Lead Identity and Access Management Solutions Architect

Full Time
San Antonio, TX
Areas of Interest: Systems Security Architecture
report a problem


The Lead Identity and Access Management Solutions Architect will be responsible for providing thought leadership and subject matter expertise in Identity and Access Management (IAM) across the organization. The successful candidate will investigate internal necessities to adequately understand business requirements in order to produce IAM solutions that meet current and future business needs. Additionally, the successful candidate will be a key consultant who will facilitate discussions with internal customers and other stakeholders in large workshops, small groups or one-on-one sessions while driving adoption of best practices in IAM throughout the enterprise to support customers’ demand for access to an increasing range of applications and other IT resources. This IAM expert will have top level planning and design skills, able to articulate the general benefits of an IAM system, and collaborate with the IAM implementation team to ensure adequate support for the rapid adoption of cloud and on-premise services while providing secure integration and data exchange across multiple user populations.


  • Develop Identity & Access Management Strategy (that includes Role-based Access Control (RBAC), Federation, Single Sign-on, Multi-factor Authentication, Segregation of Duties, and Reporting & Compliance) and coordinate execution and implementation efforts with the IAM build team;
  • Provide thought leadership and subject matter expertise in IAM requirements analysis and solutions design;
  • Lead the contextual and conceptual architectural design of scalable and agile identity management, authentication and authorization solutions;
  • Partner with Identity and Access Management build team to ensure appropriate implementation of scalable and agile IAM solutions;
  • Assess the current state of Tesoro’s IAM infrastructure to identify opportunities for improvement and establish an IAM service improvement plan with particular focus on resource optimization and operational efficiency and effectiveness;
  • Partner with Enterprise Architecture, Business Process Partners, IAM build team and other security solutions architects to understand IAM requirements with a view to identifying the right mix of IAM products/solutions needed to fulfil business requirements;
  • Provide security design, consultancy, and assessment services while introducing improvements in technical security standards and security implementation designs/patterns
  • Develop and deliver a road map of the evolution of Identity and access management capabilities from its current to a target state that meets the needs of the business and its user populations;
  • Maintain oversight of the design, implementation and testing of IAM solutions to ensure appropriate and effective security attributes are embedded from the onset rather than “bolted on” after the fact;
  • Work with internal customers and IAM build team to ensure clear requirements traceability throughout the lifecycle of a project
  • Define and design clean workflows for small and complex events relating to provisioning, reconciliation, service accounts, organizational changes and so forth
  • Work closely with Enterprise Architecture, Business Process Partners and Transformation Management Office to ensure alignment of plans with what is being delivered.
  • Investigate and document the identity management, identity analytics, authentication and authorization components of the company’s IAM infrastructure
  • Develop reference IAM architecture and ensure project and solutions delivery to that architecture.


  • Minimum of a bachelor’s degree in engineering or information systems or related field of study required.
  • CISSP Certification required
  • 10 or more years of experience in a diversified IT or information security role is required;
  • Deep knowledge of leading IAM products is required;
  • Broad understanding of information security tenets and security architecture principles is required;
  • Experience developing strategies and roadmaps in line with best practices and proven frameworks is required;
  • Excellent ability to build a business case that educates senior management on the business benefits (such as cost savings, productivity, automation, self-service, compliance, personalization, efficiency and security) of IAM is required;
  • Ability to design and ensure delivery of IAM solutions and services that enable maximum productivity for employees is required;
  • Ability to thoroughly review technical design components to ensure alignment with security policies, standards and best practices is required;
  • Strong knowledge and understanding of current and emerging cyber security threats, vulnerabilities, trends and mitigations ranging across the technologies required to provide layered defense is required;
  • Must be able to represent cyber security viewpoint through excellent communication skills to both technical and non-technical audience;
  • TOGAF or SABSA certification is a plus
  • 5 or more years’ technical IAM architecture experience working with multi-tiered applications, databases, LDAP and directory services preferred;
  • Demonstrated ability to identify IAM requirements and validate implementation of specified requirements into a robust architecture that sufficiently protects valuable digital resources is preferred;

See What Its Like At Tesoro:


Tesoro Corporation, a Fortune 100 company, is a leading independent refiner and marketer of petroleum products with a strategically focused presence in the western United States. Tesoro, through our subsidiaries, owns and operates seven refineries with a combined capacity of over 895,000 barrels per day. Our retail-marketing system includes over 2,400 retail stations under the ARCO®, Shell®, Exxon®, Mobil®, USA Gasoline™, Rebel™ and Tesoro® brands. Our full-service logistics business, a master limited partnership formed by Tesoro Corporation as Tesoro Logistics LP (TLLP), owns and operates 4,000 miles of crude oil, refined products and natural gas pipelines; 29 crude oil and refined products truck and marine terminals; 15 million barrels of storage capacity; two crude oil rail facilities; and four natural gas processing complexes. Headquartered in San Antonio, Texas, our operations span 18 states.

Our strength lies in our investment in employees and in their future. We measure success not only by the products we bring to our customers, or the financial results we deliver to our shareholders, but also by remaining true to our core values of safety and environmental stewardship, respect and integrity.

Discover your strengths and invest in your future by applying today.

Employees must be able to perform the essential functions of the job with or without reasonable accommodation.

Equal Opportunity Employer: Vet / Disability


Posting Notes: || San Antonio || Texas || United States (US) || SF:LI-JR-2 || |Information Technology || 78259 ||

Nearest Major Market: San Antonio 
Job Segment: Solution Architect, Architecture, Manager, Engineer, Information Systems, Technology, Engineering, Management

Share this job:

Tesoro Corporation

Tesoro Corporation is a leading independent refiner and marketer of petroleum products that has been serving the fuel transportation needs of the western United States for more than 45 years. We are committed to safe, clean, reliable operations and creating shared value for the communities where we live and work. Through the dedication of our employees and our integrated network of assets, we are intentionally positioned to capitalize on today’s opportunities and unlock tomorrow’s possibilities. Tesoro is a Fortune 100 company headquartered in San Antonio, Texas.

Refining and marketing petroleum products
Visit Tesoro Corporation's Social Media pages:
Company Industry: Oil & Energy
Company Type: Public Company
Company Size: 5,001-10,000
One other job with this company: