Talent.com
This job offer is not available in your country.
Senior Domain Lead-AD / IDAM & Email Lead / Architect

Senior Domain Lead-AD / IDAM & Email Lead / Architect

SUN PHARMAIndia
30+ days ago
Job description

Hi,

We are having an opening for Senior Domain Lead-AD / IDAM & Email Lead / Architect at our Mumbai location

Job Summary : We are seeking an accomplished and strategic Senior Domain Lead to oversee enterprise email and collaboration systems, Active Directory (AD), Identity & Access Management (IDAM), and their security and cloud integrations. The role focuses on end-to-end management and security governance across hybrid environments, ensuring scalable, secure, and compliant digital identity and collaboration infrastructure.

Areas Of Responsibility :

Key Responsibilities :

1. Infrastructure & Operations Management

  • Manage daily operations for Microsoft 365 (Exchange Online, Teams, SharePoint), Active Directory (on-prem and Azure AD), and domain services.
  • Ensure stability and performance of hybrid AD and collaboration systems through proactive monitoring and incident management.
  • Maintain internal and public DNS, DHCP, certificates, and domain name configurations.

2. Identity & Access Management (IDAM)

  • Own the implementation and operation of IDAM platforms supporting user lifecycle management, access provisioning, and deprovisioning.
  • Design and manage SSO, MFA, conditional access, and privileged access controls (PAM) using tools like Azure AD, SailPoint, or Saviynt.
  • Ensure proper RBAC models, access certifications, and policy enforcement across systems.
  • 3. Email & AD Security

  • Strengthen security posture of email systems by configuring and maintaining anti-phishing, DLP, spam filtering, and encryption tools (e.g., Microsoft Defender for Office 365, Mimecast, Proofpoint).
  • Implement and maintain DMARC, DKIM, SPF, and secure mail flow policies.
  • Lead AD security hardening, including Tiered Administration, Kerberos policies, ACL reviews, and delegation best practices.
  • Enforce least privilege, admin account separation, and monitoring of high-privilege actions (via SIEM or native auditing tools).
  • Key Responsibilities :

    1. Infrastructure & Operations Management

  • Manage daily operations for Microsoft 365 (Exchange Online, Teams, SharePoint), Active Directory (on-prem and Azure AD), and domain services.
  • Ensure stability and performance of hybrid AD and collaboration systems through proactive monitoring and incident management.
  • Maintain internal and public DNS, DHCP, certificates, and domain name configurations.
  • 2. Identity & Access Management (IDAM)

  • Own the implementation and operation of IDAM platforms supporting user lifecycle management, access provisioning, and deprovisioning.
  • Design and manage SSO, MFA, conditional access, and privileged access controls (PAM) using tools like Azure AD, SailPoint, or Saviynt.
  • Ensure proper RBAC models, access certifications, and policy enforcement across systems.
  • 3. Email & AD Security

  • Strengthen security posture of email systems by configuring and maintaining anti-phishing, DLP, spam filtering, and encryption tools (e.g., Microsoft Defender for Office 365, Mimecast, Proofpoint).
  • Implement and maintain DMARC, DKIM, SPF, and secure mail flow policies.
  • Lead AD security hardening, including Tiered Administration, Kerberos policies, ACL reviews, and delegation best practices.
  • Enforce least privilege, admin account separation, and monitoring of high-privilege actions (via SIEM or native auditing tools).
  • Partner with SOC and Security teams to respond to identity and email-related threats or incidents.
  • 4. Cloud Integration & Identity Governance

  • Administer and secure cloud identity solutions across Azure, Microsoft 365, and third-party SaaS platforms.
  • Align hybrid AD and Azure AD with cloud security frameworks and Zero Trust principles.
  • Manage B2B / B2C identities, OAuth / SAML integrations, and conditional access policies for external partners.
  • 5. Projects & Transformation

  • Lead initiatives such as :
  • Email platform migration or consolidation (e.g., from on-prem to M365),
  • Deployment of IDAM platforms,
  • Secure collaboration tool rollouts,
  • Cloud-first identity transformations.
  • Define project scope, success metrics, resource plans, and stakeholder engagement strategy.
  • 6. Compliance, Governance & Risk Management

  • Define and maintain governance frameworks for collaboration, identity, and directory services.
  • Ensure alignment with compliance standards (e.g., GDPR, ISO 27001, HIPAA, SOX).
  • Conduct periodic access reviews, admin audits, and mailbox permissions checks.
  • Own documentation, runbooks, and policy lifecycle management.
  • 7. Vendor & License Management

  • Manage third-party service providers and tools across email security, cloud identity, and collaboration suites.
  • Oversee licensing, renewals, and performance reviews.
  • Evaluate and onboard new solutions as per evolving enterprise needs.
  • 8. Leadership & People Management

  • Lead a team of email, AD, cloud, and IDAM specialists.
  • Assign responsibilities, set goals, and promote cross-skilling and upskilling.
  • Ensure availability through structured support models, escalation procedures, and documentation.
  • Educational Qualification : Degree or appropriate professional qualification

    Specific Certification :

    Certification & Trainings on following technology domains :

  • Microsoft Certified : Enterprise Administrator Expert
  • Microsoft Certified : Identity and Access Administrator Associate
  • Azure Administrator / Security Engineer Associate
  • Certified Information Systems Security Professional (CISSP) optional but a plus
  • ITIL Foundation / Intermediate
  • Project Management Certification (PMP / Prince2)
  • Experience : 12-15 Years of experience
  • Skill (Functional & Behavioural) :

    Technical Skills :

  • Microsoft 365 administration : Exchange, Teams, SharePoint, Defender for O365
  • Hybrid AD and Azure AD, including AD Connect, GPOs, DNS, DHCP
  • PowerShell scripting for automation and reporting
  • Identity tools : SailPoint, Okta, Saviynt, Azure AD Premium
  • Email security protocols : SPF, DKIM, DMARC
  • Email filtering & security : Defender, Mimecast, Proofpoint
  • AD security best practices and hardening (LAPS, tiering, auditing)
  • Cloud identity and app integration (OAuth, SAML)
  • Soft Skills :

  • Strong leadership, communication, and cross-functional collaboration
  • High attention to detail, especially around security and compliance
  • Problem-solving under pressure and with complex systems
  • Strategic thinking with a proactive mindset toward continuous improvement
  • Pharma industry experience is an advantage.
  • Create a job alert for this search

    Domain • India