CIAM / Identity Architect

R Systems is a leading digital product engineering company that designs and develops chip-to-cloud software products, platforms, and digital experiences that empower its clients to achieve higher revenues and operational efficiency. Our product mindset and engineering capabilities in Cloud, Data, AI, and CX enable us to serve key players in the high-tech industry, including ISVs, SaaS, and Internet companies, as well as product companies in telecom, media, finance, manufacturing, and health verticals.

Position Overview As a CIAM / Identity Architect at R Systems, you will be responsible for defining and governing the Customer Identity & Access Management architecture across digital channels, ensuring secure, scalable, compliant, and frictionless customer authentication and authorization experiences. This role owns the identity strategy for customers and external users, distinct from workforce IAM, and ensures alignment with security, privacy, regulatory, and digital transformation goals.

Key Responsibilities

Define and maintain the

CIAM reference architecture

spanning authentication, authorization, customer lifecycle management, consent, and identity federation.

Design

scalable identity flows

for mobile apps, web experiences, APIs, and partner integrations, optimizing for usability, security, and performance.

Own and govern

identity standards

and patterns, including

OIDC, OAuth 2.0, SAML, FIDO2/WebAuthn , token models, and session management approaches.

Embed

privacy-by-design

with consent capture, purpose limitation, data minimization, and regulatory alignment (e.g., GDPR and regional equivalents).

Provide

architectural oversight

for CIAM vendors and internal identity platforms; evaluate build vs. buy; ensure interoperability and roadmap alignment.

Define

non-functional requirements

and SLOs for availability, performance, fraud detection, resilience, disaster recovery, and multi-region scale.

Act as senior

design authority

for CIAM-related decisions and

security exceptions , balancing customer experience with risk controls.

Partner with API, mobile, and web platform teams to align

API security , token scopes, and gateway policies with zero trust principles.

Establish

identity data models

and customer profile boundaries across domains; guide eventing and telemetry for identity analytics and fraud monitoring.

Influence

product roadmaps

for enrollment, progressive profiling, step-up authentication, and self-service account recovery.

Define patterns for

social login ,

partner federation , and

B2B2C

scenarios, including trust frameworks and contractual controls.

Architectural decisions must account for migration paths from legacy IAM/CRM directories, ensuring coexistence, minimal downtime cutovers, and strong rollback plans.

Required Skills

CIAM architecture : customer onboarding, identity proofing patterns, profile management, consent orchestration, MFA/step-up, account recovery.

AuthN/AuthZ protocols : OAuth 2.0, OIDC, SAML, JWT, token lifecycles, PKCE, device authorization, dynamic client registration.

Federation & social login : brokered identity, Just-In-Time provisioning, account linking, risk-aware social sign-in.

API security : gateway integration, token exchange, mTLS, rate limiting, scope design, audience and resource modeling.

Identity risk & fraud : bot and credential-stuffing defenses, device trust, anomaly/risk signals, adaptive access, and re-auth strategies.

Privacy engineering : data minimization, consent tracking, purpose binding, right-to-access/erase, data residency, and encryption patterns.

Architecture governance : reference models, standards catalogs, decision records, review boards, and cross-domain leadership.

Resilience & scale : multi-region, active-active, blue/green identity changes, schema evolution, rate/latency optimization.

Developer experience : SDK and pattern enablement, secure-by-default templates, guardrails, and documentation.

Training & Certifications

Data privacy

training (GDPR and regional equivalents).

OWASP

Identity & API Security training (including ASVS and API Security Top 10).

Experience Required

8–12+ years

in identity, security, or solution architecture roles.

4+ years

designing

customer-facing identity platforms

at scale (high-traffic consumer or partner ecosystems).

Experience in

regulated industries

such as banking, fintech, or telecommunications.

Proven leadership driving

architecture decisions across multiple digital channels

(mobile, web, API/platform).

Track record delivering measurable outcomes in conversion, fraud reduction, latency, and availability.

Success Measures

Improved

authentication success rate

and reduced

account recovery

friction without increasing risk.

Adoption of

reference patterns

and

standards

across product teams; reduced custom auth code.

Regulatory alignment evidenced by

privacy controls , consent auditability, and clean audit outcomes.

Demonstrable

resilience : RTO/RPO targets met, regional failover tested, and fraud detection integrated.

Key Stakeholders

Security Architecture, AppSec, and Fraud/Risk teams

Digital Product, Mobile/Web Platform, and API Platform teams

Data Privacy/Legal/Compliance

Customer Support and Growth/Marketing (for enrollment and conversion impact)

Vendor Management and Enterprise Architecture

System design : Design a multi-region CIAM with social login, adaptive MFA, and consent; discuss trade-offs.

Governance : Present a standards catalog and an ADR for a contentious CIAM decision.

Best practice: provide a starter developer integration guide (PKCE, scopes, redirect URI hygiene, token storage) and require candidates to critique and improve it during interviews.

Approved

CIAM reference architecture , patterns, and standards catalog.

Target

customer identity data model

and consent taxonomy with lifecycle events.

Risk-based

authentication strategy

with adaptive controls and fraud signal integration.

Migration blueprint for legacy IAM/CRM directories, including coexistence and cutover plan.

Dashboards for

identity KPIs

(auth success, latency, risk events, account recovery rates).

Tools & Platforms (Examples)

CIAM suites: Okta/Auth0, ForgeRock, Ping, Microsoft Entra External ID

Telemetry: SIEM, identity analytics, customer journey analytics

Why Join R Systems?

Frequent Internal Hackathons : Engage in dynamic competitions with exciting prizes to keep your skills sharp.

Cultural Celebrations : Strengthen our familial bonds through shared celebrations, fostering a sense of community.

Diverse Project Exposure : Work on a variety of projects across sectors like Healthcare, Banking, e-commerce, and Retail, collaborating with leading global brands.

Centre of Excellence (COE) : Benefit from technical guidance and upskilling opportunities provided by our team of technology experts, helping you navigate your career path.

E-Learning Platform : Gain access to comprehensive e-learning platforms coupled with a robust mentorship program to enhance your skills.

Open Door Policy : Embrace a culture of mutual support, respect, and open dialogue, promoting a collaborative work environment.

If you are passionate and excited about working in a fast-paced, innovative environment, we would love to hear from you!

R Systems is an equal opportunity employer that does not discriminate against any employee or job applicant because of race, color, religion, national origin, sex, physical or mental disability, age, or any other characteristic protected by law. We strive to build a team that reflects the diverse communities we serve, and we actively encourage applications from individuals of all backgrounds and experiences. Our commitment to equal opportunity extends to all aspects of employment, including recruitment, hiring, training, promotion, and benefits.

#J-18808-Ljbffr