Job Description

🧭 Job Summary 

This position is with a leading industry organization, offered under direct payroll.

We are looking for a highly experienced Identity & Access Manager – Tech Lead to lead the design, implementation, and delivery of enterprise IAM solutions and identity governance frameworks. This role bridges architecture and delivery, ensuring scalable IAM platforms, secure access models, and seamless integration across enterprise and cloud environments.

The ideal candidate will have deep expertise in SSO, MFA, RBAC/ABAC, identity lifecycle management, and federation, along with hands-on experience in multi-vendor IAM platforms (SailPoint, Okta, ForgeRock, Microsoft Entra ID, Ping Identity) and strong leadership in driving Zero Trust identity strategies.

📄 Job Description

• Design and implement IAM architecture and governance models aligned with enterprise security strategy
• Lead deployment and configuration of IAM platforms (SailPoint, Okta, ForgeRock, Ping Identity, Entra ID)
• Implement SSO, MFA, adaptive authentication, and federation protocols (SAML, OAuth2, OIDC)
• Define and enforce RBAC, ABAC, and policy-based access control models
• Manage Identity Governance & Administration (IGA) (access certification, SoD, lifecycle automation)
• Integrate IAM solutions with enterprise applications (ERP, CRM, SaaS) and cloud platforms (AWS, Azure, GCP)
• Collaborate with PAM teams to integrate privileged access controls (CyberArk, BeyondTrust)
• Establish and optimize joiner–mover–leaver (JML) lifecycle processes
• Ensure compliance with ISO 27001, NIST, SOX, GDPR, and Zero Trust frameworks
• Drive IAM automation using APIs, SCIM, and DevSecOps pipelines
• Lead architecture reviews, solution design, and vendor evaluations

🎯 Roles & Responsibilities 

• Lead IAM team in design, implementation, and operational support
• Define and enforce access governance policies and compliance controls
• Oversee user provisioning, de-provisioning, and access certification campaigns
• Troubleshoot complex IAM issues across authentication, federation, and provisioning layers
• Integrate IAM with cloud services, SaaS apps, and internal systems
• Collaborate with security, infrastructure, and DevOps teams for secure identity integration
• Monitor IAM systems and ensure availability, performance, and scalability
• Conduct audit reviews, compliance reporting, and risk assessments
• Mentor engineers and promote best practices in identity security
• Drive adoption of Zero Trust and identity-first security models

🧠 Skills & Technologies 

🔐 IAM & Identity Governance

• Identity Governance & Administration (IGA)
• RBAC, ABAC, Policy-Based Access Control
• Identity Lifecycle Management (JML)
• Access Certification, Segregation of Duties (SoD)
• Zero Trust Architecture (ZTA)

🛠️ IAM Tools & Platforms (Multi-Vendor)

• SailPoint IdentityIQ / IdentityNow
• Okta (SSO, MFA, Lifecycle Management)
• ForgeRock Identity Platform
• Microsoft Entra ID (Azure AD)
• Ping Identity (PingFederate, PingOne)
• IBM Security Verify

🔑 Authentication & Federation

• SAML 2.0, OAuth 2.0, OpenID Connect (OIDC)
• LDAP, Active Directory, Kerberos
• Single Sign-On (SSO), Multi-Factor Authentication (MFA)
• Adaptive / Risk-Based Authentication

☁️ Cloud & Infrastructure Security

• AWS IAM (Roles, Policies, Organizations)
• Azure AD / Entra ID (Conditional Access, Identity Protection)
• GCP IAM
• SaaS Identity Integration
• Kubernetes Identity & Secrets

🔐 PAM & Security Integration

• CyberArk, BeyondTrust, Delinea
• Secrets Management (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault)
• SIEM Integration (Splunk, Sentinel, QRadar)

🌐 Networking & Systems

• TCP/IP, DNS, SSL/TLS
• Active Directory, LDAP
• Windows/Linux Identity Integration

⚙️ Automation & DevSecOps

• REST APIs, SCIM Provisioning
• Python, PowerShell
• CI/CD Integration (Jenkins, GitHub Actions, GitLab CI)
• Infrastructure as Code (Terraform)

📊 Frameworks & Compliance

• ISO 27001, NIST, CIS Controls
• SOX, GDPR, HIPAA
• Zero Trust Security Model
• MITRE ATT&CK (Identity Threat Mapping)

✅ Eligibility Criteria

• 8–12 years of hands-on experience in IAM engineering, architecture, and delivery roles
• Strong practical experience with multi-vendor IAM tools (SailPoint, Okta, ForgeRock, Entra ID, Ping Identity)
• Proven expertise in enterprise infrastructure (Active Directory, Linux), networking, and cloud platforms (AWS, Azure, GCP)
• Deep understanding of identity protocols, governance frameworks, and Zero Trust security models
• Bachelor’s or Master’s degree in Computer Science, IT, Cybersecurity, or related field

Certifications (Preferred / Advantage):

• CISSP, CISM
• SailPoint Certified IdentityNow Engineer / Architect
• Okta Certified Professional / Administrator
• Microsoft Certified: Identity & Access Administrator