IGA Architect & Engineer – Cyber CoE
Indexed description
Role Overview
The IGA Architect & Engineer is responsible for the design, engineering, and continuous
enhancement of the Identity Governance & Administration (IGA) platform and services across
human, system, and AI-related identities. This role owns the technical architecture, integrations, and platform engineering for the IGA solutions, ensuring scalability, security, and alignment with enterprise architecture, governance, and regulatory standards. The role also defines how automation, workload, and AI identities are onboarded, governed, and controlled within the enterprise identity ecosystem. In addition, this role oversees system integrators, vendors, and managed service providers to ensure effective delivery, architectural compliance, and long-term platform sustainability.
Key Responsibilities
IGA Architecture & Engineering:
- Design and maintain IGA service architecture, including identity models, access models,
role structures, and segregation of duties (SoD) frameworks.
- Engineer and support IGA platform configurations, workflows, rules, connectors, and
automation.
- Lead application onboarding, identity source onboarding, and authoritative source
management.
- Design and implement integrations with directories, HR systems, databases, APIs, cloud
services, and business applications.
• Define and enforce technical standards, architecture patterns, and best practices for IGA
implementations.
AI & Non-Human Identity Architecture:
- Design and govern identity architecture for non-human identities, including service and
application accounts, automation and batch identities, AI agents, bots, and workload
identities (where applicable).
- Define onboarding patterns and controls for AI-related identities within the IGA platform,
ensuring clear ownership and accountability, least-privilege access models, lifecycle
management and de-provisioning.
- Provide architectural guidance on AI access risks, identity sprawl, and entitlement
complexity to security governance and risk teams.
Release, Deployment & Operational Support:
- Own release, deployment, and environment promotion management across
development, test, and production environments.
- Support and lead L3 troubleshooting, complex incident resolution, and root cause
analysis for critical IGA and integration issues.
- Collaborate with operations teams to ensure engineering designs are operationally stable
and supportable.
Vendor, SI & Platform Governance:
- Oversee and govern system integrators, implementers, and managed service providers
(MSPs).
- Review vendor deliverables, solution designs, and configurations to ensure architectural
quality and compliance.
- Act as the technical authority for IGA decisions, trade-offs, and risk acceptance.
- Provide expert technical consultation to security governance, operations, application, and
platform teams.
Audit & Regulatory Support:
- Support audits and regulatory reviews by providing architecture documentation, designs,
configuration evidence, and technical explanations.
- Ensure IGA and AI-related identity controls align with regulatory expectations and internal
security standards.
Required Qualifications
Experience:
- 5+ years of experience in Identity & Access Management (IAM) or cybersecurity, with
strong focus on IGA architecture and engineering.
- Hands-on experience designing and implementing SailPoint in enterprise environments.
- Proven experience leading application onboarding, system integrations, and platform
releases.
- Experience working in a group company, financial services, or consulting environment is
strongly preferred.
Technical Skills:
- Deep expertise in SailPoint architecture, connectors, workflows, rules, and identity lifecycle configurations.
- Strong understanding of IAM and IGA concepts including JML, RBAC, ABAC, SoD, and
access certifications.
- Experience integrating with HR systems, Active Directory, LDAP, databases, APIs, and
cloud platforms.
- Knowledge of scripting, REST APIs, and automation for identity integrations.
- Experience with release management, CI/CD concepts, and environment promotion.
- Ability to review vendor designs and govern third-party delivery quality.
Preferred Certifications
- SailPoint Identity Security Administrator Certification
- SailPoint Identity Security Engineer Certification
- ITIL Foundation
Key Competencies
- IGA Architecture & Engineering Expertise – Deep understanding of IGA platforms, identity
models, access models, and SoD design.
- SailPoint Technical Mastery – Strong hands-on capability in SailPoint integrations,
workflows, connectors, rules, and automation.
- Integration & Onboarding Leadership – Ability to design and deliver secure, scalable
application and authoritative source integrations.
- Release & Environment Management – Strong discipline in release, deployment, and
environment promotion management.
- Problem Solving at Scale – Capability to handle complex L3 issues, root cause analysis,
and architectural remediation.
- Vendor & SI Governance – Ability to govern system integrators, implementers, and MSPs
and ensure delivery quality.
- Good Communication – Ability to communicate effectively in English, both written and
verbal.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search