Principal Architect - Identity, Data Modeling, and Platform APIs

Step into the role of a Principal Architect at JPMorganChase and become a driving force behind the development and adoption of cutting-edge, cloud-based technologies.

As a Principal Architect at JPMorganChase within the Core Infrastructure Platforms Architecture team you provide expertise to enhance and develop architecture platforms based on modern cloud-based technologies, as well as support the adoption of strategic global solutions. Leverage your advanced architecture capabilities and collaborate with colleagues across the organization to drive best-in-class outcomes. You will design the data and API foundations that connect identity, authority, ownership, and permission to workload deployment on IaaS platforms and hypervisors. This is a senior individual contributor role, focused on rigorous data modeling, software and API design, and identity architectures in a large, regulated financial environment. You will define canonical models and service contracts, ensure designs meet regulatory and control requirements, and partner closely with platform, engineering, and development teams.

Job responsibilities

• Defines and owns canonical data models capturing identity, authority, ownership, and permissions across compute, storage, and network resources; model relationships among people, services, applications, and infrastructure assets.
• Designs and evolves APIs and service contracts for entitlements and workload onboarding to IaaS and hypervisor platforms; establish versioning, compatibility, lifecycle, and governance for these interfaces.
• Architects identity aware provisioning flows and guardrails: integrate with directory and identity systems (e.g., Kerberos, Active Directory), enforce RBAC/ABAC, separation of duties, least privilege, and auditable change.
• Establishes and maintains data structures used for technology governance (e.g., product catalogs, inventories/CMDB, configuration attributes, organizational hierarchies) with clear sources of truth, lineage, and stewardship.
• Embeds compliance and controls into designs: evidence and traceability for regulatory obligations on identity, access management, and operational risk; align with firm policies and applicable regulations.
• Partners with platform teams (hypervisors, IaaS, Kubernetes) and application developers to ensure secure, operable, and scalable workload deployment patterns; produce reference architectures, patterns, and reusable templates.
• Defines policies and policy as code approaches for identity, authorization, configuration, and change; integrate controls into CI/CD and provisioning pipelines.
• Drives data quality and observability for governance datasets: schemas, validations, metadata, golden records, reconciliation, and reporting.
• Conducts architecture/design reviews; document decisions, risks, exceptions/waivers, and remediation plans; present in governance forums.
• Promotes effective ways of working: help organize team backlogs and ceremonies, ensure Jira/Kanban hygiene, run stand ups, and track delivery metrics to keep the team productive.

• Mentors engineers and architects; foster a collaborative, low ego, outcome focused culture.

Required qualifications, capabilities, and skills

• Formal training or certification on software Infrastructure Architecture concepts and expert applied experience
• Extensive experience architecting in large, complex, regulated financial services environments, including identity centric designs and production delivery.
• Deep expertise in enterprise identity management and directory services, including:
• Kerberos and Active Directory (forests/domains, trusts, group nesting, SPNs, constrained delegation, service accounts, PKI).
• Authorization models and controls (RBAC, ABAC, policy evaluation, least privilege, privileged access, break glass, JIT access).
• Strong data modeling skills (relational, hierarchical, graph) and schema design for governance datasets (product catalogs, CMDB/inventory, configuration attributes, organizational structures).
• Professional software and API design experience: REST/gRPC API design, versioning and compatibility strategies, service contracts, error models, pagination, performance, and security.
• Hands on understanding of IaaS and hypervisor platforms and how identity/authorization integrates with provisioning, lifecycle, and operations.
• Demonstrated ability to embed regulatory, risk, and control requirements into architecture and provide audit ready evidence and traceability.

• Excellent communication and stakeholder management; able to collaborate deeply with developers and platform engineers to deliver pragmatic solutions.

Preferred qualifications, capabilities, and skills

• Experience with policy as code and controls (e.g., OPA, Conftest, Sentinel) and mapping to control frameworks.
• Familiarity with Kubernetes platform identity (workload identity, service accounts), service meshes, and identity aware networking.
• Experience with data governance practices: stewardship models, MDM, reference data, lineage, and reconciliation.
• Background in secrets management, mTLS/PKI, and certificate lifecycle for services.
• Track record improving team productivity via agile ways of working, backlog management, and delivery metrics.
• Relevant certifications (e.g., identity/directory, security, architecture).