Overview
We are seeking a highly skilled ForgeRock Architect to lead the design and deployment of secure, scalable identity services across banking platforms. This role requires deep expertise in the ForgeRock stack (AM, IDM, IG), middleware integration, CIAM, and regulatory-compliant authentication systems.
Key Responsibilities
- Architect and deploy ForgeRock Access Management (AM), Identity Management (IDM), and Identity Gateway (IG) to support internal and external user access.
- Design multi-realm configurations to support B2B, B2C, and partner interactions within retail and commercial banking platforms.
- Integrate IAM flows with banking middleware (e.g., Apache, Tomcat, WebSphere), ensuring compliant authentication for high-volume applications such as online banking, mobile apps, loan servicing portals, and trading platforms.
- Implement CIAM capabilities including user registration, consent management, KYC verification workflow integration, and adaptive authentication.
- Design federated access using OAuth2, SAML, OIDC with fine-grained policy enforcement aligned with PCI-DSS, GDPR, FFIEC, and OSFI standards.
- Implement step-up authentication, fraud detection rules, and contextual access controls for high-risk banking operations.
- Establish identity-centric Zero Trust principles including least privilege, micro segmentation, and behavioral access analytics.
- Secure APIs with identity tokens and scopes; embed IAM into enterprise service buses (ESB) and integration layers.
- Integrate IAM systems with Splunk and Dynatrace for end-to-end visibility and alerting.
- Maintain certificate infrastructure including key rotation, Trust store updates, and TLS handshake configurations for secure banking transactions.
- Extend IAM services to cloud-native banking environments , Azure, GCP.
- Enable DevSecOps practices including automated IAM testing, CI/CD pipeline hooks, and secrets management.
Additional pointers:
- ForgeRock Certified Identity or Access Specialist.
- Experience designing IAM for consumer banking portals and financial APIs.
- Exposure to authentication flows and identity proofing services.