Senior IAM Engineer

About AFCA

The Australian Financial Complaints Authority (AFCA) was established in 2018 as a private not-for-profit ombudsman service providing free, fair and independent help with financial disputes. The original team has grown to over 1600 dedicated professionals. Since 2018, AFCA has received more than 634,000 complaints, helping to secure $2.1 billion in compensation for consumers.

AFCA is a 2026 Circle Back Initiative Employer - we are committed to responding to every applicant.

About the role

We're looking for a Senior IAM Engineer to lead the design and delivery of AFCA's next-generation Identity and Access Management (IAM) capability.

This is a key role supporting a major transformation program, where you'll help replace legacy identity solutions and establish a modern, scalable CIAM and workforce identity platform.

You'll take ownership of end-to-end IAM solution design and implementation, ensuring identity is secure, seamless and enables strong customer and workforce experiences across our digital ecosystem.

Responsibilities

• Lead and own the end-to-end design and implementation of enterprise IAM solutions across transformation programs, covering both CIAM (external users) and workforce identity
• Drive evaluation and selection of IAM platforms (e.g. evolution of Azure B2C / Microsoft Entra External ID or alternatives), including defining target-state architecture and transition roadmap, vendor engagement and supporting commercial considerations
• Translate enterprise and solution architecture into practical, secure, and scalable IAM designs that can be delivered by engineering teams, incorporating automation, Infrastructure as Code (IaC), and CI/CD practices where appropriate
• Provide hands-on engineering leadership across the IAM lifecycle (design, build, integration, and run), including complex troubleshooting and decision-making
• Design and implement integrations across AFCA's application ecosystem (e.g. Dynamics 365, ServiceNow, APIs, portals), including OIDC / OAuth2 authentication flows, token design and validation, and API and service-to-service authentication patterns
• Implement identity lifecycle management, RBAC models and least privilege access
• Design and strengthen identity security controls (MFA, conditional access, modern authentication)
• Identify and mitigate identity-related security risks, including fraud and account takeover threats

Requirements

• Proven experience delivering enterprise IAM or CIAM solutions in complex, regulated environments
• Strong hands-on experience with modern identity platforms such as: Microsoft Entra ID (Azure AD), Azure AD B2C / Entra External ID, Okta / Auth0 (desirable given AFCA context)
• Experience leading or contributing to IAM platform selection and migration from and/or integration with legacy identity solutions such as Active Directory
• Strong expertise in modern authentication and identity protocols: OAuth2, OpenID Connect (OIDC), SAML
• Experience designing and implementing API and service authentication patterns
• Solid understanding of Identity lifecycle management (joiner/mover/leaver), Access governance and RBAC models, CIAM patterns for external users (B2C/B2B)
• Ability to translate enterprise architecture into implementable IAM solutions
• Experience integrating IAM with enterprise platforms such as CRM and Case Management (e.g. D365, ServiceNow), Service Management (Fresh Works) and digital channels
• Strong understanding of cloud-first identity architecture patterns within Azure environments
• Demonstrated technical leadership across complex programs
• Strong stakeholder engagement across architecture, security, and delivery functions
• Ability to influence design decisions and guide teams through ambiguity

Desirable

• Experience working in environments using split identity models (internal vs external identity platforms)
• Experience migrating from Azure AD B2C or similar legacy CIAM implementations
• Experience working in highly regulated industries

Benefits and culture

• Silver AWEI Accreditation 2025 – Recognised for LGBTQ+ workplace inclusion
• Accredited Family Friendly Workplace – Supporting work-life balance and inclusivity
• Hybrid working – Flexible arrangements with two days a week in our modern offices designed for collaboration and wellbeing
• Additional and inclusive leave options – Flexible public holidays, gender affirmation leave, women's health leave, and bonus paid time off over the end of year holiday period
• Flexible work options and thoughtful benefits
• Opportunities to deepen expertise in a diverse, caring culture

How to apply

If you're passionate about fairness and believe your skills align with this role, we encourage you to apply even if you don't meet every single criterion.

We welcome applications from people of all backgrounds, cultures, abilities, sexual orientations, and gender identities. If you require any accessibility support during the recruitment process, please reach out to our team at [email protected].

We believe fairness starts with people. That's why we don't use AI or automated tools to screen candidates. As a result, our processes may take a little longer, and we thank you for your patience.