Identity & Access Management (IAM) Technical Lead

Role title: Platform Technical Lead - Identity & Access Management
Reports to (manager’s job title): Platform Owner - Identity & Directory Services
Directorate / Division: CIO / Tech & Platforms
Department: Digital Workplace
Location:
Level / Grade: VM L5 / PCGU

Role dimensions

Direct Reports: 2
Indirect Reports:
Budget/financial accountability:

Role purpose

This role sits within Technology & Platforms which is responsible for defining and maintaining the strategy
and roadmap for all core technology platforms. This includes platform vision, prioritisation, and planning;
financial management and investment; platform architecture design and assurance; and the definition and
implementation of platform architecture standards. The function ensures platforms are robust, scalable,
cost-effective, and aligned with the overall business strategy, adapting to evolving needs and driving
innovation.
Technology & Platforms is split into Digital Workplace, BSS & Fixed B2B2C Wholesale, Core Engineering,
Platform Engineering and Platform Innovation.
This role sits with the Digital Workplace division. This division is accountable for Driving a seamless, secure,
and intelligent work environment across the organisation. Combining innovation, insight, and trusted
partnerships to empower every employee to perform at their best. We are responsible for delivering and
evolving the technology, tools, and services that help our people work securely, collaboratively, and
productively, wherever they are.
The Platform Technical Lead provides hands-on technical leadership to support the operational design of
the platform. They own the technical integrity of the platforms, supporting projects across the lifecycle to
ensure platforms are developed and delivered in line with the platform technical standards and approved
designs, acting as the key day-to-day interface with partners.

Key responsibilities & accountabilities

Build  Day to Day technical interface to Partner supporting the technical execution of

the platform strategy across projects.
 Provides SME input to projects, understanding business outcomes and
articulating the impact of technical choices, defining technical delivery metrics
and ensuring decisions align with the platform strategy.
 Reviews sizing estimates, assuring technical designs and builds for compliance
and quality; and fostering strong relationships that encourages continuous
improvement and innovation.
 Act as escalation point for resolving technical blockers across
product/platform deliveries.
 Represents IT within cross functional teams or forums (e.g. sizing forum),

Role Description INTERN
AL

Page 2 of 3 Template role description 1 st Sep 2021
ensuring the right outcomes and objectives are being reached, including cost
and business need.

Run

 Govern the interface between Run and Transformation activity to ensure
stability.
 Own the technical health, resilience, and lifecycle of the platform/application.
 Provide oversight that outsourced run services are technically compliant with
enterprise standards.
 Validate that fixes, patches, upgrades, and changes proposed by run partners
align with platform roadmaps and architecture.
 Act as the technical escalation point for major incidents, persistent problems,
or systemic defects when vendors cannot resolve independently.
 Sign off SOX and other compliance controls representing the platform owner
(partner would execute).

Security &
Compliance

 Ensure the day-to-day technical security and compliance of Identity & Access
Management platforms, confirming they operate in line with approved
architectures, security standards, and regulatory requirements.
 Provide technical assurance that IAM controls (including UAR/PUAR, RBAC,
PAM, JML, MFA, and authentication policies) are correctly implemented,
configured, and operating as designed across all identity platforms.
 Support the execution of audit and compliance activities by validating
technical controls, providing accurate evidence, and supporting walkthroughs
for internal and external auditors.
 Work closely with delivery partners to ensure remediation of IAM-related
vulnerabilities, audit findings, and control gaps are implemented correctly and
within agreed timescales.
 Validate that changes, fixes, upgrades, and configurations proposed by
partners do not weaken IAM control effectiveness or introduce security,
compliance, or resilience risks.
 Ensure IAM platform logs, access records, privileged session data, and identity
lifecycle events are retained, protected, and accessible in line with
organisational information governance and audit requirements.
 Provide technical oversight of resilience and continuity controls across IAM
services, including directory redundancy, authentication failover, and
privileged access break-glass mechanisms.
 Escalate material security, compliance, or control risks to the Platform Owner
with clear technical impact assessments and recommended remediation
actions.
Specifics for Identity & Access Management
Technical Leadership & IAM SME Ownership
 Act as the technical authority across all Identity & Access Management platforms, including Okta,
Entra ID, MyIdentity, One Identity, MIM, MFA services, PAM integrations, and least-privilege
access controls.
 Provide hands-on technical leadership across IAM initiatives, ensuring solutions align to approved
IAM architecture, Zero Trust principles, and platform strategy.
 Act as the technical authority for the management of Non Human identities and supporting
technologies such as secret management vaults.
 Support projects with deep IAM SME input, translating business and security requirements into
robust, scalable technical designs.
Partner Technical Interface & Delivery Assurance
 Act as the day-to-day technical interface with partner engineering teams delivering IAM build and
run services.
 Review and assure low-level designs, configurations, integrations, and implementation plans
across identity platforms.
 Ensure partner-delivered solutions comply with IAM technical standards, security baselines, and
control frameworks.

