Afarax is looking for a freelance Active Directory / IAM Architect. We need you!
The project:
Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Active Directory / IAM Architect to strengthen their team.
Key responsibilities:
IAM Architecture & Governance
* Define enterprise IAM architectures for AD, Entra ID, MFA, SSO, and PAM.
* Design hybrid identity models (on-prem AD, Azure AD, AD Connect).
* Establish Azure AD and M365 governance frameworks, including RACI, object provisioning, and group lifecycle.
* Architect access models for M365 (resources, naming standards, ownership, guest account lifecycle).
* Define privileged access frameworks (JIT, JEA, PAM) in line with Zero Trust.
Solution Design & Delivery
* Lead IAM solution designs for onboarding applications into Okta and SailPoint IIQ.
* Translate functional and regulatory requirements into technical IAM blueprints.
* Coordinate implementation with IAM engineers, security architects, and vendors.
* Support integration of SaaS applications and external platforms into central IAM.
Governance, Risk & Compliance
* Translate frameworks (ISO 27001/27002, NIS2, DORA) into actionable IAM controls.
* Ensure consistent IAM implementation across projects in line with ISMS standards.
* Document IAM processes, access models, and integration patterns.
* Participate in audits, risk assessments, and remediation actions.
Leadership & Collaboration
* Act as the senior reference for IAM architecture.
* Guide and mentor IAM engineers and analysts.
* Support incident response and forensic investigations related to identity.
* Build strong collaboration with enterprise architects, SOC, and business stakeholders.
Is this you?
* 10+ years in IT/security, with 5+ years in IAM architecture.
* Proven expertise in Active Directory, Entra ID (Azure AD), AD Connect, ADFS, MFA, SSO, PAM.
* Experience with Okta (authentication, MFA) and SailPoint IdentityIQ (governance, provisioning).
* Hands-on with modern authentication (SAML2, OAuth2, OpenID Connect, WS-Fed).
* Knowledge of hybrid environments: AD, Azure Cloud, private cloud, Unix/Linux LDAP, RACF.
* M365 IAM expertise: Intune, Exchange Hybrid, access models, guest lifecycle.
Certifications (preferred):
* Microsoft Certified: Identity and Access Administrator (SC-300)
* Microsoft Certified: Azure Solutions Architect Expert
* CISSP, CISM, or SABSA
* Vendor certifications (CyberArk, SailPoint, Okta)
How afarax supports you?
* You benefit from our extensive network
* You will have access to projects that fit your expertise
* We help and support you throughout your project
* We offer the possibility to build a valuable and lasting partnership
Check out more projects on: https://afarax.be/jobs/type/freelance/