IAM Architect – ( SailPoint )

Key Responsibilities

IAM Architecture & Zero Trust

• Lead the architecture design and implementation of IAM capabilities aligned to Zero Trust principles.
• Develop IAM standards patterns and roadmaps to support secure identity-centric access across the enterprise.
• Ensure consistent identity controls across cloud on-prem and hybrid environments.

Identity Governance & Administration (IGA)

• Architect and optimize IGA processes using SailPoint IdentityIQ / IdentityNow.
• Drive automation for joiner/mover/leaver (JML) lifecycle workflows and entitlement governance.
• Lead RBAC design access certifications policy enforcement and governance maturity improvements.

Privileged Access & Microsoft Entra

• Integrate and enhance identity services in Microsoft Entra including SSO MFA Conditional Access and identity protection.
• Partner with CyberArk teams to strengthen privileged access controls and vaulting strategies.
• Ensure seamless integration of enterprise applications into Entra and SailPoint.

PKI & Certificate Services

• Provide architectural oversight for PKI and certificate lifecycle management.
• Collaborate with PKI teams to improve automation reliability and compliance.
• Support evaluation of PKIaaS or hybrid PKI models as needed.

Cost Optimization & License Governance

• Conduct ongoing analysis of IAM-related licensing (SailPoint CyberArk Microsoft Entra M365).
• Identify cost-saving opportunities through license rationalization usage reviews and entitlement cleanup.
• Partner with stakeholders and the parent company to align licensing strategy and reduce overall spend.

Automation & Documentation

• Build automation for IAM and PKI processes using PowerShell APIs and workflow tools.
• Produce high-quality architectural documentation standards diagrams and operational guides.
• Ensure IAM processes are measurable repeatable and audit-ready.

Cross-Functional Collaboration

• Work closely with security infrastructure HR compliance and application teams.
• Collaborate with the parent company to align IAM strategy governance and technology direction.
• Lead technical discussions design reviews and solution evaluations across business units.

Required Qualifications

• 8 years of experience in IAM architecture engineering or security architecture roles.
• Strong hands-on experience with SailPoint CyberArk Microsoft Entra and Active Directory.
• Deep understanding of Zero Trust identity models and enterprise IAM best practices.
• Expertise in IGA SSO federation (SAML/OIDC) MFA and privileged access controls.
• Working knowledge of PKI and certificate lifecycle management.
• Proficiency with automation (PowerShell Python APIs workflow engines).
• Experience designing and implementing lifecycle processes and RBAC models.
• Strong analytical skills for cost analysis license optimization and usage reporting.
• Excellent documentation communication and stakeholder-management skills.

Preferred Qualifications

• Experience with certificate automation platforms.
• Background in hybrid cloud identity architectures.
• Familiarity with regulatory frameworks (SOX HIPAA ISO etc.).
• Relevant certifications (CISSP Azure Security Engineer Identity & Access certifications).

Travel Motor Vehicle Record & Physical/Environment Requirements:

• 5%-15% travel as per business requirements.

It would be a plus if you also possess previous experience in:

• Python YAML
• Jira Confluence

Ansible automation