Role Description INTERN
AL

Page 3 of 3 Template role description 1 st Sep 2021
 Challenge partner proposals where designs introduce security, resilience, cost, or operability risks.

Technical Escalation & Problem Resolution
 Act as the technical escalation point for complex IAM issues, including authentication failures, SSO
outages, provisioning defects, MFA disruption, and PAM access incidents.
 Lead root-cause analysis for recurring or high-impact identity incidents, ensuring permanent fixes
are implemented.
 Support major incident response where identity services are a critical dependency, ensuring rapid
restoration and clear technical leadership.
IAM Technical Governance & Control Integrity
 Maintain and enforce IAM technical standards (human and non human identities), including:
o Authentication and federation patterns
o MFA and conditional access enforcement
o RBAC / ABAC models
o Privileged access design patterns
 Validate that changes, patches, upgrades, and configuration updates proposed by run partners
align with:
o Approved IAM architecture
o Security and compliance requirements
o Platform roadmaps and lifecycle plans
 Support sign-off of SOX, ISO27001, and internal IAM controls from a technical assurance
perspective.
Run, Resilience & Lifecycle Assurance
 Own the technical health, resilience, and lifecycle integrity of IAM platforms and services.
 Ensure identity services meet availability, failover, and recovery requirements, including MFA
continuity and PAM break-glass access.
 Govern lifecycle risks such as platform end-of-life, protocol deprecation, certificate expiry, and
identity dependency failures.
 Ensure IAM telemetry, logs, and monitoring support incident response, audit, and security
investigations.
 Ensure that the service is securely integrated into the Minimum Viable Company model as a core
underpinning service.
Operational Leadership & Execution Oversight
 Provide day-to-day technical leadership and execution oversight for the Senior Compliance Analyst
and Senior IAM (PAM) Analyst, ensuring identity governance, privileged access, and compliance
activities are delivered accurately, on time, and in line with approved IAM control frameworks.
 Coordinate priorities, dependencies, and technical direction across compliance and PAM activities,
ensuring risks, audit actions, and remediation tasks are clearly owned, tracked, and progressed to
closure.
 Review and validate technical outputs, evidence quality, and control execution produced by
compliance and PAM teams, escalating material issues or delivery risks to the Platform Owner
where required.
 Act as the primary technical escalation point for IAM compliance or PAM execution issues that
require architectural judgement, control interpretation, or partner challenge.

Essential skills, knowledge, or experience
(Inc. professional or technical qualifications)

 Deep technical expertise in Identity & Access Management, including SSO, MFA, directory
services, identity federation, provisioning, and privileged access.
 Strong hands-on knowledge of Okta and/or Entra ID, with experience integrating enterprise
applications and authentication flows.

Role Description INTERN
AL

Page 4 of 3 Template role description 1 st Sep 2021
 Experience with identity lifecycle tooling (e.g. MyIdentity, One Identity, MIM or equivalents).
 Solid understanding of least-privilege access models, RBAC/ABAC, and privileged access
patterns.
 Strong grounding in Zero Trust identity principles, conditional access, and risk-based
authentication.
 Proven experience acting as the technical escalation point for complex IAM incidents and
platform failures.
 Experience operating in a partner-delivered IAM model, providing technical direction,
assurance, and challenge rather than hands-on administration.
 Strong understanding of IAM security and compliance controls, including SOX, ISO27001, Cyber
Essentials, and audit evidence requirements.
 Ability to translate complex IAM technical issues into clear impacts, risks, and
recommendations for non-technical stakeholders.
 Excellent analytical and troubleshooting skills across authentication, federation, provisioning,
and access control failures.
 Strong communication skills, able to engage confidently with Security, Architecture,
Compliance, and senior technical stakeholders.