Back to search
Tata Consultancy Services Linkedin · Posted 11d ago

IGA Architect & Engineer – Cyber CoE

Bangkok

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Role Overview

The IGA Architect & Engineer is responsible for the design, engineering, and continuous

enhancement of the Identity Governance & Administration (IGA) platform and services across

human, system, and AI-related identities. This role owns the technical architecture, integrations, and platform engineering for the IGA solutions, ensuring scalability, security, and alignment with enterprise architecture, governance, and regulatory standards. The role also defines how automation, workload, and AI identities are onboarded, governed, and controlled within the enterprise identity ecosystem. In addition, this role oversees system integrators, vendors, and managed service providers to ensure effective delivery, architectural compliance, and long-term platform sustainability.


Key Responsibilities

IGA Architecture & Engineering:

  • Design and maintain IGA service architecture, including identity models, access models,

role structures, and segregation of duties (SoD) frameworks.

  • Engineer and support IGA platform configurations, workflows, rules, connectors, and

automation.

  • Lead application onboarding, identity source onboarding, and authoritative source

management.

  • Design and implement integrations with directories, HR systems, databases, APIs, cloud

services, and business applications.

• Define and enforce technical standards, architecture patterns, and best practices for IGA

implementations.


AI & Non-Human Identity Architecture:

  • Design and govern identity architecture for non-human identities, including service and

application accounts, automation and batch identities, AI agents, bots, and workload

identities (where applicable).

  • Define onboarding patterns and controls for AI-related identities within the IGA platform,

ensuring clear ownership and accountability, least-privilege access models, lifecycle

management and de-provisioning.

  • Provide architectural guidance on AI access risks, identity sprawl, and entitlement

complexity to security governance and risk teams.


Release, Deployment & Operational Support:

  • Own release, deployment, and environment promotion management across

development, test, and production environments.

  • Support and lead L3 troubleshooting, complex incident resolution, and root cause

analysis for critical IGA and integration issues.

  • Collaborate with operations teams to ensure engineering designs are operationally stable

and supportable.


Vendor, SI & Platform Governance:

  • Oversee and govern system integrators, implementers, and managed service providers

(MSPs).

  • Review vendor deliverables, solution designs, and configurations to ensure architectural

quality and compliance.

  • Act as the technical authority for IGA decisions, trade-offs, and risk acceptance.
  • Provide expert technical consultation to security governance, operations, application, and

platform teams.


Audit & Regulatory Support:

  • Support audits and regulatory reviews by providing architecture documentation, designs,

configuration evidence, and technical explanations.

  • Ensure IGA and AI-related identity controls align with regulatory expectations and internal

security standards.


Required Qualifications


Experience:

  • 5+ years of experience in Identity & Access Management (IAM) or cybersecurity, with

strong focus on IGA architecture and engineering.

  • Hands-on experience designing and implementing SailPoint in enterprise environments.
  • Proven experience leading application onboarding, system integrations, and platform

releases.

  • Experience working in a group company, financial services, or consulting environment is

strongly preferred.


Technical Skills:

  • Deep expertise in SailPoint architecture, connectors, workflows, rules, and identity lifecycle configurations.
  • Strong understanding of IAM and IGA concepts including JML, RBAC, ABAC, SoD, and

access certifications.

  • Experience integrating with HR systems, Active Directory, LDAP, databases, APIs, and

cloud platforms.

  • Knowledge of scripting, REST APIs, and automation for identity integrations.
  • Experience with release management, CI/CD concepts, and environment promotion.
  • Ability to review vendor designs and govern third-party delivery quality.


Preferred Certifications

  • SailPoint Identity Security Administrator Certification
  • SailPoint Identity Security Engineer Certification
  • ITIL Foundation


Key Competencies

  • IGA Architecture & Engineering Expertise – Deep understanding of IGA platforms, identity

models, access models, and SoD design.

  • SailPoint Technical Mastery – Strong hands-on capability in SailPoint integrations,

workflows, connectors, rules, and automation.

  • Integration & Onboarding Leadership – Ability to design and deliver secure, scalable

application and authoritative source integrations.

  • Release & Environment Management – Strong discipline in release, deployment, and

environment promotion management.

  • Problem Solving at Scale – Capability to handle complex L3 issues, root cause analysis,

and architectural remediation.

  • Vendor & SI Governance – Ability to govern system integrators, implementers, and MSPs

and ensure delivery quality.

  • Good Communication – Ability to communicate effectively in English, both written and

verbal.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent