• Function title: Identity & Access Management Architect
• Reference: NOC-NM-2023-AD/662
• Location: Brussels (The selected candidate must reside either at this location or within a reasonable proximity that allows for the satisfactory execution of their duties). – Information about living in Brussels
• Nature of competition: Internal and external competition
• Applicable regulations: Staff regulations governing officials of the EUROCONTROL Agency
• Type of post: Administrator
• Job level: AD6-AD9 – Check salary simulations for the basic grade
• Generic job title: Expert
• Number of posts: 1
• Duration of appointment: 5 Year(s) – extension or conversion of the contract is possible – see “Useful information” section
• Security clearance: EUROCONTROL, NATO or EU Secret
• Directorate/Service: NMD/TEC/IAS – Architecture Unit
• Working arrangement: Hybrid work (remote and onsite)
• Competition publication date: 31/08/2023
• Competition closing date: 28/09/2023 (23:59 Brussels time)
• Reserve list: Applicable – See details in the “Useful information” section

Your team

Within the Network Management Directorate, the “Architecture” unit designs the IT Solution Strategies and Architecture principles. The service addresses areas such as IT policy, Enterprise Architecture, software and application architecture, data and infrastructure architecture at corporate level.

As our new Identity & Access Management (IAM) Architect, you will be overseeing the IAM architecture in line with the Agency IT security strategy and Architecture unit’s strategy, developing and maintaining IAM architecture for the on-prem and cloud infrastructures. You will work with other architects and other stakeholders to design an IAM solution that is scalable, adaptable and synchronized with the ever business and integration needs.

Your role

Your role will be to:

• Design the target Identity and Access Management (IAM) architecture to unify the identification/authorization/authentication across the Network Manager (NM) system landscape, including the operational assets.
• Harmonize and standardize the B2B profile (200+ profiles) management, capitalizing on standard technology stack (e.g.: AzureAD).
• Establish a roadmap to migrate the NM assets (currently using WebSEAL/OKTA) to comply with the target IAM architecture.
• Design a Zero Trust security model for the business applications to ensure proper resource management and access control across the system landscape.
• Maintain the IAM architecture and develop IAM roadmaps aligned with the Technology Division’s strategy, the Agency Digital Transformation objectives and technological evolutions.
• Collaborate effectively with other architects and stakeholders to build solutions in line with the IAM architecture.
• Keep abreast on best practices and technology evolutions in field of expertise to leverage activities.
• Provide technical subject matter expertise on the IAM domain, contribute to architecture governance boards to support solution design validation and decision making.
• Carry out any other task in line with the main purpose of the job.

Required qualifications, experience & competencies

• Completed university studies of 4 years in a relevant domain plus 5 years of relevant working experience (e.g. Computer Science, Information Technology, etc) or completed university degree of 3 years in a relevant domain plus 6 years of relevant working experience.
• Internal candidates should go to page check on the intranet to see what level of in-house experience is considered equivalent to educational qualifications where appropriate.
• Certification(s) on Identity Access Management and Information Systems Security would be considered as an asset.
• Experience in supporting IAM solutions, processes and procedures within a global company. Experience in mission-critical or regulated environments would be an advantage.
• Experience(hands-on) with IAM solutions design and integrations and in implementing multi-factor authentication, single sign-on, identity management, identity federation or related technologies (e.g. RSA, AzureAD, IBM ISAM, Okta, Usercube, …)
• Experience in information and cyber security, data protection and IT risk management.
• Knowledge of security standards and practices (ISO 27001, ISMS) and current IT risks.
• Understanding of security protocols, cryptography, authentication, authorisation and security.
• Technical writing skills (English).
• Analytical skills: you apply a methodical approach to complex information.
• Problem Solving: you know how to solve complex problems and provide effective solutions.
• Team Work: you foster teamwork.
• Influencing: you tailor your style and approach to influence others.
• Quality focus: you set and foster high quality standards.
• Ability to work in a multinational and multicultural environment.
• Professional conduct in line with the corporate behaviours of the Agency, i.e. result-driven, readiness to change, customer focus, integrity and team-player approach.
• The working languages of the Agency are English and French. For this particular job, candidates must be proficient users of English at level C1. The selected candidate will be required to become basic users of French at level A1/A2 before the end of the probation period. The levels relate to the European-framework-reference Common European Framework of References for languages (CEFR).

Useful information

• Applications will be accepted from nationals of EUROCONTROL Member States only.
• The selected candidate will be offered a contract of 5 Year (s) pursuant to the provisions of the Staff Regulations governing officials at EUROCONTROL. The contract may be renewed up to a maximum of 9 years or converted into an undetermined contract. Before being established in the post, the selected candidate will be requested to provide certified copies of their degrees and successfully serve a probationary period of 9 months.
• Internal candidates
  If selected, the person will keep their current type of appointment duration (undetermined or determined).
  The internal staff member with a determined contract will be offered, in principle, an appointment for 5 Year(s) with a maximum total duration of 9 years.
• The successful candidate shall be appointed at the grade set out in this vacancy notice, or if a group of grades has been published for a job level, in principle at the basic grade of the published job level.
• In case of reserve list: Suitable candidates, however not selected to fill the post, will be placed on a reserve list for similar functions. The period of validity of reserve list is 1 year from the closing date of applications .
• Information on salary and benefits can be found on our Careers site
• EUROCONTROL is an equal opportunities employer. We are committed to equality and diversity. In the event of equal merit, preference may be given to the applicant from the under-represented diversity characteristics in order to complement diversity of teams and rebalance the workforce.
• Candidates should go to our Careers site and read the tips on how to apply.