Senior Identity & Access GRC Engineer
Indexed description
Senior Identity & Access Governance Engineer is responsible for the design, implementation and continuous improvement of Identity and Access Management (IAM) controls across the organization to mitigate cyber risk and ensure compliance with local/international regulatory requirements. The role sits within the GRC function and acts as the technical authority for identity governance, ensuring the translation of policies into enforceable and auditable technical controls across on-premises, cloud and hybrid environments. This is a senior, hands-on role with governance responsibilities and cross-functional influence, who will design the operating model, define governance frameworks, implement risk-based controls and set the IAM maturity level at the enterprise level.
What You’ll Do
Main Responsibilities:
Identity Control Governance and Design
- Define IAM governance framework, standards and control structure
- Design IAM operational model
- Translate IAM policies and standards into applicable technical controls
- Design and maintain enterprise-wide RBAC models aligned with business roles and risk levels
- Define and enforce Segregation of Functions (SoD) controls
- Establish Key Risk Indicators (KRIs) and control effectiveness metrics
- Maintain IAM documentation and record repository
- Create an IAM maturity roadmap
- Ensure alignment with Zero Trust principles
- Design and optimize Joiner Mover Leaver processes
- Ensure automatic provisioning and revocation of access in critical systems
- Reduce accounts orphaned, inactive, and overprivileged
- Integrate IAM with authoritative sources (HR and identity sources)
- Define SLAs for deprovisioning and monitor compliance
- Establish access recertification governance
- Define governance framework for Privileged Access Management (PAM)
- Reduce permanent administrative privileges
- Implement Just in Time (JIT) and least privilege / Just Enough Access (JEA) principles
- Ensure privileged session monitoring and logging controls
- Coordinate with CSOC for identity-based detection cases
- Ensure MFA enforcement for critical systems and high-risk users
- Validate SSO and federation configurations
- Define authentication assurance levels based on risk
- Align identity controls with Zero Trust principles
- Ensure alignment IAM with:
- NIS2
- ISO 27001
- GDPR
- Internal Security Policies
- Support for internal and external audits
- Provide IAM records and remediation plans
- Track and remediate IAM non-conformities
- Assess the health of IAM/IdM platforms and lifecycle risks (EOL/EOS)
- Identify coverage gaps in applications and cloud environments
- Propose a modernization and improvement roadmap
- Lead the integration of new systems in the IAM area
- Close collaboration with:
- IT Operations
- Network Operations
- HR
- Application Owners
- Cloud & DevOps Teams
- CSOC
- Business teams
- Act as SME in the identity area during security incidents
- Ensure the inclusion of identity risks in the enterprise risk register
- 5–8+ years of experience in IAM or Identity Governance
- Experience in building or transforming IAM capabilities
- Hands-on experience with enterprise IAM platforms (SailPoint, Saviynt, OneIdentity, Okta, Microsoft Entra ID)
- Experience with PAM solutions (CyberArk, BeyondTrust)
- Strong knowledge of:
- RBAC / ABAC
- Segregation of Functions (SoD)
- SAML, OAuth2, OIDC
- LDAP / Active Directory
- MFA and conditional access policies
- Experience in regulated environments (telecom, financial, utilities – preferred)
- Experience in supporting audit and compliance programs
- Enterprise IAM architecture and design
- JML frameworks
- Governance models for privileged access
- Authentication and federation architecture (SSO, MFA, conditional access)
- IAM integration in cloud and hybrid environments
- Risk assessment and identity controls
- Logging, monitoring and traceability requirements for identity systems
- Ability to assess and improve the health of IAM platforms
- Risk-based thinking
- Ability to translate regulatory requirements into technical controls
- Structured documentation and records management
- Strong communication skills
- Proactivity and ownership orientation
- Ability to identify control deficiencies and propose solutions
- Strategic thinking and long-term planning
- Project management
- Teamwork and accurate reporting
- Problem-solving, negotiation, deadline orientation
- CISSP
- CISA
- CISM
- CIAM / Certified Identity and Access Manager
- Microsoft Certified: Identity and Access Administrator Associate
- CyberArk Defender / Sentry
- ISO 27001 Lead Implementer / Lead Auditor
What's In It For You
- Hybrid working regime 2 days from the office, 3 days remote
- Special discounts for Vodafone employees, Friends & Family offers
- Demo telephone subscription - unlimited (voice and data)
- Voucher for the purchase of a mobile phone
- Medical subscription to a top private clinic & other medical benefits
- Insurance for hospitalization and surgical interventions
- Life insurance
- Meal tickets
- Bookster subscription
- Participation in development programs and challenging projects in the leadership area
- Access to internal Wellbeing & Recognition events
- Extra vacation days (for seniority, special events, volunteering)
- You will benefit from specializations in your field of activity, through programs based on modern training methods and systems
Belonging at Vodafone isn't a concept; it's lived, breathed, and cultivated through everything we do. You'll be part of a global and diverse community, with many different minds, abilities, backgrounds and cultures. ;We're committed to increase diversity, ensure equal representation, and make Vodafone a place everyone feels safe, valued and included.
If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, please refer to https://careers.vodafone.com/application-adjustments/ for guidance.
Together we can.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search