Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : SailPoint IdentityIQ
Good to have skills : NA
Minimum 7.5 year(s) of experience is required
Educational Qualification : 15 years full time education

Summary:
The SailPoint IIQ SME serves as the organization s primary technical authority on Identity Governance and Administration (IGA), leading the design, implementation, and continuous improvement of the IdentityIQ platform to ensure secure, compliant, and efficient identity lifecycle management

Roles & Responsibilities:
- Serve as the technical lead and go-to expert for all SailPoint IIQ deployments, upgrades, and integrations
- Design and maintain the IIQ architecture including connectors, workflows, rules, and role models
- Lead platform upgrades, patch management, and environment migrations (Dev QA Prod)
- Define and implement Joiner-Mover-Leaver (JML) lifecycle processes
- Build and manage Role-Based Access Control (RBAC) frameworks and entitlement catalogs
- Develop and maintain Separation of Duties (SoD) policies and conflict matrices
- Design and run access certification/recertification campaigns
- Ensure alignment with regulatory frameworks such as SOX, HIPAA, GDPR, ISO 27001, and PCI-DSS
- Support internal and external audits by producing IIQ compliance reports and evidence packages
- Develop and maintain connectors for applications including Active Directory, LDAP, SAP, Workday, ServiceNow, Azure AD, and custom apps
- Integrate IIQ with ITSM, HRMS, and PAM tools via REST/SOAP APIs and flat-file feeds
- Write and maintain BeanShell/Java rules, custom workflows, email templates, and task definitions
- Develop custom reports and dashboards using Jasper Reports or IIQ s native reporting engine
- Maintain solution design documents, runbooks, and operational guides
- Define IAM policies, standards, and best practices for the organization
- Collaborate with business owners, application teams, HR, and security to gather and translate requirements into IIQ configurations
- Provide training and knowledge transfer to L1/L2 support teams
- Act as the escalation point for complex IAM incidents and service requests


Professional & Technical Skills:
- IIQ Modules: LCM, Compliance Manager, Workflows, Role Management, Provisioning
- Development: BeanShell, Java, XML, REST/SOAP APIs
- Directories: Active Directory, LDAP, Azure AD
- Connectors: SAP, Workday, ServiceNow, Oracle, flat-file, JDBC
- Compliance: SOX, HIPAA, GDPR, PCI-DSS audit support
- Databases: MySQL, MS SQL, or Oracle (for IIQ backend)
- Platforms: Linux/Windows server environments, Tomcat application server
- SailPoint Certified IdentityIQ Engineer or Architect certification
- Experience with SailPoint IdentityNow (cloud) or IIQ-to-IDN migration
- Familiarity with CyberArk, BeyondTrust, or other PAM tools
- Exposure to Zero Trust architecture principles
- ITIL Foundation certification
- Experience in large-scale enterprise environments (10,000+ identities)


Additional Information:
- The candidate should have minimum 8-11 years in IAM, with 5-7 years hands-on SailPoint IIQ
- This position is based at our Bengaluru office.
- A 15 years full time education is required.