Principal Domain Architect - Identity and Access Security

This job is with ABB, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.

At ABB, we help industries outrun - leaner and cleaner. Here, progress is an expectation - for you, your team, and the world. As a global market leader, we’ll give you what you need to make it happen. It won’t always be easy, growing takes grit. But at ABB, you’ll never run alone. Run what runs the world.

This Position reports to :

IS Manager

In this role, you will have the opportunity to act as the architectural authority for your technology area of responsibility. Each day, you will guide and lead Solution Architects to ensure the integrity of the technology architecture. You will also showcase your expertise by realizing the benefits from standardization, synergy, and optimization of the technology landscape across business and domains.

The work model for the role is : #LI_hybrid

This role is contributing to the Security Risk and Compliance Organization Globally. Main stakeholders are Security teams, Information Systems teams across global services and business areas.

You will be mainly accountable for :

Defining and maintaining the global IAM architecture vision and roadmap, aligned with enterprise security strategy, regulatory requirements, and business needs.

Establishing standards, patterns, and reference architectures to identity lifecycle management, authentication, authorization, and access governance across all environments.

Architecting and maintaining the full IAM capability landscape - Identity Governance & Administration (IGA), Privileged Access Management (PAM), Access Management (AM), Customer IAM (CIAM), master data and identity data management, secrets management, machine identity management, and emerging IAM domains.

Driving Zero Trust Identity principles, implementing strong authentication, adaptive access, and continuous verification to minimize identity-related risks.

Architecting role-based, attribute-based, and policy-based access control (RBAC, ABAC, PBAC) models to ensure least privilege access for users, devices, and services.

Integrating IAM capabilities into cloud, on-premises, and hybrid platforms, including SaaS, IaaS, PaaS, and containerized workloads, ensuring consistent policy enforcement.

Designing secure integration between IAM platforms and business applications, covering SSO, federation, just-in-time provisioning, and privileged access management.

Architecting IAM observability : access monitoring, anomaly detection, behavioral analytics, and automated response to suspicious identity activities.

Partnering with HR, application, infrastructure, and security teams to embed IAM controls into joiner-mover-leaver processes and change workflows without disrupting operations.

Driving secure credential, secrets, and key management strategies, including password less authentication and integration with hardware-based security modules where appropriate.

Embedding IAM resilience principles – high availability, failover, disaster recovery, and service continuity – into architecture patterns.

Providing architectural guidance during identity-related security incidents, ensuring lessons learned are integrated into preventive and detective IAM controls.

Ensuring rationalization of IAM tools and platforms, consolidating overlapping capabilities across identity providers, MFA solutions, PAM systems, and access governance tools to reduce complexity and cost.

Staying ahead of emerging IAM threats such as MFA bypass, deepfake-enabled impersonation, credential stuffing, and supply chain compromises in identity services.

Leading and mentoring a globally distributed team of IAM architects and engineers, building capability and ensuring architecture adoption.

Acting as a trusted advisor to leadership, translating identity risk and architecture priorities into business impact.

Qualifications for the role :

Proven expertise in enterprise security architecture, with hands-on experience in architecture tools and technology road mapping.

15+ years of experience in security architecture and significant portion of it in Identity Security, including Zero Trust implementation.

Architecture certifications like CISSP-AP, SABSA and TOGAF are preferred.

Strong global experience, especially in collaborating with distributed teams on security topics.

Deep understanding of security architecture design models and frameworks.

Bachelor’s degree in Computer Science or related field (preferred).

Excellent communication and presentation skills, possessing confidence when engaging senior stakeholders.

We value people from different backgrounds. Could this be your story? Apply today or visit www.abb.com to read more about us and learn about the impact of our solutions across the globe.