AWS Cloud Services Architect with strong IAM experience to optimize cloud a cloud environment and improve processes, policies and governance for a global

Our global client is seeking AWS Cloud Services Architect with strong IAM experience to optimize cloud their cloud environment and improve processes, policies and governance.

Must Have:

• Experience as a AWS Cloud Services Architect optimizing IAM architecture, processes, policies and governance.
• Experience with IAM Users Groups, and Roles including knowing how to create, manage, and assign permissions to users, organize them into groups, and leverage roles for both human and programmatic access
• Skilled at authoring and troubleshooting IAM policies, including inline and managed policies, as well as policies attached to users, groups, and roles.
• Understanding how to use permission boundaries to set maximum permissions for roles and users.
• Resource-Based Policies: Familiarity with policies attached directly to AWS resources like S3 buckets, Lambda functions, and others.
• Principle of Least Privilege: An ability to architect and maintain least-privilege access at scale, reducing the attack surface.

Nice to have:

• AWS Certified Security - Specialty or AWS Certified Solutions Architect
• Azure IAM skills

Scope:

• Understand complex JSON-based IAM policies, including conditions, resource-level permissions, and the use of wildcards or variables for dynamic access control.
• Interpret and analyze policy evaluation logic: how AWS evaluates Allow and Deny statements, explicit vs. implicit denies, and policy conflicts.
• Debug policies using AWS Policy Simulator and CloudTrail logs to resolve access denied errors or unexpected permission grants.
• Utilize service control policies (SCPs) in AWS Organizations for centralized governance across multiple accounts.
• Utilizing AWS Organizations, SCPs, and AWS Control Tower for centralizing identity and access management.
• Automating IAM resource creation and policy management using AWS CloudFormation, Terraform, or AWS CDK.
• Designing reusable templates and modules for IAM roles, policies, and permission sets.
• Utilizing AWS CLI, SDKs (like Boto3 for Python), and automation tools for managing IAM at scale.
• Building automated workflows for provisioning, de-provisioning, and rotating credentials.
• Set up and analyze AWS CloudTrail logs for IAM activity monitoring and forensic investigations.
• Configure AWS Config rules to monitor compliance and detect configuration drifts.
• Communicating complex IAM concepts to both technical and non-technical audiences.
• Collaborating with security, compliance, operations, and application teams to align access strategies with business needs.
• Documenting policies, processes, and incident response plans clearly and thoroughly