Afarax is looking for a freelance Active Directory / IAM Architect. We need you!The project:Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Active Directory / IAM Architect to strengthen their team.Key responsibilities:IAM Architecture & GovernanceDefine enterprise IAM architectures for AD, Entra ID, MFA, SSO, and PAM.Design hybrid identity models (on-prem AD, Azure AD, AD Connect).Establish Azure AD and M365 governance frameworks, including RACI, object provisioning, and group lifecycle.Architect access models for M365 (resources, naming standards, ownership, guest account lifecycle).Define privileged access frameworks (JIT, JEA, PAM) in line with Zero Trust.Solution Design & DeliveryLead IAM solution designs for onboarding applications into Okta and SailPoint IIQ.Translate functional and regulatory requirements into technical IAM blueprints.Coordinate implementation with IAM engineers, security architects, and vendors.Support integration of SaaS applications and external platforms into central IAM.Governance, Risk & ComplianceTranslate frameworks (ISO 27001/27002, NIS2, DORA) into actionable IAM controls.Ensure consistent IAM implementation across projects in line with ISMS standards.Document IAM processes, access models, and integration patterns.Participate in audits, risk assessments, and remediation actions.Leadership & CollaborationAct as the senior reference for IAM architecture.Guide and mentor IAM engineers and analysts.Support incident response and forensic investigations related to identity.Build strong collaboration with enterprise architects, SOC, and business stakeholders.Is this you?10+ years in IT/security, with 5+ years in IAM architecture.Proven expertise in Active Directory, Entra ID (Azure AD), AD Connect, ADFS, MFA, SSO, PAM.Experience with Okta (authentication, MFA) and SailPoint IdentityIQ (governance, provisioning).Hands-on with modern authentication (SAML2, OAuth2, OpenID Connect, WS-Fed).Knowledge of hybrid environments: AD, Azure Cloud, private cloud, Unix/Linux LDAP, RACF.M365 IAM expertise: Intune, Exchange Hybrid, access models, guest lifecycle.Certifications (preferred):Microsoft Certified: Identity and Access Administrator (SC-300)Microsoft Certified: Azure Solutions Architect ExpertCISSP, CISM, or SABSAVendor certifications (CyberArk, SailPoint, Okta)How afarax supports you?You benefit from our extensive networkYou will have access to projects that fit your expertiseWe help and support you throughout your projectWe offer the possibility to build a valuable and lasting partnershipCheck out more projects on: https://afarax.be/jobs/type/freelance/