Define and own enterprise IAM architecture across AWS, Azure (Entra ID), and GCP Design, implement, and govern IAM policies, roles, and trust models across multi-cloud environments Architect and enforce Zero Trust and least-privilege access models Design RBAC and ABAC frameworks for workforce, application, and service identities Define secure cross-account (AWS), cross-subscription (Azure), and cross-project (GCP) access patterns Architect AWS IAM (roles, policies, SCPs, permission boundaries, IAM Identity Center) Architect Azure IAM including Azure RBAC, custom roles, Conditional Access, and PIM Design usage of Managed Identities, Service Principals, and service accounts across clouds Architect GCP IAM including roles, service accounts, and workload identity federation Design and govern federated identity and SSO integrations with Azure AD, Okta, Google Workspace, etc. Architect and standardize SAML, OAuth 2.0, and OpenID Connect (OIDC) authentication flows Define and govern Privileged Access Management (PAM/PIM), including JIT access and break-glass strategies Own identity governance, including user lifecycle management, access reviews, and entitlement audits Lead IAM risk assessments, access certifications, and remediation of excessive permissions Define IAM monitoring, logging, and auditing using native cloud services and SIEM platforms Support and lead security incident response related to identity and access breaches Define and govern IAM automation standards using Terraform and policy-as-code Provide architectural guidance for IAM scripting and automation using Python or PowerShell Act as IAM domain architect, reviewing designs, mentoring engineers, and advising stakeholders