-
Identity and Access Management (IAM) Architect
- PennyMac (Westlake Village, CA)
-
PENNYMAC
Pennymac (NYSE: PFSI) is a specialty financial services firm with a comprehensive mortgage platform and integrated business focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market.
At Pennymac, our people are the foundation of our success and at the heart of our dynamic work culture. Together, we work towards a unified goal of helping millions of Americans achieve aspirations of homeownership through the complete mortgage journey.
A Typical Day
As an Identity Access Management Architect , you will be the principal owner and strategic visionary for our enterprise-wide Identity and Access Management (IAM) ecosystem. This is a critical leadership role responsible for designing, building, and maintaining the architectural foundation that secures our corporate data and enables our global workforce. You will architect a modern, scalable, and resilient identity fabric, leveraging industry-leading platforms to support our zero-trust security model and drive business agility.
You will oversee all company identity platforms, provide architectural guidance and best practices, design and lead the implementation of platform enhancements, and continuously identify areas for improvement, increased security and resiliency, and operational efficiencies.
Key Responsibilities
+ Strategic Architecture & Platform Oversight:
+ Provide high-level oversight of all company identity platforms.
+ Design, own, and evolve the enterprise identity architecture and strategic roadmap, encompassing Workforce and Customer IAM (CIAM).
+ Develop and maintain high-level and low-level design documents, standards, and patterns for our core identity platforms.
+ Design robust identity patterns for internal application development and off the shelf applications.
+ Implementation & Technical Leadership:
+ Lead the architectural design of complex federation patterns using Multi-factor Authentication, SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC) to securely integrate a diverse portfolio of SaaS, cloud applications, and internal applications.
+ Drive and oversee platform improvements, including IDP consolidation (e.g., OneLogin -> SDO) and cleanup of existing identity providers.
+ Serve as the senior technical expert on projects involving identity, authentication, and authorization.
+ Provide expert-level troubleshooting for the most complex identity-related issues.
+ Governance, Security & Continuous Improvement:
+ Partner with the InfoSec team to define and enforce IAM policies, controls, and best practices aligned with a zero-trust framework.
+ Maintain a strong awareness of security issues and considerations around identity platforms and lead efforts to mitigate and remediate risks.
+ Lead Active Directory management and cleanup initiatives , including modernization, de-nesting groups, identifying risky service accounts, and performing remediation of over-privileged accounts and SPNs.
+ Ensure all identity solutions meet stringent security requirements and comply with regulatory standards (e.g., SOX, GDPR, CCPA).
+ Collaboration & Mentorship:
+ Collaborate closely with application owners, infrastructure engineers, Infosec, and business stakeholders to translate requirements into secure and scalable identity solutions.
+ Mentor and guide senior engineers, fostering technical excellence and professional growth.
+ Clearly articulate and present complex architectural concepts to technical and non-technical audiences, including executive leadership.
What You’ll Bring
+ Required Qualifications
+ 5+ years in a senior role focused specifically on Identity and Access Management.
+ 5+ years of deep, hands-on experience with Microsoft Active Directory architecture and management.
+ 3+ years of hands-on experience with SAML IDP/Brokers (e.g., ADFS, Okta, Entra ID, OneLogin).
+ Expert-level architectural experience with Okta , Active Directory/Entra ID, and Okta (Auth0).
+ Proven experience designing and implementing complex identity federation solutions using SAML 2.0, OAuth 2.0, and OIDC.
+ Experience integrating identity services with enterprise SaaS applications, cloud-native services, and legacy systems.
+ Ability to conceptualize, design, and implement identity models across systems, ensuring least-privileged RBAC, strong naming conventions, and rich identity metadata.
+ Proficiency in PowerShell or other scripting/automation languages.
+ Experience architecting identity solutions for major cloud platforms (AWS, GCP).
+ Familiarity with JIRA, Service now, or other ITSM systems.
+ Preferred Qualifications
+ Relevant industry certifications, such as Okta Certified Technical Architect , Microsoft Certified: Identity and Access Administrator Associate/Expert , or CISSP.
+ Knowledge of Infrastructure as Code (IaC) principles and tools (e.g., Terraform) as they apply to IAM.
+ Experience with adjacent security domains, such as Privileged Access Management (PAM) and Identity Governance & Administration (IGA) platforms.
Why You Should Join
As one of the top mortgage lenders in the country, Pennymac has helped over 4 million lifetime homeowners achieve and sustain their aspirations of home. Our vision is to be the most trusted partner for home. Together, 4,000 Pennymac team members across the country are guided by our core values: to be Accountable, Reliable and Ethical in all that we do. Pennymac is committed to conducting a business that makes positive contributions and promotes long-term sustainable growth and to fostering an equitable and inclusive environment, where all employees and customers feel valued, respected and supported.
Benefits That Bring It Home: Whether you're looking for flexible benefits for today, setting up short-term goals for tomorrow, or planning for long-term success and retirement, Pennymac's benefits have you covered. Some key benefits include:
+ Comprehensive Medical, Dental, and Vision
+ Paid Time Off Programs including vacation, holidays, illness, and parental leave
+ Wellness Programs, Employee Recognition Programs, and onsite gyms and cafe style dining (select locations)
+ Retirement benefits, life insurance, 401k match, and tuition reimbursement
+ Philanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorships
To learn more about our benefits visit: https://pennymacnews.page.link/benefits
For residents with state required benefit information, additional information can be found at: https://www.pennymac.com/additional-benefits-information
Compensation: Individual salary may vary based on multiple factors including specific role, geographic location / market data, and skills and experience as defined below:
+ Lower in range - Building skills and experience in the role
+ Mid-range - Experience and skills align with proficiency in the role
+ Higher in range - Experience and skills add value above typical requirements of the role
Some roles may be eligible for performance-based compensation and/or stock-based incentives awarded to employees based on company and individual performance.
Salary
$110,000 - $175,000
Work Model
OFFICE
-
Recent Searches
- Workday Technical Integration Developer (Florida)
- Software Engineering Manager Google (United States)
Recent Jobs
-
Identity and Access Management (IAM) Architect
- PennyMac (Westlake Village, CA)