Principal Identity Access Management Engineer

The Principal IAM Engineer will provide technical assistance and expertise in architecting, developing, and delivering IAM tools and process as prescribed by the internal IT frameworks and standards to deliver innovative, value-added technology and optimization of internal processes across Orbia’s environment globally.

This role will work closely with Orbia’s Infrastructure Teams, Application Teams to develop, design of the IAM environment, planning, implementing, managing, monitoring, and upgrading it for the protection of the organization’s data, systems, and networks. This role plays a pivotal role in performing gap analysis of the current IAM environment security postures against relevant industry benchmark’s and enabling the execution of a roadmap for strengthening controls in line with the organization risk appetite.

This role will work side by side with infrastructure, application, cybersecurity teams and other stake holders to handle complex design and development activities and escalations working with external vendor, as deemed necessary.

This role will work with Managed Service Providers to improve and develop new features or integration with the IAM environment and also to bring operational improvements for the tool.

This role has deep hands-on expertise with two or more Identity Access Management solutions like Sailpoint, AD / LDAP, EntraID, CyberArk and demonstrable knowledge of current technologies in authentication, federation, and identity management space, such as JML process, certification process, authentication and authorization concepts, OAuth 2.0, OpenID Connect, SAML, SCIM etc..

KEY RESPONSIBILITIES :

Design, implement, and maintain the organization's Identity and Access Management systems, including EntraID, SailPoint, Auth0, and Okta.

Development & execution of the IAM strategy across the infrastructure and Business applications

Implement IGA projects using SailPoint, including Application Onboarding, Access Certification, Identity and Account lifecycle events (Joiner / Mover / Leaver), as well as role and entitlement analysis

Develop and implement the CIAM (Customer Identity) strategy for the organization to ensure secure, seamless, and personalized digital experiences for customers, dealers, and service partners.

Define and execute a comprehensive IAM strategy for our IoT and digital products, aligning it with business objectives.

Identify and evaluate risks associated with IoT and digital product access management and design appropriate controls.

Evaluate and recommend security policies, procedures, and technical controls for identity and access management.

Ensure compliance with regulatory requirements and security best practices.

Collaborate with cross-functional teams to develop and maintain access control policies and procedures.

Develop and maintain documentation related to identity and access management systems.

Involved in conducting periodic access reviews and ensuring appropriate access is granted based on job responsibilities.

EDUCATION & EXPERIENCE :

Academic Level : Four-year college diploma or university degree in computer science or computer engineering or relevant experience

Language(s) and level of proficiency : English, Fluent (reading, writing and oral)

Minimum of 8 years of experience in Identity and Access Management.

Experience with identity and access management concepts and technologies such as IGA, PAM, SSO, MFA, Federation, and RBAC

Hands-on experience with EntraID or Okta / Auth0.

Strong understanding of cloud-based IAM technologies and concepts.

Experience with access control methodologies, tools, and techniques.

Knowledge of authentication protocols such as SAML, OAuth, OpenID Connect & PKI.

Strong analytical, problem-solving, and communication skills.

Ability to work independently and as part of a team in a fast-paced environment.

Ability to understand business impact and requirements and translate into system security architecture and engineering design.

Relevant certifications such as CIAM, CISSP, or equivalent IAM vendor-specific certifications

Experience with identity and access management in regulated industries such as manufacturing or finance is a plus.

Familiarity with IoT environments is an advantage

Competency with one or more scripting / programming languages (PowerShell, Python) or deployments of automated infrastructure using CI / CD platforms and IaC tools like Terraform

Experience with Cloud IAM (Azure, AWS, GCP etc..) is a plus.

Experience with Agile DevOps (e.g. SCRUM)

Understanding of API concepts, RESTful Services, and modern application interaction patterns