IAM Governance Lead

The Azure Architect Networking, Security & Terraform is responsible for designing, securing, and governing enterprise-scale Azure environments with a strong emphasis on network architecture, identity security, policy enforcement, and Infrastructure-as-Code using Terraform. This role supports CIO- and CISO-led cloud transformation initiatives, ensuring Azure platforms are secure-by-design, compliant, and automation-driven.

Design and govern enterprise Azure architectures across multi-subscription and multi-region environments. Architect Azure Landing Zones aligned with enterprise networking, security, and governance standards. Define subscription models, management groups, and platform guardrails. Provide architecture inputs for SOWs, RFPs, and client solution designs.

Architect and govern Azure VNets, subnets, IP addressing, NSGs, and routing (UDRs). Design hub-and-spoke and Azure Virtual WAN architectures. Implement ExpressRoute, Site-to-Site VPN, and Point-to-Site VPN connectivity. Design secure ingress and egress using Azure Firewall, Application Gateway (WAF), Load Balancers, Front Door, and Traffic Manager. Ensure network architectures meet high availability, resiliency, and disaster recovery requirements.

Zero Trust security models across Azure and identity layers. Design and govern Microsoft Entra ID (Azure AD) including RBAC and Privileged Identity Management (PIM). Design, implement, and manage Conditional Access policies using user, device, location, and risk-based controls. Integrate security monitoring using Microsoft Defender for Cloud and Microsoft Sentinel.

Design and implement Azure Policy and Initiatives to enforce governance and compliance. Manage Azure Policy as Code using Terraform, including custom and built-in policies. Assign and enforce policies at management group and subscription levels. Integrate policy compliance into CI/CD pipelines for preventive governance.

Design and manage Terraform-based Infrastructure-as-Code for Azure. Develop reusable Terraform modules aligned with enterprise standards. Implement Terraform workflows for Azure Landing Zones, networking, security, policies, and Conditional Access. Ensure drift detection, compliance validation, and controlled change management using Terraform pipelines.

Act as a trusted advisor to CIOs, CISOs, Network and Security leadership. Lead architecture reviews, security design sessions, and governance forums. Provide technical leadership and mentoring to cloud, platform, and security teams. Support cloud migrations, modernization programs, and managed services transitions.

• 10+ years of experience in cloud or infrastructure architecture.
• Strong expertise in Azure Networking, Security, Identity, and Governance.
• Hands-on experience with Terraform for Azure (Terraform Cloud or pipelines preferred).
• Experience designing secure, compliant, enterprise-scale Azure platforms.
• Certifications Must-Have: Microsoft Certified Azure Solutions Architect Expert.
• Preferred: Azure Security Engineer Associate, Azure Network Engineer Associate.
• Good to have: HashiCorp Certified Terraform Associate.
• Good to have: CISSP, CCSP or equivalent security certifications.

For applications and inquiries, contact: hirings@openkyber.com