycle designs for all personas including employees partners customers and non-human identities.

• Establish the target-state identity architecture and effectively communicate and guide engineers to implementing that vision.

• Develop secure and scalable authentication authorization and account provisioning workflows.

• Partner with engineering teams to integrate identity services into applications and infrastructure using APIs and automation pipelines.

• Evaluate complex business requirements and effectively guide cross-functional teams to implement secure identity frameworks.

• Create and maintain architectural documentation standards and design patterns for IAM services.

• Contribute to solution development and code when needed and review designs to ensure compliance with architecture and security standards.

• Engage with internal and external stakeholders to communicate strategy resolve roadblocks and champion IAM modernization initiatives.

Job Requirements:

Qualifications:

• 10 years of experience in IAM or Security Architecture roles with demonstrated success in designing enterprise-scale IAM platforms

• Strong expertise with IAM protocols (SAML OAuth2 OIDC SCIM LDAP Kerberos FIDO) and modern cloud identity models

• Extensive hands-on experience with products like CyberArk PingOne Ping Davinci EntraID Saviynt HashiCorp Vault Digicert Onfido and Active Directory

• Expert-level understanding of Authentication Authorization Directory Services PKI MFA Federation and PAM

• Experience designing secure APIs and automating operational functions

• Proven ability to lead architectural governance and collaborate across security infrastructure application and compliance teams

• Track record of implementing secure scalable identity solutions in multi-cloud and hybrid environments

• Excellent communication and leadership skills with the ability to influence at all levels of the organization

• Experience working in Agile environments with cross-functional engineering teams

Desirable:

• Bachelors or Masters Degree in Computer Science Engineering or related technical discipline

• Professional certifications such as CISSP CISM Microsoft Certified: Identity and Access Administrator or TOGAF

• Background in risk-based authentication adaptive access and identity analytics

• Experience in media entertainment or global enterprises

• Experience in cloud application development and maintenance

• Strong understanding of cloud security container security and zero trust architecture

• Experience deploying passwordless technology in a hybrid environment

• Knowledge of IAM-related compliance frameworks such as SOX GDPR NIST ISO 27001

Perks Playlist:

Join an entrepreneurial global organization where authenticity boldness creativity connection drive and insight arent just valuestheyre how we work every day. Here are some of the ways we support you along the way (and just a few of the benefits we offer):

• Comprehensive medical dental and vision coverage

• Including 100% coverage for out-patient in-network mental health services

• Fertility coverage for eligible medical plan participants

• Wellbeing reimbursements for fitness classes spa treatments meal services travel and so much more (up to $720/year)

• Student Loan Repayment Assistance and Tuition Reimbursement

• 401(k) with 100% immediate vesting on the first 5% of your contributions plus an additional UMG contribution

A variety of ways to prioritize much-needed time away from work including:

• Flexible Paid Time Off (PTO) for exempt employees

• 3-weeks PTO for non-exempt employees

• 2-weeks paid Winter Break

• 10 Company Holidays (including Juneteenth and Wellbeing Day)

• Summer Fridays (between Memorial Day and Labor Day)

• Generous paid parental leave for every type of parent

Check out our full overview of benefits on the Perks Playlist page of the career site.

Disclaimer: This job description only provides an overview of job responsibilities that are subject to change.

Universal Music Group is an Equal Opportunity Employer

We are an E-Verify employer in Alabama Arizona Georgia Mississippi North Carolina South Carolina Tennessee and Utah.

For more information please click on the following links.

E-Verify Participation Poster:English / Spanish

E-Verify Right to Work Poster:EnglishSpanish

Job Category:

Salary Range:

The actual base salary offered depends on a variety of factors which may include as applicable the qualifications of the individual applicant for the position years of relevant experience specific and unique skills level of education attained certifications or other professional licenses held and the location in which the applicant lives and/or from which they will be performing the job. All candidates are encouraged to apply.